# IntelliJ
.idea/*
*.iml
+
+# Mac OS
+*DS_Store*
company: 'ATT'
id: 'jh245g'
timezone: 'America/New York'
- - name: 'Mike Elliott'
- email: 'mike.elliott@amdocs.com'
- company: 'Amdocs'
- id: 'melliott'
- timezone: 'Canada/Ontario'
+ - name: 'David Sauvageau'
+ email: 'david.sauvageau@bell.ca'
+ company: 'Bell'
+ id: 'david.sauvageau'
+ timezone: 'Canada/Montreal'
- name: 'Mandeep Khinda'
email: 'Mandeep.Khinda@amdocs.com'
company: 'Amdocs'
Kubeadm or Cloudify - and public cloud infrastructures such as: Microsoft Azure,
Amazon AWS, Google GCD, VMware VIO, and Openstack.
-The OOM documentation is broken into four different areas each targeted at a differnet user:
+The OOM documentation is broken into four different areas each targeted at a different user:
- :ref:`quick-start-label` - deploy ONAP on an existing cloud
- :ref:`user-guide-label` - a guide for operators of an ONAP instance
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/cm"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_cm","sleep","0","cd /opt/app/aaf;bin/cm"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_cm:2.1.5
+image: onap/aaf/aaf_cm:2.1.6
aaf_register_as: "aaf-cm.onap"
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_cass:2.1.5-SNAPSHOT
+image: onap/aaf/aaf_cass:2.1.7-SNAPSHOT
pullPolicy: Always
# application configuration
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/fs"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_fs","sleep","0","cd /opt/app/aaf;bin/fs"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_fs:2.1.5
+image: onap/aaf/aaf_fs:2.1.6
aaf_register_as: "aaf-fs.onap"
pullPolicy: Always
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/gui"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_gui","sleep","0","cd /opt/app/aaf;bin/gui"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_gui:2.1.5
+image: onap/aaf/aaf_gui:2.1.6
aaf_register_as: "aaf-gui.onap"
pullPolicy: Always
- name: {{ include "common.name" . }}-config-container
image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: {{ include "common.name" . }}-config-vol
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/hello"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_hello","sleep","0","cd /opt/app/aaf;bin/hello"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_hello:2.1.5
+image: onap/aaf/aaf_hello:2.1.6
aaf_register_as: "aaf-hello.onap"
pullPolicy: Always
- name: {{ include "common.name" . }}-config-container
image: "{{ include "common.repository" . }}/{{ .Values.global.configImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
volumeMounts:
- mountPath: "/opt/app/osaaf"
name: {{ include "common.name" . }}-config-vol
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/locate"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_locate","sleep","0","cd /opt/app/aaf;bin/locate"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_locate:2.1.5
+image: onap/aaf/aaf_locate:2.1.6
aaf_register_as: "aaf-locate.onap"
pullPolicy: Always
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/oauth"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_oauth","sleep","0","cd /opt/app/aaf;bin/oauth"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_oauth:2.1.5
+image: onap/aaf/aaf_oauth:2.1.6
aaf_register_as: "aaf-oauth.onap"
pullPolicy: Always
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
containers:
- name: {{ include "common.name" . }}
- command: ["/bin/bash","/opt/app/aaf/bin/service"]
+ command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_service","sleep","0","cd /opt/app/aaf;bin/service"]
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/aaf_service:2.1.5
+image: onap/aaf/aaf_service:2.1.6
aaf_register_as: "aaf-service.onap"
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/smsquorumclient:3.0.0
+image: onap/aaf/smsquorumclient:3.0.1
pullPolicy: Always
# flag to enable debugging - application support required
requests:
cpu: 10m
memory: 100Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
{
"name": "aai",
"values": {
- "username": "OOF",
- "password": "OOF"
+ "username": "oof@oof.onap.org",
+ "password": "demo123456!"
}
},
{
"aafpass": "c0nduct0r",
"aafns": "conductor"
}
+ },
+ {
+ "name": "aaf_api",
+ "values": {
+ "username": "aaf_admin@people.osaaf.org",
+ "password": "demo123456!",
+ "aaf_conductor_user": "oof@oof.onap.org"
+ }
}
]
}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aaf/sms:3.0.0
+image: onap/aaf/sms:3.0.1
pullPolicy: Always
# flag to enable debugging - application support required
requests:
cpu: 10m
memory: 100Mi
- unlimited: {}
\ No newline at end of file
+ unlimited: {}
readinessImage: readiness-check:2.0.0
ubuntuInitRepository: registry.hub.docker.com
ubuntuInitImage: oomk8s/ubuntu-init:2.0.0
- configImage: onap/aaf/aaf_config:2.1.5-SNAPSHOT
+ configImage: onap/aaf/aaf_config:2.1.6
persistence:
enabled: true
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
{{- end }}
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - aai-cassandra
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
ports:
{{ if .Values.global.installSidecarSecurity }}
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.global.rproxy.port }}
+ - port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ targetPort: {{ .Values.global.rproxy.port }}
name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
# application image
repository: nexus3.onap.org:10001
-image: onap/aai-resources:1.3.0
+image: onap/aai-resources:1.3.1
pullPolicy: Always
restartPolicy: Always
flavor: small
# application image
repository: nexus3.onap.org:10001
-image: onap/aai-traversal:1.3.0
+image: onap/aai-traversal:1.3.1
pullPolicy: Always
restartPolicy: Always
flavor: small
}
ODL_HOME=${ODL_HOME:-/opt/opendaylight/current}
-ODL_ADMIN_PASSWORD=${ODL_ADMIN_PASSWORD:-admin}
SDNC_HOME=${SDNC_HOME:-/opt/onap/ccsdk}
APPC_HOME=${APPC_HOME:-/opt/onap/appc}
SLEEP_TIME=${SLEEP_TIME:-120}
MYSQL_PASSWD=${MYSQL_PASSWD:-{{.Values.config.mariadbRootPassword}}}
ENABLE_ODL_CLUSTER=${ENABLE_ODL_CLUSTER:-false}
-ENABLE_AAF=${ENABLE_AAF:-false}
-AAF_EXT_IP=${AAF_EXT_IP:-{{.Values.config.aafExtIP}}}
-AAF_EXT_FQDN=${AAF_EXT_FQDN:-{{.Values.config.aafExtFQDN}}}
+ENABLE_AAF=${ENABLE_AAF:-true}
appcInstallStartTime=$(date +%s)
echo "Copying the aaa shiro configuration into opendaylight"
if $ENABLE_AAF
then
- echo "${AAF_EXT_IP} ${AAF_EXT_FQDN}" >> /etc/hosts
cp ${APPC_HOME}/data/properties/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
else
cp ${APPC_HOME}/data/aaa-app-config.xml ${ODL_HOME}/etc/opendaylight/datastore/initial/config/aaa-app-config.xml
<urls>
<pair-key>/auth/**</pair-key>
<!-- <pair-value>authcBasic, roles[admin], dynamicAuthorization</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/config/aaa-cert-mdsal**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operational/aaa-cert-mdsal**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operations/aaa-cert-rpc**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/config/aaa-authn-model**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operational/aaa-authn-model**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/restconf/operations/cluster-admin**</pair-key>
<!-- <pair-value>authcBasic, roles[admin]</pair-value> -->
- <pair-value>authcBasic, roles[org.onap.appc.odl|odl-admin|*]</pair-value>
+ <pair-value>authcBasic, roles[org.onap.appc.odl|odl-api|*]</pair-value>
</urls>
<urls>
<pair-key>/**</pair-key>
#
# Certificate keystore and truststore
#
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/ccsdk/data/stores/truststore.onap.client.jks
-org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=adminadmin
-org.onap.ccsdk.sli.adaptors.aai.host.certificate.ignore=true
+org.onap.ccsdk.sli.adaptors.aai.ssl.trust=/opt/onap/appc/data/stores/truststoreONAPall.jks
+org.onap.ccsdk.sli.adaptors.aai.ssl.trust.psswd=changeit
+org.onap.ccsdk.sli.adaptors.aai.ssl.key=/opt/onap/appc/data/stores/truststoreONAPall.jks
+org.onap.ccsdk.sli.adaptors.aai.ssl.key.psswd=changeit
-org.onap.ccsdk.sli.adaptors.aai.client.name=SDNC
-org.onap.ccsdk.sli.adaptors.aai.client.psswd=SDNC
+org.onap.ccsdk.sli.adaptors.aai.client.name=appc@appc.onap.org
+org.onap.ccsdk.sli.adaptors.aai.client.psswd=demo123456!
org.onap.ccsdk.sli.adaptors.aai.application=openECOMP
connection.timeout=60000
appc.demo.threads.queuesize.max=1000
appc.demo.threads.poolsize.min=1
appc.demo.threads.poolsize.max=2
-appc.demo.provider.user=admin
+appc.demo.provider.user={{.Values.config.odlUser}}
appc.demo.provider.pass={{.Values.config.odlPassword}}
appc.demo.provider.url=http://localhost:8181/restconf/operations/appc-provider
-appc.provider.vfodl.url=http://admin:{{.Values.config.odlPassword}}@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/
+appc.provider.vfodl.url=http://{{.Values.config.odlUser}}:{{.Values.config.odlPassword}}@{{.Values.service.name}}:{{.Values.service.externalPort}}/restconf/config/network-topology:network-topology/topology/topology-netconf/node/NODE_NAME/yang-ext:mount/sample-plugin:sample-plugin/pg-streams/
# The properties right below are needed to properly call the Master DG to serve demo purposes
appc.service.logic.module.name=APPC
appc.LCM.topic.read=APPC-LCM-READ
appc.LCM.topic.write=APPC-LCM-WRITE
appc.LCM.client.name=APPC-EVENT-LISTENER-TEST
-appc.LCM.provider.user=admin
+appc.LCM.provider.user={{.Values.config.odlUser}}
appc.LCM.provider.pass={{.Values.config.odlPassword}}
appc.LCM.provider.url=http://localhost:8181/restconf/operations/appc-provider-lcm
appc.LCM.scopeOverlap.endpoint=http://localhost:8181/restconf/operations/interfaces-service:execute-service
# properties from appc-netconf-adapter-bundle, appc-dg-common, appc-dmaap-adapter-bundle
poolMembers=message-router.{{.Release.Namespace}}:3904
event.pool.members=message-router.{{.Release.Namespace}}:3904
-restconf.user=admin
+restconf.user={{.Values.config.odlUser}}
restconf.pass={{.Values.config.odlPassword}}
appc.OAM.topic.read=testOAM
appc.OAM.topic.write=testOAM
appc.OAM.client.name=testOAM
-appc.OAM.provider.user=admin
+appc.OAM.provider.user={{.Values.config.odlUser}}
appc.OAM.provider.pass={{.Values.config.odlPassword}}
--- /dev/null
+###
+# ============LICENSE_START=======================================================
+# APPC
+# ================================================================================
+# Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+###
+#hostname=localhost
+
+cadi_loglevel=INFO
+
+############################################################
+# Properties Generated by AT&T Certificate Manager
+# @copyright 2016, AT&T
+############################################################
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
+cadi_keyfile=/opt/onap/appc/data/stores/org.onap.appc.keyfile
+cadi_keystore=/opt/onap/appc/data/stores/org.onap.appc.p12
+cadi_keystore_password=enc:4DVUTKvRCCtebQrKskDsuKFIHLzOf2M9XxNOhVIK4xb
+#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)>
+cadi_alias=appc@appc.onap.org
+cadi_truststore=/opt/onap/appc/data/stores/truststoreONAPall.jks
+cadi_truststore_password=enc:O3Vtv5e77OQWJ_OiLC9Atj3ngyYfulRK519JYFmbKl7
+
+##
+## org.osaaf.location.props
+##
+## Localized Machine Information
+##
+# Almeda California ?
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
+
+# Locate URL (which AAF Env)
+aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095
+
+# AAF URL
+aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+
+# AAF Environment Designation
+aaf_env=DEV
+
+# OAuth2 Endpoints
+aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
################################################################################
#
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
+# ============LICENSE_START=======================================================
+# ONAP : APPC
+# ================================================================================
+# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
#
################################################################################
- mountPath: /opt/onap/appc/data/properties/aaiclient.properties
name: onap-appc-data-properties
subPath: aaiclient.properties
+ - mountPath: /opt/onap/appc/data/properties/cadi.properties
+ name: onap-appc-data-properties
+ subPath: cadi.properties
- mountPath: /opt/onap/appc/data/properties/aaa-app-config.xml
name: onap-appc-data-properties
subPath: aaa-app-config.xml
# application configuration
config:
- aafExtIP: 127.0.0.1
- aafExtFQDN: aaf-onap-beijing-test.osaaf.org
ansibleServiceName: appc-ansible-server
ansiblePort: 8000
mariadbRootPassword: secretpassword
mysqlDatabase: my-database
mariadbGaleraSVCName: appc-dbhost
mariadbGaleraContName: appc-db
- enableAAF: false
- enableClustering: true
+ enableAAF: true
+ enableClustering: false
configDir: /opt/onap/appc/data/properties
dmaapTopic: SUCCESS
logstashServiceName: log-ls
logstashPort: 5044
- odlPassword: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+ odlPassword: demo123456!
openStackType: OpenStackProvider
openStackName: OpenStack
openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
openStackDomain: default
openStackUserName: admin
openStackEncryptedPassword: admin
+ odlUser: appc@appc.onap.org
appc-ansible-server:
service:
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-kibana:3.0.0
+image: onap/clamp-dashboard-kibana:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp-dashboard-logstash:3.0.0
+image: onap/clamp-dashboard-logstash:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
PRIMARY KEY (invariant_service_id)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+CREATE TABLE IF NOT EXISTS tosca_model (
+ tosca_model_id VARCHAR(36) NOT NULL,
+ tosca_model_name VARCHAR(80) NOT NULL,
+ policy_type VARCHAR(80) NULL,
+ user_id VARCHAR(80),
+ timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (tosca_model_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
+CREATE TABLE IF NOT EXISTS tosca_model_revision (
+ tosca_model_revision_id VARCHAR(36) NOT NULL,
+ tosca_model_id VARCHAR(36) NOT NULL,
+ version DOUBLE NOT NULL DEFAULT 1,
+ tosca_model_yaml MEDIUMTEXT NULL,
+ tosca_model_json MEDIUMTEXT NULL,
+ user_id VARCHAR(80),
+ createdTimestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ lastUpdatedTimestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (tosca_model_revision_id),
+ CONSTRAINT tosca_model_revision_ukey UNIQUE KEY (tosca_model_id, version),
+ CONSTRAINT tosca_model_revision_fkey01 FOREIGN KEY (tosca_model_id) REFERENCES tosca_model (tosca_model_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
+CREATE TABLE IF NOT EXISTS dictionary (
+ dictionary_id VARCHAR(36) NOT NULL,
+ dictionary_name VARCHAR(80) NOT NULL,
+ created_by VARCHAR(80),
+ modified_by VARCHAR(80),
+ timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (dictionary_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
+CREATE TABLE IF NOT EXISTS dictionary_elements (
+ dict_element_id VARCHAR(36) NOT NULL,
+ dictionary_id VARCHAR(36) NOT NULL,
+ dict_element_name VARCHAR(250) NOT NULL,
+ dict_element_short_name VARCHAR(80) NOT NULL,
+ dict_element_description VARCHAR(250),
+ dict_element_type VARCHAR(80) NOT NULL,
+ created_by VARCHAR(80),
+ modified_by VARCHAR(80),
+ timestamp TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+ PRIMARY KEY (dict_element_id),
+ CONSTRAINT dictionary_elements_ukey UNIQUE KEY (dict_element_name, dict_element_short_name),
+ CONSTRAINT dictionary_elements_ukey_fkey01 FOREIGN KEY (dictionary_id) REFERENCES dictionary (dictionary_id)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
ALTER TABLE template
ADD CONSTRAINT template_bpmn_id_fkey01
FOREIGN KEY (template_bpmn_id)
DROP PROCEDURE IF EXISTS get_model_template;
DROP PROCEDURE IF EXISTS set_template;
DROP PROCEDURE IF EXISTS get_template;
+DROP PROCEDURE IF EXISTS del_model;
+DROP PROCEDURE IF EXISTS set_new_tosca_model_version;
+DROP PROCEDURE IF EXISTS set_tosca_model;
+DROP PROCEDURE IF EXISTS set_dictionary;
+DROP PROCEDURE IF EXISTS set_dictionary_elements;
DELIMITER //
CREATE PROCEDURE get_template
(IN v_template_name VARCHAR(80),
UPDATE event
SET process_instance_id = v_process_instance_id
WHERE event_id = v_event_id;
-END
+END;
+CREATE PROCEDURE del_model
+(IN v_model_name VARCHAR(80))
+BEGIN
+ DECLARE v_model_id VARCHAR(36);
+ SELECT model_id INTO v_model_id from model where model_name = v_model_name;
+ UPDATE model set event_id = null, model_blueprint_id = null, model_prop_id = null where model_id = v_model_id;
+ DELETE from event where model_id = v_model_id;
+ DELETE from model_blueprint where model_id = v_model_id;
+ DELETE from model_properties where model_id = v_model_id;
+ DELETE from model where model_id = v_model_id;
+END;
+
+CREATE PROCEDURE set_new_tosca_model_version
+ (IN v_tosca_model_id VARCHAR(36),
+ IN v_version DOUBLE,
+ IN v_tosca_model_yaml MEDIUMTEXT,
+ IN v_tosca_model_json MEDIUMTEXT,
+ IN v_user_id VARCHAR(80),
+ OUT v_revision_id VARCHAR(36))
+BEGIN
+ SET v_revision_id = UUID();
+ INSERT INTO tosca_model_revision
+ (tosca_model_revision_id, tosca_model_id, version, tosca_model_yaml, tosca_model_json, user_id)
+ VALUES (v_revision_id, v_tosca_model_id, v_version, v_tosca_model_yaml, v_tosca_model_json, v_user_id);
+END;
+
+CREATE PROCEDURE set_tosca_model
+ (IN v_tosca_model_name VARCHAR(80),
+ IN v_policy_type VARCHAR(80),
+ IN v_user_id VARCHAR(80),
+ IN v_tosca_model_yaml MEDIUMTEXT,
+ IN v_tosca_model_json MEDIUMTEXT,
+ IN v_version DOUBLE,
+ OUT v_tosca_model_id VARCHAR(36),
+ OUT v_revision_id VARCHAR(36))
+BEGIN
+ SET v_tosca_model_id = UUID();
+ INSERT INTO tosca_model
+ (tosca_model_id, tosca_model_name, policy_type, user_id)
+ VALUES (v_tosca_model_id, v_tosca_model_name, v_policy_type, v_user_id);
+ SET v_revision_id = UUID();
+ INSERT INTO tosca_model_revision
+ (tosca_model_revision_id, tosca_model_id, version, tosca_model_yaml, tosca_model_json, user_id)
+ VALUES (v_revision_id, v_tosca_model_id, v_version, v_tosca_model_yaml, v_tosca_model_json, v_user_id);
+END;
+
+CREATE PROCEDURE set_dictionary
+ (IN v_dictionary_name VARCHAR(80),
+ IN v_user_id VARCHAR(80),
+ OUT v_dictionary_id VARCHAR(36))
+BEGIN
+ SET v_dictionary_id = UUID();
+ INSERT INTO dictionary
+ (dictionary_id, dictionary_name, created_by, modified_by)
+ VALUES (v_dictionary_id, v_dictionary_name, v_user_id, v_user_id);
+END;
+
+CREATE PROCEDURE set_dictionary_elements
+ (IN v_dictionary_id VARCHAR(36),
+ IN v_dict_element_name VARCHAR(250),
+ IN v_dict_element_short_name VARCHAR(80),
+ IN v_dict_element_description VARCHAR(250),
+ IN v_dict_element_type VARCHAR(80),
+ IN v_user_id VARCHAR(80),
+ OUT v_dict_element_id VARCHAR(36))
+BEGIN
+ SET v_dict_element_id = UUID();
+ INSERT INTO dictionary_elements
+ (dict_element_id, dictionary_id, dict_element_name, dict_element_short_name, dict_element_description, dict_element_type, created_by, modified_by)
+ VALUES (v_dict_element_id, v_dictionary_id, v_dict_element_name, v_dict_element_short_name, v_dict_element_description, v_dict_element_type, v_user_id, v_user_id);
+END;
//
DELIMITER ;
DROP TABLE template_image;
DROP TABLE template_bpmn;
DROP TABLE template;
+
+DROP TABLE dictionary_elements;
+DROP TABLE dictionary;
+DROP TABLE tosca_model_revision;
+DROP TABLE tosca_model;
+
# application image
repository: nexus3.onap.org:10001
-image: onap/clamp:3.0.0
+image: onap/clamp:3.0.2
pullPolicy: Always
# flag to enable debugging - application support required
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
{{- end }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-externalConfig
+ name: {{ include "common.fullname" . }}-external-config
namespace: {{ include "common.namespace" . }}
data:
- my_extra.cnf: |-
-{{ toYaml .Values.externalConfig | indent 4 }}
+ my_extra.cnf: |
+{{ .Values.externalConfig | indent 4 }}
{{- end -}}
\ No newline at end of file
{{- if .Values.externalConfig }}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-externalConfig
+ name: {{ include "common.fullname" . }}-external-config
{{- end}}
- name: localtime
hostPath:
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
{{- end }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
+ name: {{ include "common.fullname" . }}
{{- if .Values.persistence.annotations }}
annotations:
{{ toYaml .Values.persistence.annotations | indent 4 }}
resources:
requests:
storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
storageClassName: "{{ include "common.fullname" . }}-data"
{{- end -}}
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: MUSIC - Multi-site State Coordination Service
+name: music
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: Cassandra Job - Run CQL Scripts after Cassandra Starts.
+name: music-cassandra-job
+version: 3.0.0
+
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
\ No newline at end of file
--- /dev/null
+CREATE KEYSPACE IF NOT EXISTS admin
+ WITH REPLICATION = {
+ 'class' : '{{.Values.cql.keyspace.replicationClass}}',
+ 'replication_factor': {{.Values.cql.keyspace.replicationFactor}}
+ }
+ AND DURABLE_WRITES = true;
+
+CREATE TABLE IF NOT EXISTS admin.keyspace_master (
+ uuid uuid,
+ keyspace_name text,
+ application_name text,
+ is_api boolean,
+ password text,
+ username text,
+ is_aaf boolean,
+ PRIMARY KEY (uuid)
+);
+
+describe keyspaces;
--- /dev/null
+CREATE ROLE IF NOT EXISTS {{.Values.cql.adminUser.username}}
+WITH PASSWORD = '{{.Values.cql.adminUser.password}}'
+AND SUPERUSER = true
+AND LOGIN = true;
+
+ALTER ROLE cassandra
+WITH PASSWORD = '{{.Values.cql.adminUser.passwordReplace}}';
+
--- /dev/null
+CREATE KEYSPACE testks
+ WITH REPLICATION = {
+ 'class' : '{{.Values.cql.keyspace.replicationClass}}',
+ 'replication_factor': {{.Values.cql.keyspace.replicationFactor}}
+ }
+ AND DURABLE_WRITES = true;
+
+CREATE TABLE testks.keyspace_master_table (
+ uuid uuid,
+ keyspace_name text,
+ application_name text,
+ is_api boolean,
+ password text,
+ username text,
+ is_aaf boolean,
+ PRIMARY KEY (uuid)
+);
+
+DESCRIBE KEYSPACES;
+DESCRIBE keyspace testks;
+SELECT * FROM system_auth.roles;
+DROP keyspace testks;
+
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cql
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/cql/*").AsConfig . | indent 2 }}
+
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-extra-cql
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/cql/extra/*").AsConfig . | indent 2 }}
+
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-config
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - music-cassandra
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}-update-job
+ image: "{{ .Values.global.repository }}/{{ .Values.job.cassandra.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: CASS_HOSTNAME
+ value: "{{ .Values.job.host }}"
+ - name: USERNAME
+ value: "{{ .Values.cql.adminUser.username }}"
+ - name: PORT
+ value: "{{ .Values.job.port }}"
+ - name: PASSWORD
+ value: "{{ .Values.cql.adminUser.password }}"
+ - name: TIMEOUT
+ value: "{{ .Values.job.timeout }}"
+ - name: DELAY
+ value: "{{ .Values.job.delay }}"
+ volumeMounts:
+ # Admin cql Files that setup Admin Keyspace and Change Admin user.
+ - name: {{ include "common.name" . }}-cql
+ mountPath: /cql/admin.cql
+ subPath: admin.cql
+ - name: {{ include "common.name" . }}-cql
+ mountPath: /cql/admin_pw.cql
+ subPath: admin_pw.cql
+ # This is where Apps or MISC will put any of their own startup cql scripts.
+ - name: {{ include "common.name" . }}-extra-cql
+ mountPath: /cql/extra
+ volumes:
+ - name: {{ include "common.name" . }}-cql
+ configMap:
+ name: {{ include "common.fullname" . }}-cql
+ - name: {{ include "common.name" . }}-extra-cql
+ configMap:
+ name: {{ include "common.fullname" . }}-extra-cql
+ restartPolicy: Never
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Default values for cassandra.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+ pullPolicy: Always
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+ replicaCount: 3
+
+job:
+ host: music-cassandra
+ port: 9042
+ busybox:
+ image: library/busybox:latest
+ cassandra:
+ image: onap/music/cassandra_job:3.0.23
+ timeout: 30
+ delay: 120
+cql:
+ keyspace:
+ replicationClass: "SimpleStrategy"
+ replicationFactor: 3
+ adminUser:
+ username: nelson24
+ password: nelson24
+ passwordReplace: A2C4E6G8I0J2L4O6Q8S0U2W4Y6
+
+podManagementPolicy: OrderedReady
+updateStrategy:
+ type: OnDelete
+
+ingress:
+ enabled: false
+
+tolerations: []
+
+affinity: {}
+
+persistence:
+ enabled: true
+
+resources:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 1
+ memory: 1Gi
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP - Cassandra Database
+name: music-cassandra
+version: 3.0.0
+
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+spec:
+ type: {{ .Values.service.type }}
+ # Not working, open k8s bug: https://github.com/kubernetes/kubernetes/issues/58662
+ publishNotReadyAddresses: true
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.internalPort3 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
+ name: {{ .Values.service.portName3 }}
+ {{- else -}}
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ clusterIP: None
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - {{ .Chart.Name }}
+ topologyKey: kubernetes.io/hostname
+ serviceName: {{ include "common.servicename" . }}
+ replicas: {{ .Values.replicaCount }}
+ podManagementPolicy: {{ .Values.podManagementPolicy }}
+ updateStrategy:
+ type: {{ .Values.updateStrategy.type }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ .Values.global.repository }}/{{ .Values.image.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ - containerPort: {{ .Values.service.internalPort3 }}
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -c
+ - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ timeoutSeconds: {{ .Values.liveness.periodSeconds }}
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/bin/sh", "-c", "PID=$(pidof java) && kill $PID && while ps -p $PID > /dev/null; do sleep 1; done"]
+ env:
+ {{- $seed_size := default 1 .Values.replicaCount | int -}}
+ {{- $global := . }}
+ - name: MAX_HEAP_SIZE
+ value: {{ .Values.config.heap.max }}
+ - name: HEAP_NEWSIZE
+ value: {{ .Values.config.heap.min }}
+ - name: CASSANDRA_SEEDS
+ value: "{{- range $i, $e := until $seed_size }}{{ template "common.fullname" $global }}-{{ $i }}.{{ include "common.servicename" $global }}{{- if (lt ( add 1 $i ) $seed_size ) }},{{- end }}{{- end }}"
+ - name: JVM_OPTS
+ value: {{ .Values.config.jvmOpts | quote }}
+ - name: CASSANDRA_CLUSTER_NAME
+ value: {{ .Values.config.clusterName | quote }}
+ - name: CASSANDRA_DC
+ value: {{ .Values.config.dataCenter | quote }}
+ - name: CASSANDRA_RACK
+ value: {{ .Values.config.rackName | quote }}
+ - name: CASSANDRA_AUTO_BOOTSTRAP
+ value: {{ .Values.config.autoBootstrap | quote }}
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: {{ template "common.name" . }}-data
+ mountPath: /var/lib/cassandra
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ {{- if not .Values.persistence.enabled }}
+ - name: {{ template "common.name" . }}-data
+ emptyDir: {}
+ {{- else }}
+ volumeClaimTemplates:
+ - metadata:
+ name: {{ template "common.name" . }}-data
+ labels:
+ app: {{ template "common.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ annotations:
+ volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }}
+ spec:
+ storageClassName: {{ .Values.persistence.storageClass }}
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ {{- end }}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ if .Values.persistence.enabled }}
+{{- $root := . -}}
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
+ labels:
+ type: {{ $root.Values.persistence.storageType }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
+spec:
+ capacity:
+ storage: {{ $root.Values.persistence.size }}
+ accessModes:
+ - {{ $root.Values.persistence.accessMode }}
+ hostPath:
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ $root.Chart.Name }}"
+ topologyKey: kubernetes.io/hostname
+{{ end }}
+{{ end }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-# Default values for mariadb.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
-global: # global defaults
+global:
nodePortPrefix: 302
- persistence: {}
+ pullPolicy: Always
+ repository: nexus3.onap.org:10001
-# application image
-repository: nexus3.onap.org:10001
-image: onap/music/cassandra_music:3.0.0
-pullPolicy: Always
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
-# application configuration
-config:
- cassandraUsername: root
- cassandraPassword: Aa123456
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
-# default number of instances
-replicaCount: 1
+replicaCount: 3
-nodeSelector: {}
+# Cassandra Image - This image is modified from the original on
+# Docker Hub where the Security has been turned on.
+# When logging into DB the default username and password are 'cassandra'
+# kubectl exec -it <cassandra-n> -n <namespace> cqlsh -u cassandra -p cassandra
+image:
+ image: onap/music/cassandra_3_11:3.0.23
+ pullPolicy: Always
-affinity: {}
+# Cassandra ENV configuration
+config:
+ heap:
+ max: 512M
+ min: 100M
+ jvmOpts: -Dcassandra.consistent.rangemovement=false
+ clusterName: music-cluster
+ dataCenter: onap-1
+ rackName: Rack1
+ autoBootstrap: true
+ ports:
+ cql: 9042
+ thrift: 9160
+ # If a JVM Agent is in place
+ # agent: 61621
+
+service:
+ expose: true
+ type: ClusterIP
+ name: music-cassandra
+ internalPort: 9042
+ portName: cql
+ internalPort2: 9160
+ portName2: thrift
+ internalPort3: 61621
+ portName3: agent
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 16Gi
- cpu: 8000m
- requests:
- memory: 8Gi
- cpu: 4000m
- large:
- limits:
- memory: 32Gi
- cpu: 16000m
- requests:
- memory: 16Gi
- cpu: 8000m
- unlimited: {}
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 120
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
initialDelaySeconds: 10
periodSeconds: 10
-## Persist data to a persitent volume
+podManagementPolicy: OrderedReady
+updateStrategy:
+ type: OnDelete
+
+ingress:
+ enabled: false
+
+tolerations: []
+
persistence:
enabled: true
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
- # storageClass: "-"
- accessMode: ReadWriteMany
+ ## storageClass: "-"
+ accessMode: ReadWriteOnce
size: 2Gi
- mountPath: /dockerdata-nfs
- mountSubPath: oof/cassandra/data
-service:
- type: ClusterIP
- name: oof-has-cassandra
- portName: oof-has-cassandra
- externalPort: 9160
- internalPort: 9160
- externalPort2: 7000
- internalPort2: 7000
- externalPort3: 7001
- internalPort3: 7001
- externalPort4: 7199
- internalPort4: 7199
- externalPort5: 9042
- internalPort5: 9042
+ mountPath: /dockerdata-nfs/
+ mountSubPath: common/cassandra/data
+ storageType: local
+ storageClass: ""
-ingress:
- enabled: false
+resources:
+ limits:
+ cpu: 4
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 4Gi
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP - MUSIC Tomcat Container
+name: music-tomcat
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+my.public.ip=localhost
+all.public.ips=localhost
+my.id=0
+all.ids=0
+### Host Info ###
+zookeeper.host={{.Values.properties.zookeeperHost}}
+cassandra.host={{.Values.properties.cassandraHost}}
+### User Info ###
+cassandra.user={{.Values.properties.cassandraUser}}
+cassandra.password={{.Values.properties.cassandraPassword}}
+### AAF Endpoint ###
+aaf.endpoint.url={{.Values.properties.aafEndpointUrl}}
+### Admin API ###
+# AAF UAT
+aaf.admin.url={{.Values.properties.aafAdminUrl}}
+# AAF PROD
+admin.aaf.role={{.Values.properties.adminAafRole}}
+music.namespace={{.Values.properties.musicNamespace}}
--- /dev/null
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: extensions/v1beta1
kind: Deployment
release: {{ .Release.Name }}
spec:
initContainers:
+ - name: {{ include "common.name" . }}-zookeeper-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - zookeeper
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: {{ include "common.name" . }}-cassandra-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
# War Container
- - name: "{{ include "common.name" . }}-war"
- image: "{{ include "common.repository" . }}/{{ .Values.warImage }}" #"
- command: ["cp","/app/MUSIC.war","/webapps"]
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- volumeMounts:
- - mountPath: /webapps
- name: shared-data
+ - name: "{{ .Chart.Name }}-war"
+ image: "{{ include "common.repository" . }}/{{ .Values.warImage }}"
+ command: ["cp","/app/MUSIC.war","/webapps"]
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ volumeMounts:
+ - mountPath: /webapps
+ name: shared-data
containers:
# Tomcat Container
- - name: {{ include "common.name" . }}
- image: "{{ include "common.repository" . }}/{{ .Values.image }}" #"
+ - name: "{{ include "common.name" . }}"
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- resources:
-{{ include "common.resources" . | indent 12 }}
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
- name: properties-music
mountPath: /opt/app/music/etc/music.properties
subPath: music.properties
- - name: properties-music
- mountPath: /opt/app/music/startup.sh
- subPath: startup.sh
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
volumes:
- name: shared-data
emptyDir: {}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+{{/*
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
+*/}}
apiVersion: v1
kind: Service
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.internalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.externalPort }}
+ - port: {{ .Values.service.externalPort }}
+ nodePort: {{ .Values.global.nodePortPrefixExt | default .Values.nodePortPrefixExt }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- {{- end}}
name: {{ .Values.service.portName }}
+ {{- end}}
selector:
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ nodePortPrefixExt: 304
+ repository: nexus3.onap.org:10001
+
+ # readiness check
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+ # logging agent
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: library/tomcat:8.5
+pullPolicy: Always
+warImage: onap/music/music:3.0.23
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# application configuration
+config:
+ usernameCassandra: cassandra1
+ passwordCassandra: cassandra1
+
+# default number of instances
+replicaCount: 3
+
+job:
+ host: cassandra
+ port: 9042
+ busybox:
+ image: library/busybox:latest
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ name: music-tomcat
+ externalPort: 8080
+ internalPort: 8080
+ nodePort: 76
+ portName: tomcat
+ingress:
+ enabled: false
+
+#resources: {}
+resources:
+ limits:
+ cpu: 2
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 1Gi
+
+
+properties:
+ zookeeperHost: zookeeper
+ cassandraHost: music-cassandra
+ cassandraUser: nelson24
+ cassandraPassword: nelson24
+
+ # Admin API
+ # ONAP AAF
+ aafAdminUrl:
+
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+name: zookeeper
+home: https://zookeeper.apache.org/
+version: 1.0.2
+appVersion: 3.4.10
+description: Centralized service for maintaining configuration information, naming,
+ providing distributed synchronization, and providing group services.
+icon: https://zookeeper.apache.org/images/zookeeper_small.gif
+sources:
+- https://github.com/apache/zookeeper
+- https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
+maintainers:
+- name: lachie83
+ email: lachlan.evenson@microsoft.com
+- name: kow3ns
+ email: owensk@google.com
--- /dev/null
+approvers:
+- lachie83
+- kow3ns
+reviewers:
+- lachie83
+- kow3ns
--- /dev/null
+# incubator/zookeeper
+
+This helm chart provides an implementation of the ZooKeeper [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/) found in Kubernetes Contrib [Zookeeper StatefulSet](https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper).
+
+## Prerequisites
+* Kubernetes 1.6+
+* PersistentVolume support on the underlying infrastructure
+* A dynamic provisioner for the PersistentVolumes
+* A familiarity with [Apache ZooKeeper 3.4.x](https://zookeeper.apache.org/doc/current/)
+
+## Chart Components
+This chart will do the following:
+
+* Create a fixed size ZooKeeper ensemble using a [StatefulSet](http://kubernetes.io/docs/concepts/abstractions/controllers/statefulsets/).
+* Create a [PodDisruptionBudget](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-disruption-budget/) so kubectl drain will respect the Quorum size of the ensemble.
+* Create a [Headless Service](https://kubernetes.io/docs/concepts/services-networking/service/) to control the domain of the ZooKeeper ensemble.
+* Create a Service configured to connect to the available ZooKeeper instance on the configured client port.
+* Optionally apply a [Pod Anti-Affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature) to spread the ZooKeeper ensemble across nodes.
+* Optionally start JMX Exporter and Zookeeper Exporter containers inside Zookeeper pods.
+* Optionally create a job which creates Zookeeper chroots (e.g. `/kafka1`).
+
+## Installing the Chart
+You can install the chart with the release name `zookeeper` as below.
+
+```console
+$ helm repo add incubator http://storage.googleapis.com/kubernetes-charts-incubator
+$ helm install --name zookeeper incubator/zookeeper
+```
+
+If you do not specify a name, helm will select a name for you.
+
+### Installed Components
+You can use `kubectl get` to view all of the installed components.
+
+```console{%raw}
+$ kubectl get all -l app=zookeeper
+NAME: zookeeper
+LAST DEPLOYED: Wed Apr 11 17:09:48 2018
+NAMESPACE: default
+STATUS: DEPLOYED
+
+RESOURCES:
+==> v1beta1/PodDisruptionBudget
+NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE
+zookeeper N/A 1 1 2m
+
+==> v1/Service
+NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
+zookeeper-headless ClusterIP None <none> 2181/TCP,3888/TCP,2888/TCP 2m
+zookeeper ClusterIP 10.98.179.165 <none> 2181/TCP 2m
+
+==> v1beta1/StatefulSet
+NAME DESIRED CURRENT AGE
+zookeeper 3 3 2m
+```
+
+1. `statefulsets/zookeeper` is the StatefulSet created by the chart.
+1. `po/zookeeper-<0|1|2>` are the Pods created by the StatefulSet. Each Pod has a single container running a ZooKeeper server.
+1. `svc/zookeeper-headless` is the Headless Service used to control the network domain of the ZooKeeper ensemble.
+1. `svc/zookeeper` is a Service that can be used by clients to connect to an available ZooKeeper server.
+
+## Configuration
+You can specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```console
+$ helm install --name my-release -f values.yaml incubator/zookeeper
+```
+
+## Default Values
+
+- You can find all user-configurable settings, their defaults and commentary about them in [values.yaml](values.yaml).
+
+## Deep Dive
+
+## Image Details
+The image used for this chart is based on Ubuntu 16.04 LTS. This image is larger than Alpine or BusyBox, but it provides glibc, rather than ulibc or mucl, and a JVM release that is built against it. You can easily convert this chart to run against a smaller image with a JVM that is built against that image's libc. However, as far as we know, no Hadoop vendor supports, or has verified, ZooKeeper running on such a JVM.
+
+## JVM Details
+The Java Virtual Machine used for this chart is the OpenJDK JVM 8u111 JRE (headless).
+
+## ZooKeeper Details
+The ZooKeeper version is the latest stable version (3.4.10). The distribution is installed into /opt/zookeeper-3.4.10. This directory is symbolically linked to /opt/zookeeper. Symlinks are created to simulate a rpm installation into /usr.
+
+## Failover
+You can test failover by killing the leader. Insert a key:
+```console
+$ kubectl exec zookeeper-0 -- /opt/zookeeper/bin/zkCli.sh create /foo bar;
+$ kubectl exec zookeeper-2 -- /opt/zookeeper/bin/zkCli.sh get /foo;
+```
+
+Watch existing members:
+```console
+$ kubectl run --attach bbox --image=busybox --restart=Never -- sh -c 'while true; do for i in 0 1 2; do echo zk-${i} $(echo stats | nc <pod-name>-${i}.<headless-service-name>:2181 | grep Mode); sleep 1; done; done';
+
+zk-2 Mode: follower
+zk-0 Mode: follower
+zk-1 Mode: leader
+zk-2 Mode: follower
+```
+
+Delete Pods and wait for the StatefulSet controller to bring them back up:
+```console
+$ kubectl delete po -l app=zookeeper
+$ kubectl get po --watch-only
+NAME READY STATUS RESTARTS AGE
+zookeeper-0 0/1 Running 0 35s
+zookeeper-0 1/1 Running 0 50s
+zookeeper-1 0/1 Pending 0 0s
+zookeeper-1 0/1 Pending 0 0s
+zookeeper-1 0/1 ContainerCreating 0 0s
+zookeeper-1 0/1 Running 0 19s
+zookeeper-1 1/1 Running 0 40s
+zookeeper-2 0/1 Pending 0 0s
+zookeeper-2 0/1 Pending 0 0s
+zookeeper-2 0/1 ContainerCreating 0 0s
+zookeeper-2 0/1 Running 0 19s
+zookeeper-2 1/1 Running 0 41s
+```
+
+Check the previously inserted key:
+```console
+$ kubectl exec zookeeper-1 -- /opt/zookeeper/bin/zkCli.sh get /foo
+ionid = 0x354887858e80035, negotiated timeout = 30000
+
+WATCHER::
+
+WatchedEvent state:SyncConnected type:None path:null
+bar
+```
+
+## Scaling
+ZooKeeper can not be safely scaled in versions prior to 3.5.x. This chart currently uses 3.4.x. There are manual procedures for scaling a 3.4.x ensemble, but as noted in the [ZooKeeper 3.5.2 documentation](https://zookeeper.apache.org/doc/r3.5.2-alpha/zookeeperReconfig.html) these procedures require a rolling restart, are known to be error prone, and often result in a data loss.
+
+While ZooKeeper 3.5.x does allow for dynamic ensemble reconfiguration (including scaling membership), the current status of the release is still alpha, and 3.5.x is therefore not recommended for production use.
+
+## Limitations
+* StatefulSet and PodDisruptionBudget are beta resources.
+* Only supports storage options that have backends for persistent volume claims.
--- /dev/null
+Thank you for installing ZooKeeper on your Kubernetes cluster. More information
+about ZooKeeper can be found at https://zookeeper.apache.org/doc/current/
+
+Your connection string should look like:
+ {{ template "common.fullname" . }}-0.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},{{ template "common.fullname" . }}-1.{{ template "common.fullname" . }}-headless:{{ .Values.service.ports.client.port }},...
+
+You can also use the client service {{ template "common.fullname" . }}:{{ .Values.service.ports.client.port }} to connect to an available ZooKeeper server.
--- /dev/null
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "common.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "common.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "zookeeper.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
--- /dev/null
+{{- if .Values.exporters.jmx.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-jmx-exporter
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ config.yml: |-
+ hostPort: 127.0.0.1:{{ .Values.env.JMXPORT }}
+ lowercaseOutputName: {{ .Values.exporters.jmx.config.lowercaseOutputName }}
+ rules:
+{{ .Values.exporters.jmx.config.rules | toYaml | indent 6 }}
+ ssl: false
+ startDelaySeconds: {{ .Values.exporters.jmx.config.startDelaySeconds }}
+{{- end }}
--- /dev/null
+{{- if .Values.jobs.chroots.enabled }}
+{{- $root := . }}
+{{- $job := .Values.jobs.chroots }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ template "common.fullname" . }}-chroots
+ annotations:
+ "helm.sh/hook": post-install,post-upgrade
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: jobs
+ job: chroots
+spec:
+ activeDeadlineSeconds: {{ $job.activeDeadlineSeconds }}
+ backoffLimit: {{ $job.backoffLimit }}
+ completions: {{ $job.completions }}
+ parallelism: {{ $job.parallelism }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
+ component: jobs
+ job: chroots
+ spec:
+ restartPolicy: {{ $job.restartPolicy }}
+ containers:
+ - name: main
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - /bin/bash
+ - -o
+ - pipefail
+ - -euc
+ {{- $port := .Values.service.ports.client.port }}
+ - >
+ sleep 15;
+ export SERVER={{ template "common.fullname" $root }}:{{ $port }};
+ {{- range $job.config.create }}
+ echo '==> {{ . }}';
+ echo '====> Create chroot if does not exist.';
+ zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid'
+ || zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} create {{ . }} "";
+ echo '====> Confirm chroot exists.';
+ zkCli.sh -server {{ template "common.fullname" $root }}:{{ $port }} get {{ . }} 2>&1 >/dev/null | grep 'cZxid';
+ echo '====> Chroot exists.';
+ {{- end }}
+ env:
+ {{- range $key, $value := $job.env }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ resources:
+{{ toYaml $job.resources | indent 12 }}
+{{- end -}}
--- /dev/null
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "common.fullname" . }}
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: server
+spec:
+ selector:
+ matchLabels:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
+ component: server
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "common.fullname" . }}-headless
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ clusterIP: None
+ ports:
+{{- range $key, $port := .Values.ports }}
+ - name: {{ $key }}
+ port: {{ $port.containerPort }}
+ targetPort: {{ $port.name }}
+ protocol: {{ $port.protocol }}
+{{- end }}
+ selector:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ .Values.service.name }}
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+{{- with .Values.service.annotations }}
+{{ toYaml . | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{- range $key, $value := .Values.service.ports }}
+ - name: {{ $key }}
+{{ toYaml $value | indent 6 }}
+ {{- end }}
+ selector:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+apiVersion: apps/v1beta1
+kind: StatefulSet
+metadata:
+ name: {{ template "common.fullname" . }}
+ labels:
+ app: {{ template "common.name" . }}
+ chart: {{ .Chart.Name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ component: server
+spec:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 1
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: app
+ operator: In
+ values:
+ - "{{ .Chart.Name }}"
+ serviceName: {{ template "common.fullname" . }}-headless
+ replicas: {{ .Values.replicaCount }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ selector:
+ matchLabels:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
+ component: server
+ updateStrategy:
+{{ toYaml .Values.updateStrategy | indent 4 }}
+ template:
+ metadata:
+ labels:
+ app: {{ template "common.name" . }}
+ release: {{ .Release.Name }}
+ component: server
+ {{- if .Values.podLabels }}
+ ## Custom pod labels
+ {{- range $key, $value := .Values.podLabels }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ annotations:
+ {{- if .Values.podAnnotations }}
+ ## Custom pod annotations
+ {{- range $key, $value := .Values.podAnnotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ spec:
+{{- if .Values.schedulerName }}
+ schedulerName: "{{ .Values.schedulerName }}"
+{{- end }}
+ securityContext:
+{{ toYaml .Values.securityContext | indent 8 }}
+ containers:
+
+ - name: zookeeper
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command:
+ - /bin/bash
+ - -xec
+ - zkGenConfig.sh && exec zkServer.sh start-foreground
+ ports:
+{{- range $key, $port := .Values.ports }}
+ - name: {{ $key }}
+{{ toYaml $port | indent 14 }}
+{{- end }}
+ livenessProbe:
+{{ toYaml .Values.livenessProbe | indent 12 }}
+ readinessProbe:
+{{ toYaml .Values.readinessProbe | indent 12 }}
+ env:
+ - name: ZK_REPLICAS
+ value: {{ .Values.replicaCount | quote }}
+ {{- range $key, $value := .Values.env }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ resources:
+{{ include "common.resources" . }}
+ volumeMounts:
+ - name: zookeeper-data
+ mountPath: /var/lib/zookeeper
+
+{{- if .Values.exporters.jmx.enabled }}
+ - name: jmx-exporter
+ image: "{{ .Values.exporters.jmx.image.repository }}:{{ .Values.exporters.jmx.image.tag }}"
+ imagePullPolicy: {{ .Values.exporters.jmx.image.pullPolicy }}
+ ports:
+ {{- range $key, $port := .Values.exporters.jmx.ports }}
+ - name: {{ $key }}
+{{ toYaml $port | indent 14 }}
+ {{- end }}
+ livenessProbe:
+{{ toYaml .Values.exporters.jmx.livenessProbe | indent 12 }}
+ readinessProbe:
+{{ toYaml .Values.exporters.jmx.readinessProbe | indent 12 }}
+ env:
+ - name: SERVICE_PORT
+ value: {{ .Values.exporters.jmx.ports.jmxxp.containerPort | quote }}
+ {{- with .Values.exporters.jmx.env }}
+ {{- range $key, $value := . }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.exporters.jmx.resources | indent 12 }}
+ volumeMounts:
+ - name: config-jmx-exporter
+ mountPath: /opt/jmx_exporter/config.yml
+ subPath: config.yml
+{{- end }}
+
+{{- if .Values.exporters.zookeeper.enabled }}
+ - name: zookeeper-exporter
+ image: "{{ .Values.exporters.zookeeper.image.repository }}:{{ .Values.exporters.zookeeper.image.tag }}"
+ imagePullPolicy: {{ .Values.exporters.zookeeper.image.pullPolicy }}
+ args:
+ - -bind-addr=:{{ .Values.exporters.zookeeper.ports.zookeeperxp.containerPort }}
+ - -metrics-path={{ .Values.exporters.zookeeper.path }}
+ - -zookeeper=localhost:{{ .Values.ports.client.containerPort }}
+ - -log-level={{ .Values.exporters.zookeeper.config.logLevel }}
+ - -reset-on-scrape={{ .Values.exporters.zookeeper.config.resetOnScrape }}
+ ports:
+ {{- range $key, $port := .Values.exporters.zookeeper.ports }}
+ - name: {{ $key }}
+{{ toYaml $port | indent 14 }}
+ {{- end }}
+ livenessProbe:
+{{ toYaml .Values.exporters.zookeeper.livenessProbe | indent 12 }}
+ readinessProbe:
+{{ toYaml .Values.exporters.zookeeper.readinessProbe | indent 12 }}
+ env:
+ {{- range $key, $value := .Values.exporters.zookeeper.env }}
+ - name: {{ $key | upper | replace "." "_" }}
+ value: {{ $value | quote }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.exporters.zookeeper.resources | indent 12 }}
+{{- end }}
+
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if (or .Values.exporters.jmx.enabled (not .Values.persistence.enabled)) }}
+ volumes:
+ {{- if .Values.exporters.jmx.enabled }}
+ - name: config-jmx-exporter
+ configMap:
+ name: {{ .Release.Name }}-jmx-exporter
+ {{- end }}
+ {{- if not .Values.persistence.enabled }}
+ - name: zookeeper-data
+ emptyDir: {}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: zookeeper-data
+ labels:
+ app: {{ .Chart.Name }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ annotations:
+ volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass }}
+ spec:
+ storageClassName: {{ .Values.persistence.storageClass }}
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ release: "{{ .Release.Name }}"
+ {{- end }}
--- /dev/null
+{{ if .Values.persistence.enabled }}
+{{- $root := . -}}
+{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+ name: {{ $root.Release.Name }}-{{ $root.Values.service.name }}-{{ $i }}
+ namespace: {{ $root.Release.Namespace }}
+ labels:
+ type: {{ $root.Values.persistence.storageType }}
+ app: {{ $root.Values.service.name }}
+ chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
+ release: {{ $root.Release.Name }}
+ heritage: {{ $root.Release.Service }}
+spec:
+ capacity:
+ storage: {{ $root.Values.persistence.size }}
+ accessModes:
+ - {{ $root.Values.persistence.accessMode }}
+ hostPath:
+ path: {{ $root.Values.persistence.mountPath }}/{{ $root.Release.Name }}/{{ $root.Values.persistence.mountSubPath }}-{{$i}}
+ persistentVolumeReclaimPolicy: {{ $root.Values.persistence.volumeReclaimPolicy }}
+{{ end }}
+{{ end }}
--- /dev/null
+## As weighted quorums are not supported, it is imperative that an odd number of replicas
+## be chosen. Moreover, the number of replicas should be either 1, 3, 5, or 7.
+##
+## ref: https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper#stateful-set
+replicaCount: 3 # Desired quantity of ZooKeeper pods. This should always be (1,3,5, or 7)
+
+podDisruptionBudget:
+ maxUnavailable: 1 # Limits how many Zokeeper pods may be unavailable due to voluntary disruptions.
+
+terminationGracePeriodSeconds: 1800 # Duration in seconds a Zokeeper pod needs to terminate gracefully.
+
+## OnDelete requires you to manually delete each pod when making updates.
+## This approach is at the moment safer than RollingUpdate because replication
+## may be incomplete when replication source pod is killed.
+##
+## ref: http://blog.kubernetes.io/2017/09/kubernetes-statefulsets-daemonsets.html
+updateStrategy:
+ type: OnDelete # Pods will only be created when you manually delete old pods.
+
+## refs:
+## - https://github.com/kubernetes/contrib/tree/master/statefulsets/zookeeper
+## - https://github.com/kubernetes/contrib/blob/master/statefulsets/zookeeper/Makefile#L1
+image:
+ #repository: nexus3.onap.org:10001/library/zookeeper
+ #tag: 3.3
+ repository: gcr.io/google_samples/k8szk # Container image repository for zookeeper container.
+ tag: v3 # Container image tag for zookeeper container.
+ pullPolicy: IfNotPresent # Image pull criteria for zookeeper container.
+
+service:
+ name: zookeeper
+ type: ClusterIP # Exposes zookeeper on a cluster-internal IP.
+ annotations: {} # Arbitrary non-identifying metadata for zookeeper service.
+ ## AWS example for use with LoadBalancer service type.
+ # external-dns.alpha.kubernetes.io/hostname: zookeeper.cluster.local
+ # service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "true"
+ ports:
+ client:
+ port: 2181 # Service port number for client port.
+ targetPort: client # Service target port for client port.
+ protocol: TCP # Service port protocol for client port.
+
+
+ports:
+ client:
+ containerPort: 2181 # Port number for zookeeper container client port.
+ protocol: TCP # Protocol for zookeeper container client port.
+ election:
+ containerPort: 3888 # Port number for zookeeper container election port.
+ protocol: TCP # Protocol for zookeeper container election port.
+ server:
+ containerPort: 2888 # Port number for zookeeper container server port.
+ protocol: TCP # Protocol for zookeeper container server port.
+
+# Resource Limit flavor -By Default using small
+flavor: large
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 1Gi
+ requests:
+ cpu: 500m
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 3
+ memory: 2Gi
+ requests:
+ cpu: 2
+ memory: 1Gi
+ unlimited: {}
+
+nodeSelector: {} # Node label-values required to run zookeeper pods.
+
+tolerations: [] # Node taint overrides for zookeeper pods.
+
+affinity: {} # Criteria by which pod label-values influence scheduling for zookeeper pods.
+affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - topologyKey: "kubernetes.io/hostname"
+ labelSelector:
+ matchLabels:
+ release: zookeeper
+
+podAnnotations: {} # Arbitrary non-identifying metadata for zookeeper pods.
+
+podLabels: {} # Key/value pairs that are attached to zookeeper pods.
+
+livenessProbe:
+ exec:
+ command:
+ - zkOk.sh
+ initialDelaySeconds: 20
+
+readinessProbe:
+ exec:
+ command:
+ - zkOk.sh
+ initialDelaySeconds: 20
+
+securityContext:
+ fsGroup: 1000
+ #runAsUser: 1000
+
+persistence:
+ enabled: true
+ ## zookeeper data Persistent Volume Storage Class
+ ## If defined, storageClassName: <storageClass>
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack)
+ ##
+ volumeReclaimPolicy: Retain
+ accessMode: ReadWriteOnce
+ mountPath: /dockerdata-nfs
+ mountSubPath: music/zookeeper
+ storageType: local
+ storageClass: ""
+ size: 4Gi
+
+## Exporters query apps for metrics and make those metrics available for
+## Prometheus to scrape.
+exporters:
+
+ jmx:
+ enabled: false
+ image:
+ repository: sscaling/jmx-prometheus-exporter
+ tag: 0.3.0
+ pullPolicy: IfNotPresent
+ config:
+ lowercaseOutputName: false
+ rules:
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+)><>(\\w+)"
+ name: "zookeeper_$2"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+)><>(\\w+)"
+ name: "zookeeper_$3"
+ labels:
+ replicaId: "$2"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+)><>(\\w+)"
+ name: "zookeeper_$4"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+ - pattern: "org.apache.ZooKeeperService<name0=ReplicatedServer_id(\\d+), name1=replica.(\\d+), name2=(\\w+), name3=(\\w+)><>(\\w+)"
+ name: "zookeeper_$4_$5"
+ labels:
+ replicaId: "$2"
+ memberType: "$3"
+ startDelaySeconds: 30
+ env: {}
+ resources: {}
+ path: /metrics
+ ports:
+ jmxxp:
+ containerPort: 9404
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: jmxxp
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: jmxxp
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+
+ zookeeper:
+ enabled: false
+ image:
+ repository: josdotso/zookeeper-exporter
+ tag: v1.1.2
+ pullPolicy: IfNotPresent
+ config:
+ logLevel: info
+ resetOnScrape: "true"
+ env: {}
+ resources: {}
+ path: /metrics
+ ports:
+ zookeeperxp:
+ containerPort: 9141
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /metrics
+ port: zookeeperxp
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+ readinessProbe:
+ httpGet:
+ path: /metrics
+ port: zookeeperxp
+ initialDelaySeconds: 30
+ periodSeconds: 15
+ timeoutSeconds: 60
+ failureThreshold: 8
+ successThreshold: 1
+
+env:
+
+ ## Options related to JMX exporter.
+ JMXAUTH: "false"
+ JMXDISABLE: "false"
+ JMXPORT: 1099
+ JMXSSL: "false"
+
+ ## The port on which the server will accept client requests.
+ ZK_CLIENT_PORT: 2181
+
+ ## The port on which the ensemble performs leader election.
+ ZK_ELECTION_PORT: 3888
+
+ ## The JVM heap size.
+ ZK_HEAP_SIZE: 2G
+
+ ## The number of Ticks that an ensemble member is allowed to perform leader
+ ## election.
+ ZK_INIT_LIMIT: 5
+
+ ## The Log Level that for the ZooKeeper processes logger.
+ ## Choices are `TRACE,DEBUG,INFO,WARN,ERROR,FATAL`.
+ ZK_LOG_LEVEL: INFO
+
+ ## The maximum number of concurrent client connections that
+ ## a server in the ensemble will accept.
+ ZK_MAX_CLIENT_CNXNS: 60
+
+ ## The maximum session timeout that the ensemble will allow a client to request.
+ ## Upstream default is `20 * ZK_TICK_TIME`
+ ZK_MAX_SESSION_TIMEOUT: 40000
+
+ ## The minimum session timeout that the ensemble will allow a client to request.
+ ## Upstream default is `2 * ZK_TICK_TIME`.
+ ZK_MIN_SESSION_TIMEOUT: 4000
+
+ ## The delay, in hours, between ZooKeeper log and snapshot cleanups.
+ ZK_PURGE_INTERVAL: 0
+
+ ## The port on which the leader will send events to followers.
+ ZK_SERVER_PORT: 2888
+
+ ## The number of snapshots that the ZooKeeper process will retain if
+ ## `ZK_PURGE_INTERVAL` is set to a value greater than `0`.
+ ZK_SNAP_RETAIN_COUNT: 3
+
+ ## The number of Tick by which a follower may lag behind the ensembles leader.
+ ZK_SYNC_LIMIT: 10
+
+ ## The number of wall clock ms that corresponds to a Tick for the ensembles
+ ## internal time.
+ ZK_TICK_TIME: 2000
+
+jobs:
+ chroots:
+ enabled: false
+ activeDeadlineSeconds: 300
+ backoffLimit: 5
+ completions: 1
+ config:
+ create: []
+ # - /kafka
+ # - /ureplicator
+ env: []
+ parallelism: 1
+ resources: {}
+ restartPolicy: Never
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+# default number of instances
+replicaCount: 3
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+resources: {}
+
resources:
requests:
storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
{{ end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
#{{ end }}
# application image
repository: nexus3.onap.org:10001
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:1.4.5
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
config_binding_service: onap/org.onap.dcaegen2.platform.configbinding.app-app:2.2.3
datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.0.3
deployment_handler: onap/org.onap.dcaegen2.platform.deployment-handler:3.0.3
- holmes_rules: onap/holmes/rule-management:1.2.0
- holmes_engine: onap/holmes/engine-management:1.2.0
+ holmes_rules: onap/holmes/rule-management:1.2.3
+ holmes_engine: onap/holmes/engine-management:1.2.2
inventory: onap/org.onap.dcaegen2.platform.inventory-api:3.0.4
policy_handler: onap/org.onap.dcaegen2.platform.policy-handler:4.4.0
service_change_handler: onap/org.onap.dcaegen2.platform.servicechange-handler:1.1.5
# Kubernetes namespace for components deployed via Cloudify manager
# If empty, use the common namespace
# dcae_ns: "onap"
-
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: true
+ # liveness not desirable for Cloudify Manager container
+ enabled: false
readiness:
initialDelaySeconds: 10
resources:
requests:
storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
{
+{{ if eq .Values.fixedTopicNamespace true }}
+ "dmaapName": "mr",
+{{- else -}}
"dmaapName": "{{ include "common.namespace" . }}",
+{{- end}}
"drProvUrl": "https://dmaap-dr-prov:8443",
"version": "1",
"topicNsRoot": "org.onap.dmaap",
adminUser: aaf_admin@people.osaaf.org
adminPwd: demo123456!
+# for Casablanca default deployment, leave this true to
+# get a topic namespace that matches MR. When set to false,
+# it will compose the topic namespace using the kubernetes namespace value
+fixedTopicNamespace: true
+
nodeSelector: {}
affinity: {}
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/dmaap/dmaap-mr:1.1.7
+image: onap/dmaap/dmaap-mr:1.1.8
pullPolicy: Always
kafka:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-gui:1.1.0
+image: onap/aai/esr-gui:1.2.1
pullPolicy: Always
msbaddr: msb-iag.{{ include "common.namespace" . }}:80
# application image
repository: nexus3.onap.org:10001
-image: onap/aai/esr-server:1.1.0
+image: onap/aai/esr-server:1.2.1
pullPolicy: Always
msbaddr: msb-iag.{{ include "common.namespace" . }}:80
directory. If the application is a common reusable Helm Chart (eg. mariadb), a
more appropriate location might be the oom/kubernetes/common directory.
-Edit each yaml file in the new Helm Chart directoy, substituing real values
-for those inside brackets (eg. `<onap-app>`). Some comments have been provided in
+Edit each yaml file in the new Helm Chart directory, substituting real values
+for those inside brackets (e.g. `<onap-app>`). Some comments have been provided in
the file to help guide changes that need to be made. This starter Helm Chart is
in no way complete. It can serve as the basis for creating a new Helm Chart that
attempts to apply Helm best practices to ONAP applications being configured,
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/multicloud/azure:1.2.0-SNAPSHOT
+image: onap/multicloud/azure:1.2.0
pullPolicy: Always
#Istio sidecar injection policy
version: ~3.0.0
repository: '@local'
condition: vnfsdk.enabled
+ - name: vvp
+ version: ~3.0.0
+ repository: '@local'
+ condition: vvp.enabled
enabled: false
vnfsdk:
enabled: false
+vvp:
+ enabled: false
enabled: true
vnfsdk:
enabled: true
+vvp:
+ enabled: false
make-has:
cd charts && helm dep up oof-has
+ cd charts && helm dep up oof-cmso
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: OOF-HAS Cassandra
-name: oof-has-cassandra
+description: Chart for Change Management Service Orchestrator (CMSO)
+name: oof-cmso
version: 3.0.0
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP OOF Zookeeper
-name: oof-has-zookeeper
+description: Chart for Change Management Service Orchestrator (CMSO) Service
+name: oof-cmso-service
version: 3.0.0
--- /dev/null
+
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+###
+
+### MySQL DB.
+spring.datasource.url=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+cmso.database.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+spring.jpa.show-sql=true
+spring.jpa.hibernate.ddl-auto=none
+spring.jpa.hibernate.naming.strategy=org.hibernate.cfg.EJB3NamingStrategy
+spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect
+spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
+spring.jpa.hibernate.id.new_generator_mappings=false
+hibernate.id.new_generator_mappings=false
+
+logging.level.org.hibernate.SQL=TRACE
+
+logging.level.org.hibernate=TRACE
+
+#
+cmso.aaf.enabled=false
+
+# Enable swagger - Enable in development and test only
+cmso.swagger.enabled=true
+
+# Enable schedule immediate to be dispatched without ticket approvals
+# Has no effect when in vTM loopback mode as always approved.
+cmso.cm.dispatch.immediate.enabled = true
+
+# NUmber of seconds between sniro dispatch jobs
+cmso.optimizer.job.interval.ms=10000
+
+# NUmber of seconds between change management cmso polling jobs
+# Controls frequenct of polling to the ChangeManagementScheduler table...
+cmso.cm.polling.job.interval.ms=10000
+# How many management cmso polling intervals to look ahead to dispatch
+# (To account for possible latency of the polling job)
+cmso.cm.polling.job.lookahead.intervals=5
+# Lead time before event time to enable dispatcher to
+# test that it is safe to dispatch (i.e. meeting reminder lead time)
+cmso.cm.dispatcher.lead.time.ms=5000
+# Lead time to prepare and call VID to dispatch work to MSO
+# Includes latency from VID call to the start of the workflow
+cmso.cm.dispatch.lead.time.ms=1000
+
+# Interval between polling to check status of schedules in Notifications Initiated status
+cmso.status.job.interval.ms=60000
+
+org.quartz.jobStore.class=org.quartz.simpl.RAMJobStore
+
+loopback.mso.requestId=dummy123
+
+so.polling.interval.ms=10000
+#mso.user=cmso@onap.org
+#mso.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
+
+## loopback settings
+so.url=http://localhost:8080/cmso/v1/loopbacktest/onap/so/infra/orchestrationRequests/v7
+so.user=cmso@onap.org
+so.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
+
+mechid.user=cmso@onap.org
+mechid.pass=enc:bfodXf8qRfCqMvlxVBYNWQ==
+
+cmso.dispatch.url=http://localhost:8089
--- /dev/null
+###
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the ââ?¬Å"Licenseââ?¬);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+###
+spring.datasource.jdbcUrl=jdbc:mariadb://${DB_HOST}:${DB_PORT}/${DB_SCHEMA}?createDatabaseIfNotExist=true
+spring.datasource.driver-class-name=org.mariadb.jdbc.Driver
+spring.datasource.username=${DB_USERNAME}
+spring.datasource.password=${DB_PASSWORD}
+
+spring.datasource.initialize=false
+spring.datasource.tomcat.max-wait=10000
+spring.datasource.tomcat.initialSize=5
+spring.datasource.tomcat.max-active=25
+spring.datasource.tomcat.test-on-borrow=true
+
+
+#changeLogFile=calendar-liquibase-changeLog.xml
+changeLogFile=cmso-liquibase-changeLog.xml
+
+
+#spring.main.web-environment=false
+#outputChangeLogFile=src/main/resources/cmso-output-changelog.xml
+#url=jdbc:mariadb://localhost:3306/calendar
+#url=jdbc:mysql://localhost:3306/cmso
+#username=root
+#password=root
+#driver=org.mariadb.jdbc.Driver
+#driver=com.mysql.jdbc.Driver
--- /dev/null
+<?xml version = "1.0" encoding = "UTF-8" ?>
+<!--
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+-->
+<included>
+ <jmxConfigurator />
+ <!-- Example evaluator filter applied against console appender -->
+<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
+ <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <encoder>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="ERROR"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <file>${logDirectory}/error2.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>${defaultPattern}</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${outputDirectory}/cmso/error.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+
+ <appender name="DEBUG"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/debug.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
+ <fileNamePattern>${outputDirectory}/cmso/debug.%d{yyyy-MM-dd}.%i.log.zip</fileNamePattern>
+ <maxFileSize>50MB</maxFileSize>
+ <maxHistory>30</maxHistory>
+ <totalSizeCap>10GB</totalSizeCap>
+ </rollingPolicy>
+ </appender>
+
+
+ <appender name="AUDIT"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/audit.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/audit.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFAudit"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="AUDIT" />
+ </appender>
+
+ <appender name="METRIC"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/metric.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{TargetVirtualEntity}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|
+ %msg%n</pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/metric.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFMetrics"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="METRIC" />
+ </appender>
+
+ <!-- SECURITY related loggers -->
+ <appender name="SECURITY"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/security.log</file>
+ <append>true</append>
+ <encoder>
+ <pattern>%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%.20thread|%X{VirtualServerName}|%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDescription}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ElapsedTime}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Unused}|%X{ProcessKey}|%X{CustomField1}|%X{CustomField2}|%X{CustomField3}|%X{CustomField4}|%msg%n
+ </pattern>
+ </encoder>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>10</maxIndex>
+ <FileNamePattern>${logDirectory}/security.%i.log.zip
+ </FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>10MB</maxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="asyncEELFSecurity"
+ class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="SECURITY" />
+ </appender>
+ <!-- AAF related loggers -->
+ <logger name="org.onap.aaf" level="INFO" additivity="true">
+ <appender-ref ref="DEBUG" />
+ </logger>
+ <logger name="org.apache.catalina.core" level="INFO"
+ additivity="true">
+ <appender-ref ref="DEBUG" />
+ </logger>
+ <logger name="org.onap.cmso" level="INFO"
+ additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+
+ <!-- CLDS related loggers -->
+ <logger name="com.att.eelf.error" level="OFF" additivity="true">
+ <appender-ref ref="ERROR" />
+ </logger>
+ <!-- EELF related loggers -->
+ <logger name="com.att.eelf.audit" level="INFO"
+ additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="DEBUG"
+ additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger name="com.att.eelf.security" level="DEBUG"
+ additivity="false">
+ <appender-ref ref="asyncEELFSecurity" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="DEBUG" />
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="org.apache" level="DEBUG" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="INFO" />
+ <logger name="ch.qos.logback.core" level="INFO" />
+
+ <!-- logback jms appenders & loggers definition starts here -->
+ <appender name="auditLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <appender name="perfLogs"
+ class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ </filter>
+ <file>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.log</file>
+ <rollingPolicy
+ class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDirectory}/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip
+ </fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>5MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>"%d [%thread] %-5level %logger{1024} - %msg%n"</pattern>
+ </encoder>
+ </appender>
+ <logger name="AuditRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="AuditRecord_DirectCall" level="INFO"
+ additivity="FALSE">
+ <appender-ref ref="auditLogs" />
+ </logger>
+ <logger name="PerfTrackerRecord" level="INFO" additivity="FALSE">
+ <appender-ref ref="perfLogs" />
+ </logger>
+ <!-- logback jms appenders & loggers definition ends here -->
+
+ <root level="DEBUG">
+ <appender-ref ref="DEBUG" />
+ <appender-ref ref="STDOUT" />
+ </root>
+</included>
+
--- /dev/null
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+
+cmso.optimizer.url=http://localhost:8080/cmso/v1/loopbacktest/optimizer
+cmso.optimizer.callbackurl=http://localhost:8080/cmso/v1/optimizerCallback
+
--- /dev/null
+#-------------------------------------------------------------------------------
+# Copyright © 2017-2018 AT&T Intellectual Property.
+# Modifications Copyright © 2018 IBM.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+#
+# Unless otherwise specified, all documentation contained herein is licensed
+# under the Creative Commons License, Attribution 4.0 Intl. (the â??Licenseâ?\9d);
+# you may not use this documentation except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# https://creativecommons.org/licenses/by/4.0/
+#
+# Unless required by applicable law or agreed to in writing, documentation
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#-------------------------------------------------------------------------------
+
+tm.vnfs.per.ticket=1
+tm.getPath=http://localhost:8080/cmso/v1/tm/getChangeRecord
+tm.createPath=http://localhost:8080/cmso/v1/tm/createChangeRecord
+tm.closePath=http://localhost:8080/cmso/v1/tm/closeCancelChangeRecord
+tm.updatePath=http://localhost:8080/cmso/v1/tm/updateChangeRecord
+tm.approvalStatus=Approved|Scheduled,Approved|Assigned
+tm.template.folder=data/templates/tm
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ template "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
{{- end }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright (C) 2018 AT&T,VMware
+# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ .Values.mariadb.nameOverride }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ - name: db-init
+ image: "{{ include "common.repository" . }}/{{ .Values.dbinit.image }}"
+ imagePullPolicy: Always
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db_port | quote}}
+ - name: DB_USERNAME
+ value: {{ .Values.config.db_root }}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.mysqlDatabase }}
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-cmso-db
+ key: db-root-password
+ terminationMessagePolicy: File
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ env:
+ - name: DB_HOST
+ value: {{ .Values.config.db_host }}.{{.Release.Namespace}}
+ - name: DB_PORT
+ value: {{ .Values.config.db_port | quote}}
+ - name: DB_USERNAME
+ value: {{ .Values.config.db_user }}
+ - name: DB_SCHEMA
+ value: {{ .Values.config.mysqlDatabase }}
+ - name: DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Release.Name}}-cmso-db
+ key: user-password
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end -}}
+ readinessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/logs
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /share/debug-logs
+ - name: {{ include "common.fullname" . }}-config
+ mountPath: /share/etc/config
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ volumes:
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ name: {{ include "common.fullname" . }}
+ items:
+ - key: logback.xml
+ path: logback.xml
+ - key: cmso.properties
+ path: cmso.properties
+ - key: optimizer.properties
+ path: optimizer.properties
+ - key: ticketmgt.properties
+ path: ticketmgt.properties
+ - key: liquibase.properties
+ path: liquibase.properties
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
- annotations:
spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
+ - port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
{{- else -}}
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global: # global defaults
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+
+subChartsOnly:
+ enabled: true
+
+# application image
+repository: nexus3.onap.org:10001
+image: onap/optf-cmso-service:1.0.1
+pullPolicy: Always
+
+#init container image
+dbinit:
+ image: onap/optf-cmso-dbinit:1.0.1
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+
+service:
+ type: ClusterIP
+ name: oof-cmso
+ portName: cmso
+ internalPort: 8080
+ externalPort: 8080
+ #nodePort: 23
+ # as of 20181022 port 23 is reserved for cmso
+ # see https://wiki.onap.org/display/DW/OOM+NodePort+List
+
+
+config:
+ db_root: root
+ db_user: cmso-admin
+ mysqlDatabase: cmso
+ db_host: oof-cmso-dbhost
+ db_port: 3306
+
+mariadb:
+ nameOverride: cmso-db
+
+ingress:
+ enabled: false
+
+#resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ #
+ # Example:
+ # Configure resource requests and limits
+ # ref: http://kubernetes.io/docs/user-guide/compute-resources/
+ # Minimum memory for development is 2 CPU cores and 4GB memory
+ # Minimum memory for production is 4 CPU cores and 8GB memory
+resources:
+ limits:
+ cpu: 1
+ memory: 1.2Gi
+ requests:
+ cpu: 10m
+ memory: 800Mi
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ # local reference to common chart, as it is
+ # a part of this chart's package and will not
+ # be published independently to a repo (at this point)
+ repository: '@local'
+ - name: mariadb-galera
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+mariadb-galera:
+ replicaCount: 1
+ nameOverride: cmso-db
+ service:
+ type: ClusterIP
+ name: oof-cmso-dbhost
+ portName: cmso-dbhost
+ nfsprovisionerPrefix: cmso
+ sdnctlPrefix: cmso
+ persistence:
+ mountSubPath: cmso/data
+ enabled: true
+ disableNfsProvisioner: true
+ config:
+ mariadbRootPassword: beer
+ userName: cmso-admin
+ userPassword: nimda-osmc
+ mysqlDatabase: cmso
+ externalConfig: |
+ [mysqld]
+ lower_case_table_names = 1
\ No newline at end of file
- /root/ready.py
args:
- --container-name
- - oof-has-music
+ - oof-has-controller
+ - --container-name
+ - aaf-service
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-has-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- mountPath: /usr/local/bin/log.conf
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: log.conf
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: AAF_RootCA.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: conductor.conf
- key: log.conf
path: log.conf
+ - key: AAF_RootCA.cer
+ path: AAF_RootCA.cer
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-CREATE KEYSPACE conductor WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'} AND durable_writes = true;
-
-CREATE TABLE conductor.plans (
- id text PRIMARY KEY,
- created bigint,
- message text,
- name text,
- recommend_max int,
- reservation_counter int,
- reservation_owner text,
- solution text,
- solver_counter int,
- solver_owner text,
- status text,
- template text,
- timeout int,
- translation text,
- translation_counter int,
- translation_owner text,
- updated bigint,
- vector_ts text
-);
-
-CREATE INDEX conductor_plans_index ON conductor.plans(status);
-
-CREATE KEYSPACE conductor_rpc WITH replication = {'class': 'SimpleStrategy', 'replication_factor': '1'} AND durable_writes = true;
-
-CREATE TABLE conductor_rpc.controller (
- id text PRIMARY KEY,
- action text,
- args text,
- created bigint,
- ctxt text,
- failure text,
- method text,
- owner text,
- response text,
- status text,
- updated bigint,
- vector_ts text
-);
-
-CREATE TABLE conductor_rpc.data (
- id text PRIMARY KEY,
- action text,
- args text,
- created bigint,
- ctxt text,
- failure text,
- method text,
- owner text,
- response text,
- status text,
- updated bigint,
- vector_ts text
-);
-
-INSERT INTO admin.keyspace_master (
-uuid, application_name, is_aaf, is_api, keyspace_name, password,username)
-VALUES ( now(), 'conductor', False, True, 'conductor', 'c0nduct0r', 'conductor');
-
-INSERT INTO admin.keyspace_master (
-uuid, application_name, is_aaf, is_api, keyspace_name, password, username)
-VALUES( now(), 'conductor', False, True, 'conductor_rpc', 'c0nduct0r', 'conductor');
-
-CREATE ROLE IF NOT EXISTS conductor WITH PASSWORD = 'c0nduct0r' AND LOGIN = true;
-
-GRANT ALL PERMISSIONS on KEYSPACE conductor to 'conductor';
-
-GRANT ALL PERMISSIONS on KEYSPACE conductor_rpc to 'conductor';
-
-INSERT INTO conductor.plans (id, created, message, name, recommend_max, solution, status, template,timeout, translation,updated) VALUES('healthcheck',1479482603641,'','foo',1,'{"healthcheck": " healthcheck"}','solved','{"healthcheck": "healthcheck"}',3600,'{"healthcheck": "healthcheck"}',1484324150629);
-
-
-
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ .Values.global.repository | default .Values.repository }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- - containerPort: {{ .Values.service.internalPort2 }}
- - containerPort: {{ .Values.service.internalPort3 }}
- - containerPort: {{ .Values.service.internalPort4 }}
- - containerPort: {{ .Values.service.internalPort5 }}
- {{ if eq .Values.liveness.enabled true }}
- livenessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{ end }}
- readinessProbe:
- exec:
- command:
- - /bin/bash
- - -c
- - nodetool status | grep $POD_IP | awk '$1!="UN" { exit 1; }'
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: CASSUSER
- value: "{{ .Values.config.cassandraUsername }}"
- - name: CASSPASS
- value: "{{ .Values.config.cassandraPassword }}"
- - name: POD_IP
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- - name: cassandra-docker-entrypoint-initdb
- mountPath: /docker-entrypoint-initdb.d/zzz_conductor.cql
- subPath: zzz_conductor.cql
- - name: {{ include "common.fullname" . }}-data
- mountPath: /var/lib/cassandra/data
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- - name: cassandra-docker-entrypoint-initdb
- configMap:
- name: {{ include "common.fullname" . }}-docker-entry-initd
- {{- if .Values.persistence.enabled }}
- - name: {{ include "common.fullname" . }}-data
- persistentVolumeClaim:
- claimName: {{ include "common.fullname" . }}
- {{- else }}
- emptyDir: {}
- {{- end }}
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolume
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
- name: {{ include "common.fullname" . }}
-spec:
- capacity:
- storage: {{ .Values.persistence.size}}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }}
- hostPath:
- path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ .Release.Name }}/{{ .Values.persistence.mountSubPath }}
-{{- end -}}
+++ /dev/null
-{{/*
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
- release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
-{{- if .Values.persistence.annotations }}
- annotations:
-{{ toYaml .Values.persistence.annotations | indent 4 }}
-{{- end }}
-spec:
- selector:
- matchLabels:
- name: {{ include "common.fullname" . }}
- accessModes:
- - {{ .Values.persistence.accessMode }}
- resources:
- requests:
- storage: {{ .Values.persistence.size }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
- storageClassName: ""
-{{- else }}
- storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end -}}
- /root/ready.py
args:
- --container-name
- - oof-has-music
+ - music-tomcat
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-cont-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: AAF_RootCA.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+ - key: AAF_RootCA.cer
+ path: AAF_RootCA.cer
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /root/ready.py
args:
- --container-name
- - oof-has-music
+ - music-tomcat
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-health-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-data-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-OUT=$(curl -o /dev/null -s -w "%{http_code}\n" \
- http://localhost:8080/MUSIC/rest/v2/admin/onboardAppWithMusic \
- -H 'Cache-Control: no-cache' \
- -H 'Content-Type: application/json' \
- -H 'Postman-Token: 705d4a9d-aaf2-40b4-914a-e0ce1a79534c' \
- -d '{
- "appname": "conductor",
- "userId" : "conductor",
- "isAAF" : false,
- "password" : "c0nduct0r"
-}
-')
-
-if [ ${OUT} = "200" ]; then
- echo "Success"
- echo 1 > /tmp/onboarded
- exit 0;
-else
- echo "Failure"
- exit 1;
-fi
- /root/ready.py
args:
- --container-name
- - oof-has-music
+ - music-tomcat
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-health-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" .}}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-resrv-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: AAF_RootCA.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+ - key: AAF_RootCA.cer
+ path: AAF_RootCA.cer
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
- /root/ready.py
args:
- --container-name
- - oof-has-music
+ - music-tomcat
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-onboard"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard-readiness
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-oof-has-healthcheck"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-health-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/has/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-solvr-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
- mountPath: /usr/local/bin/healthy.sh
name: {{ .Values.global.commonConfigPrefix }}-config
subPath: healthy.sh
+ - mountPath: /usr/local/bin/AAF_RootCA.cer
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: AAF_RootCA.cer
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
path: log.conf
- key: healthy.sh
path: healthy.sh
+ - key: AAF_RootCA.cer
+ path: AAF_RootCA.cer
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
+++ /dev/null
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ .Release.Name }}
- spec:
- containers:
- - name: {{ include "common.name" . }}
- image: {{ include "common.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- {{- if .Values.liveness.enabled }}
- livenessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- {{end -}}
- readinessProbe:
- tcpSocket:
- port: {{ .Values.service.internalPort }}
- initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
- periodSeconds: {{ .Values.readiness.periodSeconds }}
- volumeMounts:
- - mountPath: /etc/localtime
- name: localtime
- readOnly: true
- resources:
-{{ include "common.resources" . | indent 12 }}
- {{- if .Values.nodeSelector }}
- nodeSelector:
-{{ toYaml .Values.nodeSelector | indent 10 }}
- {{- end -}}
- {{- if .Values.affinity }}
- affinity:
-{{ toYaml .Values.affinity | indent 10 }}
- {{- end }}
- volumes:
- - name: localtime
- hostPath:
- path: /etc/localtime
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- name: common
version: ~3.0.0
repository: '@local'
+ - name: music
+ version: ~3.0.0
+ repository: '@local'
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Modifications Copyright © 2018 AT&T,VMware, Intel Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#api_paste_config = api_paste.ini
# Music keyspace for content (string value)
-keyspace = conductor
+#keyspace = conductor
+
+# Delay time (Seconds) for MUSIC requests. Set it to 2 seconds by default.
+# (integer value)
+#delay_time = 2
+
+# (boolean value)
+#HPA_enabled = true
#
# From oslo.log
# If set to true, the logging level will be set to DEBUG instead of the default
# INFO level. (boolean value)
# Note: This option can be changed without restarting.
+#debug = false
debug = true
-# DEPRECATED: If set to false, the logging level will be set to WARNING instead
-# of the default INFO level. (boolean value)
-# This option is deprecated for removal.
-# Its value may be silently ignored in the future.
-#verbose = true
-
# The name of a logging configuration file. This file is appended to any
# existing logging configuration files. For details about logging configuration
# files, see the Python logging module documentation. Note that when logging
# example, logging_context_format_string). (string value)
# Note: This option can be changed without restarting.
# Deprecated group/name - [DEFAULT]/log_config
-# log_config_append = /usr/local/bin/log.conf
+#log_config_append = <None>
+log_config_append = /usr/local/bin/log.conf
# Defines the format string for %%(asctime)s in log records. Default:
# %(default)s . This option is ignored if log_config_append is set. (string
# is set. (boolean value)
#use_syslog = false
+# Enable journald for logging. If running in a systemd environment you may wish
+# to enable journal support. Doing so will use the journal native protocol
+# which includes structured metadata in addition to log messages.This option is
+# ignored if log_config_append is set. (boolean value)
+#use_journal = false
+
# Syslog facility to receive log lines. This option is ignored if
# log_config_append is set. (string value)
#syslog_log_facility = LOG_USER
+# Use JSON formatting for logging. This option is ignored if log_config_append
+# is set. (boolean value)
+#use_json = false
+
# Log output to standard error. This option is ignored if log_config_append is
# set. (boolean value)
#use_stderr = false
# List of package logging levels in logger=LEVEL pairs. This option is ignored
# if log_config_append is set. (list value)
-#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
+#default_log_levels = amqp=WARN,amqplib=WARN,boto=WARN,qpid=WARN,sqlalchemy=WARN,suds=INFO,oslo.messaging=INFO,oslo_messaging=INFO,iso8601=WARN,requests.packages.urllib3.connectionpool=WARN,urllib3.connectionpool=WARN,websocket=WARN,requests.packages.urllib3.util.retry=WARN,urllib3.util.retry=WARN,keystonemiddleware=WARN,routes.middleware=WARN,stevedore=WARN,taskflow=WARN,keystoneauth=WARN,oslo.cache=INFO,dogpile.core.dogpile=INFO
# Enables or disables publication of error events. (boolean value)
#publish_errors = false
#fatal_deprecations = false
+[aaf_api]
+
+#
+# From conductor
+#
+
+# is_aaf_enabled. (boolean value)
+is_aaf_enabled = true
+
+# aaf_cache_expiry_hrs. (integer value)
+aaf_cache_expiry_hrs = 3
+
+# aaf_url. (string value)
+aaf_url = https://{{.Values.config.aaf.serviceName}}:{{.Values.config.aaf.port}}/authz/perms/user/
+
+# aaf_cert_file. (string value)
+#aaf_cert_file = <None>
+
+# aaf_cert_key_file. (string value)
+#aaf_cert_key_file = <None>
+
+# aaf_ca_bundle_file. (string value)
+#aaf_ca_bundle_file =
+aaf_ca_bundle_file = /usr/local/bin/AAF_RootCA.cer
+
+# aaf_retries. (integer value)
+#aaf_retries = 3
+
+# aaf_timeout. (integer value)
+#aaf_timeout = 100
+
+# aaf_user_roles. (list value)
+#aaf_permissions = {"type": "org.onap.oof.access","instance": "*","action": "*"}
+
+
+[aaf_sms]
+
+#
+# From conductor
+#
+
+# Base URL for SMS, up to and not including the version, and without a trailing
+# slash. (string value)
+aaf_sms_url = https://{{.Values.config.sms.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.sms.port}}
+
+
+# Timeout for SMS API Call (integer value)
+#aaf_sms_timeout = 30
+
+# Path to the cacert that will be used to verify If this is None, verify will
+# be False and the server certis not verified by the client. (string value)
+#aaf_ca_certs = AAF_RootCA.cer
+aaf_ca_certs = /usr/local/bin/AAF_RootCA.cer
+
+# Domain UUID - A unique UUID generated when the domainfor HAS is created by
+# administrator during deployment (string value)
+#secret_domain = has
+
+
[aai]
#
#
# Interval with which to refresh the local cache, in minutes. (integer value)
+#cache_refresh_interval = 1440
cache_refresh_interval = 1
+
+# Interval with which to refresh the local complex cache, in minutes. (integer
+# value)
+#complex_cache_refresh_interval = 1440
complex_cache_refresh_interval = 60
# Data Store table prefix. (string value)
# trailing slash. (string value)
server_url = https://{{.Values.config.aai.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.aai.port}}/aai
+# Timeout for A&AI Rest Call (string value)
+#aai_rest_timeout = 30
+
+# Number of retry for A&AI Rest Call (string value)
+#aai_retries = 3
+
# The version of A&AI in v# format. (string value)
server_url_version = v14
# Certificate Authority Bundle file in pem format. Must contain the appropriate
# trust chain for the Certificate file. (string value)
-#certificate_authority_bundle_file = /opt/app/conductor/etc/certs/ca_bundle.pem
-certificate_authority_bundle_file =/usr/local/bin/AAF_RootCA.cer
+#certificate_authority_bundle_file = certificate_authority_bundle.pem
+certificate_authority_bundle_file = /usr/local/bin/AAF_RootCA.cer
-# Basic Authentication Username (string value)
+# Username for AAI. (string value)
username = OOF
-# Basic Authentication Password (string value)
+# Password for AAI. (string value)
password = OOF
[conductor_api]
-# Basic Authentication Username (string value)
+#
+# From conductor
+#
+
+# Base URL for plans. (string value)
+#server_url =
+
+# username for plans. (string value)
+#username =
username = admin1
-# Basic Authentication Password (string value)
+# password for plans. (string value)
+#password =
password = plan.15
-basic_auth_secure = False
+# auth toggling. (boolean value)
+basic_auth_secure = true
+
[controller]
# Timeout for planning requests. Default value is 10. (integer value)
# Minimum value: 1
+#timeout = 10
timeout = 200
# Maximum number of result sets to return. Default value is 1. (integer value)
# Minimum value: 1
#workers = 1
+# Set to True when controller will run in active-active mode. When set to
+# False, controller will flush any abandoned messages at startup. The
+# controller always restarts abandoned template translations at startup.
+# (boolean value)
+#concurrent = false
+concurrent = true
+
# Time between checking for new plans. Default value is 1. (integer value)
# Minimum value: 1
#polling_interval = 1
+
+# (integer value)
+# Minimum value: 1
+#max_translation_counter = 1
+
+
+[data]
+
+#
+# From conductor
+#
+
+# Number of workers for data service. Default value is 1. (integer value)
+# Minimum value: 1
+#workers = 1
+
+# Set to True when data will run in active-active mode. When set to False, data
+# will flush any abandoned messages at startup. (boolean value)
+#concurrent = false
concurrent = true
+# Default value is -8000, which is the diameter of the earth. The distance
+# cannot larger than this value (floating point value)
+#existing_placement_cost = -8000.0
+
+# (floating point value)
+#cloud_candidate_cost = 2.0
+
+# (floating point value)
+#service_candidate_cost = 1.0
+
[inventory_provider]
#
# Music keyspace for messages (string value)
-keyspace = conductor_rpc
+#keyspace = conductor_rpc
# Wait interval while checking for a message response. Default value is 1
# second. (integer value)
# Minimum value: 1
#check_interval = 1
-# Overall message response timeout. Default value is 10 seconds. (integer
+# Overall message response timeout. Default value is 120 seconds. (integer
# value)
# Minimum value: 1
+#response_timeout = 120
+
+# Timeout for detecting a VM is down, and other VMs can pick the plan up.
+# Default value is 5 minutes. (integer value) (integer value)
+# Minimum value: 1
timeout = 300
# Number of workers for messaging service. Default value is 1. (integer value)
#debug = false
+[multicloud]
+
+#
+# From conductor
+#
+
+# Base URL for Multicloud without a trailing slash. (string value)
+#server_url = http://msb.onap.org/api/multicloud
+server_url = http://{{.Values.config.msb.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.msb.port}}/api/multicloud
+
+# Timeout for Multicloud Rest Call (string value)
+#multicloud_rest_timeout = 30
+
+# Number of retry for Multicloud Rest Call (string value)
+#multicloud_retries = 3
+
+# The version of Multicloud API. (string value)
+#server_url_version = v0
+
+
[music_api]
#
# From conductor
#
-music_new_version = True
+
# Base URL for Music REST API without a trailing slash. (string value)
-server_url = http://oof-has-music:8080/MUSIC/rest/v2
+#server_url = http://oof-has-music:8080/MUSIC/rest/v2
+server_url = http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2
version = v2
-music_version = "2.5.3"
-aafuser = conductor
-aafpass = c0nduct0r
-aafns = conductor
# DEPRECATED: List of hostnames (round-robin access) (list value)
# This option is deprecated for removal.
# Reason: Use server_url instead
#path = <None>
+# Socket connection timeout (floating point value)
+#connect_timeout = 3.05
+
+# Socket read timeout (floating point value)
+#read_timeout = 12.05
+
# Lock timeout (integer value)
#lock_timeout = 10
+
+# Replication factor (integer value)
+#replication_factor = 1
replication_factor = 1
-# Log debug messages. Default value is False. (boolean value)
-#debug = false
# Use mock API (boolean value)
#mock = false
-# Socket connection timeout (floating point value)
-connect_timeout = 3.05
+# (string value)
+#music_topology = SimpleStrategy
-# Socket read timeout (floating point value)
-read_timeout = 12.05
+# Name of the first data center (string value)
+#first_datacenter_name = <None>
+
+# Number of replicas in first data center (integer value)
+#first_datacenter_replicas = <None>
+# Name of the second data center (string value)
+#second_datacenter_name = <None>
+
+# Number of replicas in second data center (integer value)
+#second_datacenter_replicas = <None>
+
+# Name of the third data center (string value)
+#third_datacenter_name = <None>
+
+# Number of replicas in third data center (integer value)
+#third_datacenter_replicas = <None>
+
+# new or old version (boolean value)
+#music_new_version = <None>
+music_new_version = True
+
+# for version (string value)
+#music_version = <None>
+music_version = "3.0.21"
+
+# username value that used for creating basic authorization header (string
+# value)
+#aafuser = <None>
+aafuser = conductor
+
+# password value that used for creating basic authorization header (string
+# value)
+#aafpass = <None>
+aafpass = c0nduct0r
+
+# AAF namespace field used in MUSIC request header (string value)
+#aafns = <None>
+aafns = conductor
+
+
+[prometheus]
+
+#
+# From conductor
+#
+
+# Prometheus Metrics Endpoint (list value)
+#metrics_port = 8000,8001,8002,8003,8004
+
+
+[reservation]
+
+#
+# From conductor
+#
+
+# Number of workers for reservation service. Default value is 1. (integer
+# value)
+# Minimum value: 1
+#workers = 1
+
+# Number of times reservation/release should be attempted. (integer value)
+#reserve_retries = 1
+
+# Timeout for detecting a VM is down, and other VMs can pick the plan up and
+# resereve. Default value is 600 seconds. (integer value) (integer value)
+# Minimum value: 1
+#timeout = 600
+
+# Set to True when reservation will run in active-active mode. When set to
+# False, reservation will restart any orphaned reserving requests at startup.
+# (boolean value)
+#concurrent = false
+concurrent = true
+
+# (integer value)
+# Minimum value: 1
+#max_reservation_counter = 1
[sdnc]
#table_prefix = sdnc
# Base URL for SDN-C, up to and including the version. (string value)
+#server_url = https://controller:8443/restconf/
server_url = https://sdncodl-conexus-e2e.ecomp.cci.att.com:8543/restconf/
# Basic Authentication Username (string value)
+#username = <None>
username = admin
# Basic Authentication Password (string value)
-password = sdnc.15
+#password = <None>
+password = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
+
+# Timeout for SDNC Rest Call (string value)
+#sdnc_rest_timeout = 30
+
+# Retry Numbers for SDNC Rest Call (string value)
+#sdnc_retries = 3
[service_controller]
# Minimum value: 1
#workers = 1
+# The timeout value for solver service. Default value is 480 seconds. (integer
+# value)
+# Minimum value: 1
+#solver_timeout = 480
+
# Set to True when solver will run in active-active mode. When set to False,
# solver will restart any orphaned solving requests at startup. (boolean value)
#concurrent = false
concurrent = true
+# Timeout for detecting a VM is down, and other VMs can pick the plan up. This
+# value should be larger than solver_timeoutDefault value is 10 minutes.
+# (integer value) (integer value)
+# Minimum value: 1
+#timeout = 600
-
-[reservation]
-concurrent = true
-
-
-[multicloud]
-
-#
-# From conductor
-#
-
-# Base URL for Multicloud without a trailing slash. (string value)
-server_url = http://{{.Values.config.msb.serviceName}}:{{.Values.config.msb.port}}/api/multicloud
-
-# Timeout for Multicloud Rest Call (string value)
-multicloud_rest_timeout = 30
-
-# Number of retry for Multicloud Rest Call (string value)
-multicloud_retries = 3
-
-# The version of Multicloud API. (string value)
-server_url_version = v0
+# (integer value)
+# Minimum value: 1
+#max_solver_counter = 1
[vim_controller]
+
#
# From conductor
#
# Extensions list to use (list value)
-extensions = multicloud
-
+#extensions = multicloud
--- /dev/null
+{
+ "consistencyInfo": {
+ "type": "eventual"
+ },
+ "values": {
+ "id": "healthcheck",
+ "created": 1479482603641,
+ "message": "",
+ "name": "foo",
+ "recommend_max": 1,
+ "solution": "{\"healthcheck\": \" healthcheck\"}",
+ "status": "solved",
+ "template": "{\"healthcheck\": \"healthcheck\"}",
+ "timeout": 3600,
+ "translation": "{\"healthcheck\": \" healthcheck\"}",
+ "updated": 1484324150629
+ }
+}
--- /dev/null
+{
+ "appname": "conductor",
+ "userId": "conductor",
+ "isAAF": "false",
+ "password": "c0nduct0r"
+}
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-healthcheck
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - oof-has-api
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-healthcheck
+ command:
+ - "/bin/sh"
+ - "-c"
+ - |
+ echo "INSERT HEALTHCHECK PLAN";
+ sleep 15;
+ resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null --write-out %{http_code} -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/keyspaces/conductor/tables/plans/rows?id=healthcheck \
+ -H "Content-Type: application/json" \
+ -H "ns: conductor" \
+ -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
+ --data @healthcheck.json);
+ echo $resp;
+ sleep 2;
+ done;
+ workingDir: /has
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /has/healthcheck.json
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: healthcheck.json
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: healthcheck.json
+ path: healthcheck.json
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright 2018 Intel Corporation, Inc
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-onboard
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "music-tomcat"
+ - --container-name
+ - "music-cassandra"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - command:
+ - /root/job_complete.py
+ args:
+ - -j
+ - "{{ .Release.Name }}-music-cassandra-job-config"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-music-db-readiness
+ containers:
+ - image: "{{ include "common.repository" . }}/{{ .Values.global.image.optf_has }}"
+ imagePullPolicy: {{ .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-onboard
+ command:
+ - "/bin/sh"
+ - "-c"
+ - |
+ curl -X POST http://{{.Values.config.music.serviceName}}.{{ include "common.namespace" . }}:{{.Values.config.music.port}}/MUSIC/rest/v2/admin/onboardAppWithMusic \
+ -H "Content-Type: application/json" \
+ -H "Authorization: Basic Y29uZHVjdG9yOmMwbmR1Y3Qwcg==" \
+ --data @onboard.json
+ workingDir: /has
+ volumeMounts:
+ - mountPath: /etc/localtime
+ name: localtime
+ readOnly: true
+ - mountPath: /has/onboard.json
+ name: {{ .Values.global.commonConfigPrefix }}-config
+ subPath: onboard.json
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ nodeSelector:
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ .Values.global.commonConfigPrefix }}-config
+ configMap:
+ name: {{ .Values.global.commonConfigPrefix }}-configmap
+ items:
+ - key: onboard.json
+ path: onboard.json
+ restartPolicy: OnFailure
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
\ No newline at end of file
# Copyright © 2017 Amdocs, AT&T, Bell Canada, VMware
+# Modifications Copyright © 2018 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
commonConfigPrefix: onap-oof-has
image:
readiness: oomk8s/readiness-check:2.0.0
- optf_has: onap/optf-has:1.2.1
+ optf_has: onap/optf-has:1.2.4
filebeat: docker.elastic.co/beats/filebeat:5.5.0
pullPolicy: Always
nodePortPrefix: 302
dataRootDir: /dockerdata-nfs
config:
+ aaf:
+ serviceName: aaf-service
+ port: 8100
aai:
serviceName: aai
port: 8443
msb:
serviceName: msb-iag
port: 80
-
+ music:
+ serviceName: music-tomcat
+ port: 8080
+ sms:
+ serviceName: aaf-sms
+ port: 10443
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ memory: 2Gi
+ cpu: 1000m
+ requests:
+ memory: 1Gi
+ cpu: 500m
+ large:
+ limits:
+ memory: 4Gi
+ cpu: 2000m
+ requests:
+ memory: 2Gi
+ cpu: 1000m
+ unlimited: {}
{{- end }}
# Secret Management Service from AAF
-aaf_sms_url: {{ .Values.config.aaf_sms_url }}
+aaf_sms_url: {{ .Values.config.aaf_sms_url }}.{{ include "common.namespace" . }}:{{ .Values.config.aaf_sms_port }}
aaf_sms_timeout: {{ .Values.config.aaf_sms_timeout }}
secret_domain: {{ .Values.config.secret_domain }}
aaf_ca_certs: {{ .Values.config.aaf_ca_certs }}
args:
- --container-name
- pdp
- - --container-name
- - aaf-service
- - --container-name
- - aaf-sms
- - --container-name
- - oof-has-api
env:
- name: NAMESPACE
valueFrom:
image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - command:
+ - sh
+ - -c
+ - resp="FAILURE";
+ until [ $resp = "200" ]; do
+ resp=$(curl -s -o /dev/null -k --write-out %{http_code} https://aaf-sms.{{ include "common.namespace" . }}:10443/v1/sms/domain/osdf/secret);
+ echo $resp;
+ sleep 2;
+ done
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-osdf-sms-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/optf-osdf:1.2.1
+image: onap/optf-osdf:1.2.4
pullPolicy: Always
# flag to enable debugging - application support required
config:
msbgateway: msb-iag
msbPort: 80
- placementVersioningEnabled: False
+ placementVersioningEnabled: True
# Placement API latest version numbers to be set in HTTP header
placementMajorVersion: "1"
placementMinorVersion: "0"
# versions to be set in HTTP header
conductorMinorVersion: 0
# Url and credentials for the Policy Platform
- policyPlatformUrl: http://pdp:8081/pdp/api/getConfig # Policy Dev platform URL
+ policyPlatformUrl: https://pdp:8081/pdp/api/getConfig # Policy Dev platform URL
policyPlatformEnv: TEST # Environment for policy platform
policyPlatformUsername: testpdp # Policy platform username.
policyPlatformPassword: alpha123 # Policy platform password.
aaf_user_roles:
- '/api/oof/v1/placement:org.onap.osdf.access|*|read ALL'
# Secret Management Service from AAF
- aaf_sms_url: https://aaf-sms:10443
+ aaf_sms_url: https://aaf-sms
+ aaf_sms_port: 10443
aaf_sms_timeout: 30
secret_domain: osdf
aaf_ca_certs: /opt/app/ssl_cert/aaf_root_ca.cer
resources:
small:
limits:
- memory: 4Gi
- cpu: 2000m
+ memory: 2Gi
+ cpu: 1000m
requests:
memory: 1Gi
cpu: 500m
large:
limits:
- memory: 8Gi
- cpu: 4000m
+ memory: 4Gi
+ cpu: 2000m
requests:
memory: 2Gi
cpu: 1000m
BRMS_UEB_API_SECRET=
#Dependency.json file version
-BRMS_DEPENDENCY_VERSION=1.2.0
+BRMS_DEPENDENCY_VERSION=1.3.1
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.3.0
+image: onap/policy-pe:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
# MSO
-SO_URL=http://so.{{.Release.Namespace}}:8080/ecomp/mso/infra
+SO_URL=http://so.{{.Release.Namespace}}:8080/onap/so/infra
SO_USERNAME=InfraPortalClient
SO_PASSWORD=password1$
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName }}-{{ .Values.service.externalPort2 }}
{{- else -}}
- - port: {{ .Values.service.type.externalPort }}
- targetPort: {{ .Values.service.type.internalPort }}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
name: {{ .Values.service.portName }}
{{- end}}
selector:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-drools:1.3.0
+image: onap/policy-drools:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.3.0
+image: onap/policy-pe:1.3.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-apex-pdp:2.0.0
+image: onap/policy-apex-pdp:2.0.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-distribution:2.0.0
+image: onap/policy-distribution:2.0.1
pullPolicy: Always
# flag to enable debugging - application support required
# Copyright © 2017 Amdocs, Bell Canada, AT&T
+# Modifications Copyright © 2018 AT&T. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
sleep 2
-wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl
+wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=casablanca
sleep 2
"RULE": {
"templateName": "ClosedLoopControlName",
"closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3",
- "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0D%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-scale-up%0D%0A++++name%3A+Create+a+new+VF+Module%0D%0A++++description%3A%0D%0A++++actor%3A+SO%0D%0A++++recipe%3A+VF+Module+Create%0D%0A++++target%3A%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard"
+ "controlLoopYaml": "controlLoop%3A%0A++version%3A+2.0.0%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0A++timeout%3A+1200%0A++abatement%3A+false%0Apolicies%3A%0A++-+id%3A+unique-policy-id-1-scale-up%0A++++name%3A+Create+a+new+VF+Module%0A++++description%3A%0A++++actor%3A+SO%0A++++recipe%3A+VF+Module+Create%0A++++target%3A%0A++++++type%3A+VNF%0A++++payload%3A%0A++++++requestParameters%3A+%27%7B%22usePreload%22%3Atrue%2C%22userParams%22%3A%5B%5D%7D%27%0A++++++configurationParameters%3A+%27%5B%7B%22ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B9%5D%22%2C%22oam-ip-addr%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B16%5D%22%2C%22enabled%22%3A%22%24.vf-module-topology.vf-module-parameters.param%5B23%5D%22%7D%5D%27%0A++++retry%3A+0%0A++++timeout%3A+1200%0A++++success%3A+final_success%0A++++failure%3A+final_failure%0A++++failure_timeout%3A+final_failure_timeout%0A++++failure_retries%3A+final_failure_retries%0A++++failure_exception%3A+final_failure_exception%0A++++failure_guard%3A+final_failure_guard"
}
}
}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/createPolicy'
"pdpGroup": "default",
"policyName": "com.OOF_PCI_CONFIG_POLICY",
"policyType": "Base"
-}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
\ No newline at end of file
+}' 'https://{{.Values.global.pdp.nameOverride}}:{{.Values.config.pdpPort}}/pdp/api/pushPolicy'
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/policy-pe:1.3.0
+image: onap/policy-pe:1.3.1
pullPolicy: Always
subChartsOnly:
aaiUsername: AAI
aaiPassword: OBF:1gfr1ev31gg7
aaiHttpProtocol: https
- aaiConnectionTimeout: 5000
- aaiReadTimeout: 1000
+ aaiConnectionTimeout: 60000
+ aaiReadTimeout: 60000
# HTTP Basic Authorization credentials for Rest Service API
httpUserId: admin
httpPassword: OBF:1u2a1toa1w8v1tok1u30
--- /dev/null
+#!/bin/sh
+
+# Get the list of topic from curl ressult
+dmaap_mr_host=message-router
+dmaap_mr_port=3904
+temp_output_file=".tmpoutput"
+curl -X GET http://$dmaap_mr_host:$dmaap_mr_port/topics > $temp_output_file
+
+# Test topic POA-AUDIT-INIT, POA-AUDIT-RESULT, POA-RULE-VALIDATION
+TOPICS="POA-AUDIT-INIT POA-RULE-VALIDATION POA-AUDIT-RESULT"
+for i_topic in $TOPICS
+do
+ echo "Looping ... topic: $i_topic"
+ if grep -iFq "$i_topic" $temp_output_file
+ then
+ # code if found
+ echo "$i_topic found."
+ else
+ # code if not found
+ echo "$i_topic NOT found."
+ curl -X POST -H "content-type: application/json" --data '{"event":"create topic"}' http://$dmaap_mr_host:$dmaap_mr_port/events/$i_topic
+ fi
+done
+
+# remove the temp file
+rm -f $temp_output_file
key.store.type=PKCS12
key.manager.factory.algorithm=SunX509
security.protocol=TLS
-connection.timeout.ms=15000
-read.timeout.ms=10000
+connection.timeout.ms=60000
+read.timeout.ms=60000
base.uri=/aaicontextbuilder/service/context
key.store.type=PKCS12
key.manager.factory.algorithm=SunX509
security.protocol=TLS
-connection.timeout.ms=15000
-read.timeout.ms=10000
+connection.timeout.ms=60000
+read.timeout.ms=60000
base.uri=/sdccontextbuilder/service/context
namespace: {{ include "common.namespace" . }}
data:
{{ tpl (.Files.Glob "resources/config/builders/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-pre-start-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/bin/*").AsConfig . | indent 2 }}
\ No newline at end of file
app: {{ include "common.name" . }}
release: {{ .Release.Name }}
spec:
+ initContainers:
+ - command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - message-router
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-readiness
containers:
- name: {{ include "common.name" . }}
image: "{{ include "common.repository" . }}/{{ .Values.image }}"
- mountPath: /opt/app/config/builders
name: {{ include "common.fullname" . }}-config-builders
readOnly: true
+ - mountPath: /opt/app/bin/pre_start.sh
+ name: {{ include "common.fullname" . }}-pre-start
+ subPath: pre_start.sh
+ readOnly: false
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
- name: {{ include "common.fullname" . }}-config-builders
configMap:
name: {{ include "common.fullname" . }}-configmap-builders
+ - name: {{ include "common.fullname" . }}-pre-start
+ configMap:
+ name: {{ include "common.fullname" . }}-pre-start-configmap
+ defaultMode: 0777
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
global:
nodePortPrefix: 302
repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
#################################################################
# Application configuration defaults.
sdcConnect.sdcAddress={{ .Values.config.sdcServiceName }}.{{.Release.Namespace}}:{{ .Values.config.sdcPort }}
# Minimum timeout value is 15 seconds; default is 120000s
-sdcConnect.timeout.seconds=12000
+sdcConnect.timeout.seconds=60000
# {0} = UUID
sdc.url.template=/sdc/v1/catalog/services/{0}/toscaModel
config:
#Application properties
sdcUsername: pomba
- sdcPassword: OBF:1uha1uh81w8v1ugi1ugg
+ sdcPassword: OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp
sdcConsumerId: pomba
sdcServiceName: sdc-be
sdcPort: 8443
basicAuth.password={{ .Values.config.serviceDecompositionPassword }}
# AAI REST Client Configuration
-aai.serviceName=127.0.0.1
-aai.servicePort=8443
-aai.username=AAI
-aai.password=OBF:1gfr1ev31gg7
-aai.httpProtocol=https
+aai.serviceName={{ .Values.config.aaiServiceName }}.{{.Release.Namespace}}
+aai.servicePort={{ .Values.config.aaiPort }}
+aai.username={{ .Values.config.aaiUsername }}
+aai.password={{ .Values.config.aaiPassword }}
+aai.httpProtocol={{ .Values.config.aaiHttpProtocol }}
aai.securityProtocol=TLS
-aai.connectionTimeout=15000
-aai.readTimeout=15000
+aai.connectionTimeout=60000
+aai.readTimeout=60000
aai.resourceList=vnfc,vserver,l3-network
aai.serviceInstancePath=/aai/v13/nodes/service-instance/{0}
# Example:
config:
# Service Decomposition REST Client Configuration
+ aaiServiceName: aai
+ aaiPort: 8443
+ aaiUsername: AAI
+ aaiPassword: OBF:1gfr1ev31gg7
+ aaiHttpProtocol: https
# Basic Authorization Client credentials for Service Decomposition REST service
serviceDecompositionUserId: admin
serviceDecompositionPassword: OBF:1u2a1toa1w8v1tok1u30
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
+
+ Modifications to this file for use in ONAP are also subject to the Apache-2.0 license.
-->
<!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-app:2.3.0
+image: onap/portal-app:2.3.1
pullPolicy: Always
# default number of instances
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-db:2.3.0
+image: onap/portal-db:2.3.1
pullPolicy: Always
readinessImage: readiness-check:2.0.0
-mariadbInitImage: "mariadb-client-init:2.0.0"
+mariadbInitImage: "mariadb-client-init:3.0.0"
# application configuration
config:
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-sdk:2.3.0
+image: onap/portal-sdk:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/portal-wms:2.3.0
+image: onap/portal-wms:2.3.1
pullPolicy: Always
# flag to enable debugging - application support required
FROM boxfuse/flyway:5.0.7-alpine
-ARG branch=release-2.3.0
+ARG branch=master
ENV no_proxy "localhost,127.0.0.1,.cluster.local,$KUBERNETES_SERVICE_HOST"
# Setup Corporate proxy
ENV https_proxy ${HTTP_PROXY}
ENV http_proxy ${HTTPS_PROXY}
RUN apk add --update \
- mariadb-client=10.1.28-r1 \
+ mariadb-client=10.1.32-r0 \
git \
&& rm -rf /var/cache/apk/*
-# Copyright © 2018 Amdocs, Bell Canada
+#!/bin/bash
+# Copyright (C) 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-#!/bin/bash
-
#
# Execute tags built to support the hands on demo,
#
echo " demo.sh <namespace> deleteVNF <module_name from instantiateVFW>"
echo " - Delete the module created by instantiateVFW"
echo " "
- echo " demo.sh <namespace> heatbridge <stack_name> <service_instance_id> <service>"
+ echo " demo.sh <namespace> heatbridge <stack_name> <service_instance_id> <service> <oam-ip-address>"
echo " - Run heatbridge against the stack for the given service instance and service"
+ echo " "
+ echo " demo.sh <namespace> vfwclosedloop <pgn-ip-address>"
+ echo " - vFWCL: Sets the packet generator to high and low rates, and checks whether the policy "
+ echo " kicks in to modulate the rates back to medium"
+ echo " "
}
# Set the defaults
heatbridge)
TAG="heatbridge"
shift
- if [ $# -ne 3 ];then
- echo "Usage: demo.sh <namespace> heatbridge <stack_name> <service_instance_id> <service>"
+ if [ $# -ne 4 ];then
+ echo "Usage: demo.sh <namespace> heatbridge <stack_name> <service_instance_id> <service> <oam-ip-address>"
exit
fi
VARIABLES="$VARIABLES -v HB_STACK:$1"
shift
VARIABLES="$VARIABLES -v HB_SERVICE:$1"
shift
+ VARIABLES="$VARIABLES -v HB_IPV4_OAM_ADDRESS:$1"
+ shift
+ ;;
+ cds)
+ TAG="cds"
+ shift
;;
+ distributeVFWNG)
+ TAG="distributeVFWNG"
+ shift
+ ;;
+ vfwclosedloop)
+ TAG="vfwclosedloop"
+ shift
+ VARIABLES="$VARIABLES -v pkg_host:$1"
+ shift
+ ;;
*)
usage
exit
set -x
+POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot)
+
ETEHOME=/var/opt/OpenECOMP_ETE
+
+export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l")
+OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_demo_$key
+DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90))
+
VARIABLEFILES="-V /share/config/vm_properties.py -V /share/config/integration_robot_properties.py -V /share/config/integration_preload_parameters.py"
-POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot)
-kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/demo/${TAG} -i ${TAG} --display 89 2> ${TAG}.out
+
+kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} -i ${TAG} --display $DISPLAY_NUM 2> ${TAG}.out
+
# Note: Do not run multiple concurrent ete.sh as the --display is not parameterized and tests will collide
#
if [ "$1" == "" ] || [ "$2" == "" ]; then
- echo "Usage: ete-k8s.sh [namespace] [ health | ete | closedloop | instantiate | distribute | portal ]"
+ echo "Usage: ete-k8s.sh [namespace] [ health | healthdist | distribute | instantiate | instantiateVFWCL | instantiateDemoVFWCL | | portal ]"
exit
fi
POD=$(kubectl --namespace $NAMESPACE get pods | sed 's/ .*//'| grep robot)
-export TAGS="-i $2"
-export ETEHOME=/var/opt/OpenECOMP_ETE
-export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l")
-export OUTPUT_FOLDER=ETE_$(printf %04d $GLOBAL_BUILD_NUMBER)_$2
+TAGS="-i $2"
-#export OUTPUT_FOLDER=ETE_$$
+ETEHOME=/var/opt/OpenECOMP_ETE
+export GLOBAL_BUILD_NUMBER=$(kubectl --namespace $NAMESPACE exec ${POD} -- bash -c "ls -1q /share/logs/ | wc -l")
+OUTPUT_FOLDER=$(printf %04d $GLOBAL_BUILD_NUMBER)_ete_$2
+DISPLAY_NUM=$(($GLOBAL_BUILD_NUMBER + 90))
VARIABLEFILES="-V /share/config/vm_properties.py -V /share/config/integration_robot_properties.py -V /share/config/integration_preload_parameters.py"
VARIABLES="-v GLOBAL_BUILD_NUMBER:$$"
-kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display 88
-
+kubectl --namespace $NAMESPACE exec ${POD} -- ${ETEHOME}/runTags.sh ${VARIABLEFILES} ${VARIABLES} -d /share/logs/${OUTPUT_FOLDER} ${TAGS} --display $DISPLAY_NUM
GLOBAL_OOF_HOMING_SERVER_PORT = "8091"
# oof-sniro info - everything is from the private oam network (also called onap private network)
GLOBAL_OOF_SNIRO_SERVER_PORT = "8698"
+# oof cmso global info - everything is from the private oam network (also called onap private network)
+GLOBAL_OOF_CMSO_PROTOCOL = "http"
+GLOBAL_OOF_CMSO_SERVER_PORT = "8080"
+GLOBAL_OOF_CMSO_USERNAME = "none"
+GLOBAL_OOF_CMSO_PASSWORD = "none"
# openstack info - info to select right info in environment
# packet generate vnf info - everything is from the private oam network (also called onap private network)
GLOBAL_PACKET_GENERATOR_PORT = "8183"
GLOBAL_INJECTED_OOF_IP_ADDR = "N/A"
GLOBAL_INJECTED_OOF_HOMING_IP_ADDR = "oof-has-api.{{include "common.namespace" .}}"
GLOBAL_INJECTED_OOF_SNIRO_IP_ADDR = "oof-osdf.{{include "common.namespace" .}}"
+GLOBAL_INJECTED_OOF_CMSO_IP_ADDR = "oof-cmso.{{include "common.namespace" .}}"
GLOBAL_INJECTED_MSB_IP_ADDR = "msb-iag.{{include "common.namespace" .}}"
GLOBAL_INJECTED_OPENSTACK_API_KEY = "{{ .Values.config.openStackEncryptedPasswordHere}}"
GLOBAL_INJECTED_OPENSTACK_PASSWORD = "{{ .Values.openStackPassword }}"
"GLOBAL_INJECTED_OOF_IP_ADDR" : "N/A",
"GLOBAL_INJECTED_OOF_HOMING_IP_ADDR" : "oof-has-api.{{include "common.namespace" .}}",
"GLOBAL_INJECTED_OOF_SNIRO_IP_ADDR" : "oof-osdf.{{include "common.namespace" .}}",
+ "GLOBAL_INJECTED_OOF_CMSO_IP_ADDR" : "oof-cmso.{{include "common.namespace" .}}",
"GLOBAL_INJECTED_MSB_IP_ADDR" : "msb-iag.{{include "common.namespace" .}}",
"GLOBAL_INJECTED_OPENSTACK_API_KEY" : "{{ .Values.config.openStackEncryptedPasswordHere}}",
"GLOBAL_INJECTED_OPENSTACK_PASSWORD" : "{{ .Values.openStackPassword }}",
aaiUsername: "aai@aai.onap.org"
aaiPassword: "demo123456!"
# APPC
-appcUsername: "admin"
-appcPassword: "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
+appcUsername: "appc@appc.onap.org"
+appcPassword: "demo123456!"
# DCAE
dcaeUsername: "console"
dcaePassword: "ZjJkYjllMjljMTI2M2Iz"
- /root/job_complete.py
args:
- --job-name
- - {{ .Release.Name }}-sdc-es-config-elasticsearch
+ - {{ .Release.Name }}-sdc-onboarding-be-cassandra-init
env:
- name: NAMESPACE
valueFrom:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP OOF-MUSIC Container
-name: oof-has-music
-version: 2.5.3
+description: ONAP SDC DCAE Backend client of TOSCALAB and SDC
+name: sdc-dcae-be
+version: 3.0.0
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<!--\r
+================================================================================\r
+Copyright (C) 2018 AT&T Intellectual Property\r
+================================================================================\r
+Licensed under the Apache License, Version 2.0 (the "License");\r
+you may not use this file except in compliance with the License.\r
+You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+Unless required by applicable law or agreed to in writing, software\r
+distributed under the License is distributed on an "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+See the License for the specific language governing permissions and\r
+limitations under the License.\r
+================================================================================\r
+-->\r
+\r
+<configuration scan="true" scanPeriod="3 seconds">\r
+ <property name="logDir" value="/var/log/onap" />\r
+ <property name="componentName" scope="system" value="sdc"></property>\r
+ <property name="subComponentName" scope="system" value="dcae-be"></property>\r
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
+ <property file="${config.home}/dcae-be/configuration.yaml" />\r
+ <property name="enable-all-log" scope="context" value="false" />\r
+ <!-- log file names -->\r
+ <property name="errorLogName" value="error" />\r
+ <property name="metricsLogName" value="metrics" />\r
+ <property name="auditLogName" value="audit" />\r
+ <property name="debugLogName" value="debug" />\r
+ <property name="transactionLogName" value="transaction" />\r
+ <property name="allLogName" value="all" />\r
+ <property name="queueSize" value="256" />\r
+ <property name="maxFileSize" value="50MB" />\r
+ <property name="maxHistory" value="30" />\r
+ <property name="totalSizeCap" value="10GB" />\r
+ <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
+ <!-- All log -->\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
+ <file>${logDirectory}/${allLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </appender>\r
+ </then>\r
+ </if>\r
+ <!-- Error log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
+ <file>${logDirectory}/${errorLogName}.log</file>\r
+ <!-- Audit messages filter - deny audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- Transaction messages filter - deny Transaction messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
+ <level>INFO</level>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Debug log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
+ <file>${logDirectory}/${debugLogName}.log</file>\r
+ <!-- No need to deny audit messages - they are INFO only, will be denied\r
+ anyway -->\r
+ <!-- Transaction messages filter - deny Transaction messages, there are\r
+ some DEBUG level messages among them -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- accept DEBUG and TRACE level -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
+ <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
+ </evaluator>\r
+ <OnMismatch>DENY</OnMismatch>\r
+ <OnMatch>NEUTRAL</OnMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Audit log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
+ <file>${logDirectory}/${auditLogName}.log</file>\r
+ <!-- Audit messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- SdncTransaction log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
+ <file>${logDirectory}/${transactionLogName}.log</file>\r
+ <!-- Transaction messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Asynchronicity Configurations -->\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="DEBUG_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="TRANSACTION_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="ERROR_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="AUDIT_ROLLING" />\r
+ </appender>\r
+ <root level="INFO">\r
+ <appender-ref ref="ASYNC_ERROR" />\r
+ <appender-ref ref="ASYNC_DEBUG" />\r
+ <appender-ref ref="ASYNC_AUDIT" />\r
+ <appender-ref ref="ASYNC_TRANSACTION" />\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </then>\r
+ </if>\r
+ </root>\r
+ <logger level="INFO" name="org.openecomp.sdc" />\r
+</configuration>\r
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "sdc-be"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ .Release.Name }}-sdc-be-config-backend
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /dcae/conf/composition
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.global.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /var/opt/dcae-be/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-be/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ .Release.Name }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "common.fullname" . }}-tools
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}-job
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ backoffLimit: 20
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}-job
+ release: {{ .Release.Name }}
+ spec:
+ restartPolicy: Never
+ initContainers:
+ - name: {{ include "common.name" . }}-init-readiness
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - {{ include "common.name" . }}
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}-job
+ image: {{ include "common.repository" . }}/{{ .Values.backendInitImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /var/opt/dcae-tools/chef-solo/environments
+ env:
+ - name: ENVNAME
+ value: {{ .Values.global.env.name }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumes:
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ .Release.Name }}-sdc-environments-configmap
+ defaultMode: 0755
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
+ restartPolicy: Never
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "sdc-dcae-be",
+ "version": "v1",
+ "url": "/dcae",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort2 }}",
+ "visualRange": "1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/dcae-be:1.3-STAGING-latest
+pullPolicy: Always
+backendInitImage: onap/dcae-tools:1.3-STAGING-latest
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+config:
+ javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-be/logback-spring.xml
+ cassandraSslEnabled: "false"
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 240
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 240
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: sdc-dcae-be
+ portName: sdc-dcae-be-8082
+ externalPort: 8082
+ internalPort: 8082
+ portName2: sdc-dcae-be-8444
+ externalPort2: 8444
+ internalPort2: 8444
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
\ No newline at end of file
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP DCAE desiner composition tool for creating customized templates
+name: sdc-dcae-dt
+version: 3.0.0
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<!--\r
+================================================================================\r
+Copyright (C) 2018 AT&T Intellectual Property\r
+================================================================================\r
+Licensed under the Apache License, Version 2.0 (the "License");\r
+you may not use this file except in compliance with the License.\r
+You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+Unless required by applicable law or agreed to in writing, software\r
+distributed under the License is distributed on an "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+See the License for the specific language governing permissions and\r
+limitations under the License.\r
+================================================================================\r
+-->\r
+\r
+<configuration scan="true" scanPeriod="3 seconds">\r
+ <property name="logDir" value="/var/log/onap" />\r
+ <property name="componentName" scope="system" value="sdc"></property>\r
+ <property name="subComponentName" scope="system" value="dcae-dt"></property>\r
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
+ <property file="${config.home}/dcae-dt/configuration.yaml" />\r
+ <property name="enable-all-log" scope="context" value="false" />\r
+ <!-- log file names -->\r
+ <property name="errorLogName" value="error" />\r
+ <property name="metricsLogName" value="metrics" />\r
+ <property name="auditLogName" value="audit" />\r
+ <property name="debugLogName" value="debug" />\r
+ <property name="transactionLogName" value="transaction" />\r
+ <property name="allLogName" value="all" />\r
+ <property name="queueSize" value="256" />\r
+ <property name="maxFileSize" value="50MB" />\r
+ <property name="maxHistory" value="30" />\r
+ <property name="totalSizeCap" value="10GB" />\r
+ <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
+ <!-- All log -->\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
+ <file>${logDirectory}/${allLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </appender>\r
+ </then>\r
+ </if>\r
+ <!-- Error log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
+ <file>${logDirectory}/${errorLogName}.log</file>\r
+ <!-- Audit messages filter - deny audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- Transaction messages filter - deny Transaction messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
+ <level>INFO</level>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Debug log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
+ <file>${logDirectory}/${debugLogName}.log</file>\r
+ <!-- No need to deny audit messages - they are INFO only, will be denied\r
+ anyway -->\r
+ <!-- Transaction messages filter - deny Transaction messages, there are\r
+ some DEBUG level messages among them -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- accept DEBUG and TRACE level -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
+ <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
+ </evaluator>\r
+ <OnMismatch>DENY</OnMismatch>\r
+ <OnMatch>NEUTRAL</OnMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Audit log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
+ <file>${logDirectory}/${auditLogName}.log</file>\r
+ <!-- Audit messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- SdncTransaction log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
+ <file>${logDirectory}/${transactionLogName}.log</file>\r
+ <!-- Transaction messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Asynchronicity Configurations -->\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="DEBUG_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="TRANSACTION_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="ERROR_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="AUDIT_ROLLING" />\r
+ </appender>\r
+ <root level="INFO">\r
+ <appender-ref ref="ASYNC_ERROR" />\r
+ <appender-ref ref="ASYNC_DEBUG" />\r
+ <appender-ref ref="ASYNC_AUDIT" />\r
+ <appender-ref ref="ASYNC_TRANSACTION" />\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </then>\r
+ </if>\r
+ </root>\r
+ <logger level="INFO" name="org.openecomp.sdc" />\r
+</configuration>\r
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - sdc-dcae-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ .Release.Name }}-sdc-dcae-be-tools
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /dcae/healthCheckOld
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.global.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /var/opt/dcae-dt/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ .Release.Name }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "sdc-dcae-dt",
+ "version": "v1",
+ "url": "/dcae",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange": "0|1"
+ }
+ ]'
spec:
type: {{ .Values.service.type }}
ports:
{{if eq .Values.service.type "NodePort" -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
+ - port: {{ .Values.service.internalPort }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
name: {{ .Values.service.portName }}
- - port: {{ .Values.service.externalPort2 }}
- targetPort: {{ .Values.service.internalPort2 }}
+ - port: {{ .Values.service.internalPort2 }}
nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
- name: {{ .Values.service.portName }}3
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort4 }}
- name: {{ .Values.service.portName }}4
- - port: {{ .Values.service.externalPort5 }}
- targetPort: {{ .Values.service.internalPort5 }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort5 }}
- name: {{ .Values.service.portName }}5
-
{{- else -}}
- port: {{ .Values.service.externalPort }}
targetPort: {{ .Values.service.internalPort }}
- port: {{ .Values.service.externalPort2 }}
targetPort: {{ .Values.service.internalPort2 }}
name: {{ .Values.service.portName }}2
- - port: {{ .Values.service.externalPort3 }}
- targetPort: {{ .Values.service.internalPort3 }}
- name: {{ .Values.service.portName }}3
- - port: {{ .Values.service.externalPort4 }}
- targetPort: {{ .Values.service.internalPort4 }}
- name: {{ .Values.service.portName }}4
- - port: {{ .Values.service.externalPort5 }}
- targetPort: {{ .Values.service.internalPort5 }}
- name: {{ .Values.service.portName }}5
{{- end}}
selector:
app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/dcae-dt:1.2-STAGING-latest
+pullPolicy: IfNotPresent
+config:
+ javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-dt/logback-spring.xml
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ name: sdc-dcae-dt
+ portName: dcae-dt
+ nodePort: "65"
+ internalPort: 8186
+ portName2: dcae-dt2
+ nodePort2: "66"
+ internalPort2: 9446
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
\ No newline at end of file
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2013 Amdocs, AT&T,Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP SDC DCAE UI for service monitoring and MC create and configure
+name: sdc-dcae-fe
+version: 3.0.0
--- /dev/null
+<?xml version="1.0" encoding="utf-8"?>\r
+<!--\r
+================================================================================\r
+Copyright (C) 2018 AT&T Intellectual Property\r
+================================================================================\r
+Licensed under the Apache License, Version 2.0 (the "License");\r
+you may not use this file except in compliance with the License.\r
+You may obtain a copy of the License at\r
+\r
+ http://www.apache.org/licenses/LICENSE-2.0\r
+\r
+Unless required by applicable law or agreed to in writing, software\r
+distributed under the License is distributed on an "AS IS" BASIS,\r
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+See the License for the specific language governing permissions and\r
+limitations under the License.\r
+================================================================================\r
+-->\r
+<configuration scan="true" scanPeriod="3 seconds">\r
+ <property name="logDir" value="/var/log/onap" />\r
+ <property name="componentName" scope="system" value="sdc"></property>\r
+ <property name="subComponentName" scope="system" value="dcae-fe"></property>\r
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />\r
+ <property file="${config.home}/dcae-fe/configuration.yaml" />\r
+ <property name="enable-all-log" scope="context" value="false" />\r
+ <!-- log file names -->\r
+ <property name="errorLogName" value="error" />\r
+ <property name="metricsLogName" value="metrics" />\r
+ <property name="auditLogName" value="audit" />\r
+ <property name="debugLogName" value="debug" />\r
+ <property name="transactionLogName" value="transaction" />\r
+ <property name="allLogName" value="all" />\r
+ <property name="queueSize" value="256" />\r
+ <property name="maxFileSize" value="50MB" />\r
+ <property name="maxHistory" value="30" />\r
+ <property name="totalSizeCap" value="10GB" />\r
+ <property name="pattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />\r
+ <!-- All log -->\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ALL_ROLLING">\r
+ <file>${logDirectory}/${allLogName}.log</file>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${allLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ALL">\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </appender>\r
+ </then>\r
+ </if>\r
+ <!-- Error log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="ERROR_ROLLING">\r
+ <file>${logDirectory}/${errorLogName}.log</file>\r
+ <!-- Audit messages filter - deny audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- Transaction messages filter - deny Transaction messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->\r
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">\r
+ <level>INFO</level>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Debug log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="DEBUG_ROLLING">\r
+ <file>${logDirectory}/${debugLogName}.log</file>\r
+ <!-- No need to deny audit messages - they are INFO only, will be denied\r
+ anyway -->\r
+ <!-- Transaction messages filter - deny Transaction messages, there are\r
+ some DEBUG level messages among them -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>NEUTRAL</onMismatch>\r
+ <onMatch>DENY</onMatch>\r
+ </filter>\r
+ <!-- accept DEBUG and TRACE level -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.GEventEvaluator">\r
+ <expression>e.level.toInt() <= DEBUG.toInt()</expression>\r
+ </evaluator>\r
+ <OnMismatch>DENY</OnMismatch>\r
+ <OnMatch>NEUTRAL</OnMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Audit log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="AUDIT_ROLLING">\r
+ <file>${logDirectory}/${auditLogName}.log</file>\r
+ <!-- Audit messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>AUDIT_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- SdncTransaction log -->\r
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="TRANSACTION_ROLLING">\r
+ <file>${logDirectory}/${transactionLogName}.log</file>\r
+ <!-- Transaction messages filter - accept audit messages -->\r
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">\r
+ <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">\r
+ <marker>TRANSACTION_MARKER</marker>\r
+ </evaluator>\r
+ <onMismatch>DENY</onMismatch>\r
+ <onMatch>ACCEPT</onMatch>\r
+ </filter>\r
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">\r
+ <fileNamePattern>${logDirectory}/${transactionLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>\r
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">\r
+ <maxFileSize>${maxFileSize}</maxFileSize>\r
+ </timeBasedFileNamingAndTriggeringPolicy>\r
+ <maxHistory>${maxHistory}</maxHistory>\r
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>\r
+ </rollingPolicy>\r
+ <encoder>\r
+ <pattern>${pattern}</pattern>\r
+ </encoder>\r
+ </appender>\r
+ <!-- Asynchronicity Configurations -->\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_DEBUG">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="DEBUG_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_TRANSACTION">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="TRANSACTION_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_ERROR">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="ERROR_ROLLING" />\r
+ </appender>\r
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="ASYNC_AUDIT">\r
+ <queueSize>${queueSize}</queueSize>\r
+ <appender-ref ref="AUDIT_ROLLING" />\r
+ </appender>\r
+ <root level="INFO">\r
+ <appender-ref ref="ASYNC_ERROR" />\r
+ <appender-ref ref="ASYNC_DEBUG" />\r
+ <appender-ref ref="ASYNC_AUDIT" />\r
+ <appender-ref ref="ASYNC_TRANSACTION" />\r
+ <if condition='property("enable-all-log").equalsIgnoreCase("true")'>\r
+ <then>\r
+ <appender-ref ref="ALL_ROLLING" />\r
+ </then>\r
+ </if>\r
+ </root>\r
+ <logger level="INFO" name="org.openecomp.sdc" />\r
+</configuration>\r
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.hosts }}
+ http://{{ . }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+ export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.fullname" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+ echo "Visit http://127.0.0.1:8080 to use your application"
+ kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
+{{- end }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-logging-configmap
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/logging/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - sdc-dcae-be
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ - name: {{ include "common.name" . }}-job-completion
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: "{{ .Values.global.pullPolicy | default .Values.pullPolicy }}"
+ command:
+ - /root/job_complete.py
+ args:
+ - --job-name
+ - {{ .Release.Name }}-sdc-dcae-be-tools
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /dcaed/healthCheck
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.global.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /var/opt/dcae-fe/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-logback
+ mountPath: /tmp/logback.xml
+ subPath: logback.xml
+ lifecycle:
+ postStart:
+ exec:
+ command: ["/bin/sh", "-c", "export LOG=wait_logback.log; touch $LOG; export SRC=/tmp/logback.xml; export DST=/var/lib/jetty/config/dcae-fe/; while [ ! -e $DST ]; do echo 'Waiting for $DST...' >> $LOG; sleep 5; done; sleep 2; /bin/cp -f $SRC $DST; echo 'Done' >> $LOG"]
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-logback
+ configMap:
+ name : {{ include "common.fullname" . }}-logging-configmap
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ .Release.Name }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "dcae-gui",
+ "version": "v1",
+ "url": "/dcae",
+ "protocol": "UI",
+ "port": "{{ .Values.service.internalPort }}",
+ "visualRange": "0|1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName }}2
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/dcae-fe:1.3-STAGING-latest
+pullPolicy: Always
+config:
+ javaOptions: -XX:MaxPermSize=256m -Xmx1024m -Dconfig.home=config -Dlog.home=/var/lib/jetty/logs/ -Dlogging.config=config/dcae-fe/logback-spring.xml
+
+# default number of instances
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: false
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ #Example service definition with external, internal and node ports.
+ #Services may use any combination of ports depending on the 'type' of
+ #service being defined.
+ type: NodePort
+ name: sdc-dcae-fe
+ portName: dcae-fe
+ nodePort: "63"
+ internalPort: 8183
+ portName2: dcae-fe2
+ nodePort2: "64"
+ internalPort2: 9444
+
+ingress:
+ enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
\ No newline at end of file
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP Tosca model for component monitoring and descriptors deployment
+name: sdc-dcae-tosca-lab
+version: 3.0.0
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
http://{{ . }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
+ export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ You can watch the status of by running 'kubectl get svc -w {{ include "common.fullname" . }}'
+ export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
--- /dev/null
+# Copyright © 2017 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ initContainers:
+ - name: {{ include "common.name" . }}-readiness
+ command:
+ - /root/ready.py
+ args:
+ - --container-name
+ - "sdc-dcae-be"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ {{ if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ tcpSocket:
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{ end }}
+ readinessProbe:
+ httpGet:
+ path: /healthcheck
+ port: {{ .Values.service.internalPort }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ env:
+ - name: ENVNAME
+ value: {{ .Values.global.env.name }}
+ - name: JAVA_OPTIONS
+ value: {{ .Values.config.javaOptions }}
+ - name: HOST_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-environments
+ mountPath: /var/opt/dcae-be/chef-solo/environments/
+ - name: {{ include "common.fullname" . }}-localtime
+ mountPath: /etc/localtime
+ readOnly: true
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ resources:
+{{ include "common.resources" . | indent 12 }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 10 }}
+ {{- end -}}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 10 }}
+ {{- end }}
+ # side car containers
+ - name: {{ include "common.name" . }}-filebeat-onap
+ image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ volumeMounts:
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ mountPath: /usr/share/filebeat/filebeat.yml
+ subPath: filebeat.yml
+ - name: {{ include "common.fullname" . }}-logs
+ mountPath: /var/log/onap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ mountPath: /usr/share/filebeat/data
+ volumes:
+ - name: {{ include "common.fullname" . }}-localtime
+ hostPath:
+ path: /etc/localtime
+ - name: {{ include "common.fullname" . }}-filebeat-conf
+ configMap:
+ name: {{ .Release.Name }}-sdc-filebeat-configmap
+ - name: {{ include "common.fullname" . }}-data-filebeat
+ emptyDir: {}
+ - name: {{ include "common.fullname" . }}-environments
+ configMap:
+ name: {{ .Release.Name }}-sdc-environments-configmap
+ defaultMode: 0755
+ - name: {{ include "common.fullname" . }}-logs
+ emptyDir: {}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ msb.onap.org/service-info: '[
+ {
+ "serviceName": "dcae-be",
+ "version": "v1",
+ "url": "/dcae",
+ "protocol": "REST",
+ "port": "{{ .Values.service.internalPort2 }}",
+ "visualRange": "1"
+ }
+ ]'
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.internalPort2 }}
+ nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName }}
+ - port: {{ .Values.service.externalPort2 }}
+ targetPort: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ {{- end}}
+ selector:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
global:
nodePortPrefix: 302
- repository: nexus3.onap.org:10001
readinessRepository: oomk8s
readinessImage: readiness-check:2.0.0
loggingRepository: docker.elastic.co
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: library/tomcat:8.5
+image: onap/dcae-tosca-app:1.3-STAGING-latest
pullPolicy: Always
-warImage: onap/music/music:2.5.3
# flag to enable debugging - application support required
debugEnabled: false
-# application configuration
config:
- usernameCassandra: cassandra1
- passwordCassandra: cassandra1
+ javaOptions: -XX:MaxPermSize=256m -Xmx1024m
+ cassandraSslEnabled: "false"
# default number of instances
replicaCount: 1
affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
# probe configuration parameters
liveness:
initialDelaySeconds: 10
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
- enabled: true
+ enabled: false
readiness:
initialDelaySeconds: 10
periodSeconds: 10
service:
- type: NodePort
- name: oof-has-music
- externalPort: 8080
- internalPort: 8080
- nodePort: 76
- portName: oof-has-music
+ type: ClusterIP
+ name: sdc-dcae-tosca-lab
+ portName: sdc-dcae-tosca-lab-8085
+ externalPort: 8085
+ internalPort: 8085
+ portName2: sdc-dcae-tosca-lab-8445
+ externalPort2: 8445
+ internalPort2: 8445
+
ingress:
enabled: false
+
+# Resource Limit flavor -By Default using small
+flavor: small
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 10m
+ memory: 1Gi
+ large:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 20m
+ memory: 2Gi
+ unlimited: {}
\ No newline at end of file
# probe configuration parameters
liveness:
- initialDelaySeconds: 10
+ initialDelaySeconds: 60
periodSeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
"CS_VIP": "sdc-cs.{{include "common.namespace" .}}",
"BE_VIP": "sdc-be.{{include "common.namespace" .}}",
"ONBOARDING_BE_VIP": "sdc-onboarding-be.{{include "common.namespace" .}}",
+ "DCAE_BE_VIP": "sdc-dcae-be.{{include "common.namespace" .}}",
+ "DCAE_FE_VIP": "sdc-dcae-fe.{{include "common.namespace" .}}",
+ "DCAE_TOSCA_LAB_VIP": "sdc-dcae-tosca-lab.{{include "common.namespace" .}}",
"FE_VIP": "sdc-fe.{{include "common.namespace" .}}",
"ES_VIP": "sdc-es.{{include "common.namespace" .}}",
"KB_VIP": "sdc-kb.{{include "common.namespace" .}}",
- "DCAE_BE_VIP": "",
- "DCAE_FE_VIP": "",
"interfaces": {
"application": "eth0",
"private": "eth0"
},
"Plugins": {
"DCAE": {
- "dcae_discovery_url": "{{.Values.config.environment.dcaeUrl}}",
- "dcae_source_url": "{{.Values.config.environment.dcaeUrl}}"
+ "dcae_discovery_url": "http://sdc-dcae-fe.{{include "common.namespace" .}}:8183/dcaed/#/home",
+ "dcae_source_url": "http://sdc.dcae.plugin.simpledemo.onap.org:30263/dcaed/#/home"
},
"DCAE-TAB": {
- "dcae_dt_discovery_url": "",
- "dcae_dt_source_url": ""
+ "dcae_dt_discovery_url": "http://sdc-dcae-dt.{{include "common.namespace" .}}:8186/dcae/#/dcae/home",
+ "dcae_dt_source_url": "http://sdc.dcae.plugin.simpledemo.onap.org:30265/dcae/#/dcae/home"
},
"WORKFLOW": {
"workflow_discovery_url": "http://sdc-wfd-fe.{{include "common.namespace" .}}:8080",
logstashServiceName: log-ls
logstashPort: 5044
environment:
- dcaeUrl: 10.0.2.15
workflowUrl: 10.0.2.15
vnfRepoPort: 8702
+
sdc-es:
service:
name: sdc-es
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/admportal-sdnc-image:1.3.4
+image: onap/admportal-sdnc-image:1.4.1
pullPolicy: Always
# flag to enable debugging - application support required
org.onap.ccsdk.sli.northbound.uebclient.spool.archive=/opt/onap/sdnc/ueb-listener/spool/archive
org.onap.ccsdk.sli.northbound.uebclient.polling-interval=30
org.onap.ccsdk.sli.northbound.uebclient.polling-timeout=15
-org.onap.ccsdk.sli.northbound.uebclient.client-startup-timeout=900
+org.onap.ccsdk.sli.northbound.uebclient.client-startup-timeout=300
org.onap.ccsdk.sli.northbound.uebclient.relevant-artifact-types=TOSCA_CSAR
org.onap.ccsdk.sli.northbound.uebclient.activate-server-tls-auth=false
org.onap.ccsdk.sli.northbound.uebclient.keystore-path=
resources:
requests:
storage: {{ .Values.persistence.size }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
{{ end }}
timeout: 360000
write: APPC-LCM-READ
sdnc:
- read:
- name: SDNC-LCM-WRITE
+ read: SDNC-LCM-WRITE
write: SDNC-LCM-READ
response:
timeout: 360000
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui/usecase-ui-server:1.1.1
+image: onap/usecase-ui-server:1.2.0
pullPolicy: Always
# application configuration
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui:1.2.0
+image: onap/usecase-ui:1.2.1
pullPolicy: Always
# application configuration
volumeClaimTemplates:
- metadata:
name: {{ include "common.fullname" . }}-data
+ labels:
+ name: {{ include "common.fullname" . }}
annotations:
{{- if .Values.persistence.storageClass }}
volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
+ selector:
+ matchLabels:
+ name: {{ include "common.fullname" . }}
{{- end }}
- name: VID_ECOMP_REDIRECT_URL
value: https://{{ .Values.config.portalhost }}:{{ .Values.config.onapport }}/ONAPPORTAL/login.htm
- name: VID_ECOMP_REST_URL
- value: https://portal-app.{{ include "common.namespace" . }}:{{ .Values.config.onapportrest }}/ONAPPORTAL/auxapi
+ value: https://portal-app:{{ .Values.config.onapportrest }}/ONAPPORTAL/auxapi
- name: VID_ROLE_ACCESS_CENTRALIZED
value: "{{ .Values.config.roleaccesscentralized }}"
- name: VID_CONTACT_US_LINK
# application image
repository: nexus3.onap.org:10001
-image: onap/vid:3.0.0
+image: onap/vid:3.2.0
pullPolicy: Always
# mariadb image for initializing
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: ONAP VNF Validation Platform
+name: vvp
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: end-to-end flow tests based on Seleniunm
+name: vvp-ci-uwsgi
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+from datetime import datetime
+
+# With this file at web/settings/__init__.py, we need three applications of
+# dirname() to find the project root.
+PROJECT_PATH = os.path.realpath(os.path.dirname(os.path.dirname(os.path.dirname(__file__))))
+LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ICE_ENVIRONMENT = os.environ['ICE_ENVIRONMENT']
+PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+PROGRAM_NAME = os.environ['PROGRAM_NAME']
+SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+# Anything in the Host header that does not match our expected domain should
+# raise SuspiciousOperation exception.
+ALLOWED_HOSTS = ['*']
+
+if ICE_ENVIRONMENT == 'production':
+ DEBUG = False
+
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ.get('ICE_EMAIL_HOST')
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+else:
+ DEBUG = True
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+REST_FRAMEWORK = {
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'PAGE_SIZE': 10,
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'DEFAULT_PERMISSION_CLASSES': ('rest_framework.permissions.IsAdminUser',),
+}
+APPEND_SLASH = False
+
+# Application definition
+
+INSTALLED_APPS = [
+
+ 'django.contrib.auth',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'iceci.apps.IceCiConfig',
+]
+
+MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+]
+
+ROOT_URLCONF = 'web.urls'
+
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+]
+
+WSGI_APPLICATION = 'web.wsgi.application'
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+
+DATABASES = {
+ 'default': { # CI DB details.
+ 'NAME': '/app/ice_ci_db.db' ,
+ 'ENGINE': 'django.db.backends.sqlite3',
+ 'TEST_NAME': '/app/ice_ci_db.db',
+ },
+}
+SINGLETONE_DB = {
+ 'default': { # CI DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CI_DB_NAME', 'ice_ci_db'),
+ 'USER': os.environ.get('CI_DB_USER', 'iceci'),
+ 'PASSWORD': os.environ.get('CI_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CI_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CI_DB_PORT', '5433'),
+ },
+ 'em_db': { # ICE DB details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('EM_DB_NAME', 'icedb'),
+ 'USER': os.environ.get('EM_DB_USER', 'iceuser'),
+ 'PASSWORD': os.environ.get('EM_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('EM_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('EM_DB_PORT', '5433'),
+ },
+ 'cms_db': { # ICE CMS details.
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ.get('CMS_DB_NAME', 'icecmsdb'),
+ 'USER': os.environ.get('CMS_DB_USER', 'icecmsuser'),
+ 'PASSWORD': os.environ.get('CMS_DB_PASSWORD', 'Aa123456'),
+ 'HOST': os.environ.get('CMS_DB_HOST', 'localhost'),
+ 'PORT': os.environ.get('CMS_DB_PORT', '5433'),
+ }
+}
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+
+AUTH_PASSWORD_VALIDATORS = [
+ {
+ 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+ },
+ {
+ 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+ },
+]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+
+USE_L10N = True
+
+USE_TZ = False
+
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+STATIC_ROOT = os.environ['STATIC_ROOT']
+STATIC_URL = '/static/'
+
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(module)s %(filename)s:%(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(filename)s:%(lineno)d %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'file1': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-info.log',
+ 'formatter': 'verbose'
+ },
+ 'file2': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-debug.log',
+ 'formatter': 'verbose'
+ },
+ 'file3': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-requests.log',
+ 'formatter': 'verbose'
+ },
+ 'file4': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.environ.get('ICE_ICE_LOGGER_PATH', LOGS_PATH) + 'vvp-db.log',
+ 'formatter': 'verbose'
+ }
+ },
+ 'loggers': {
+ 'vvp-ci.logger': {
+ 'handlers': ['file1', 'file2', 'file3', 'file4','console'],
+ 'level': os.getenv('ICE_ICE_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': os.getenv('ICE_DJANGO_LOGGER_LEVEL', 'DEBUG'),
+ },
+ 'django.request': {
+ 'handlers': ['file3'],
+ 'level': os.getenv('ICE_ICE_REQUESTS_LOGGER_LEVEL', 'ERROR'),
+ },
+ 'django.db.backends': {
+ 'handlers': ['file4'],
+ 'level': os.getenv('ICE_ICE_DB_LOGGER_LEVEL', 'ERROR'),
+ }
+ }
+}
+
+
+#############################
+# ICE-CI Related Configuration
+#############################
+ICE_CONTACT_FROM_ADDRESS = os.getenv('ICE_CONTACT_FROM_ADDRESS')
+ICE_CONTACT_EMAILS = list(os.getenv('ICE_CONTACT_EMAILS','user@example.com').split(','))
+ICE_CI_ENVIRONMENT_NAME = os.getenv('ICE_CI_ENVIRONMENT_NAME', 'Dev') # Dev / Docker / Staging
+ICE_EM_URL = "{domain}/{prefix}".format(domain=os.environ['ICE_EM_DOMAIN_NAME'], prefix=PROGRAM_NAME_URL_PREFIX)
+ICE_PORTAL_URL = os.environ['ICE_DOMAIN']
+EM_REST_URL = ICE_EM_URL + '/v1/engmgr/'
+
+#Number of test results presented in admin page. Illegal values: '0' or 'Null'
+NUMBER_OF_TEST_RESULTS = int(os.getenv('NUMBER_OF_TEST_RESULTS', '30'))
+ICE_BUILD_REPORT_NUM = os.getenv('ICE_BUILD_REPORT_NUM',"{:%Y-%m-%d-%H-%M-%S}".format(datetime.now()))
+IS_JUMP_STATE=os.getenv('IS_JUMP_STATE', "True")
+DATABASE_TYPE = 'sqlite'
+
+# FIXME: Does this authentication scheme actually gain us anything? What's the
+# threat model
+WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+# The authentication token and URL needed for us to issue requests to the GitLab API.
+GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+GITLAB_URL = "http://vvp-gitlab/"
+
+JENKINS_URL = "http://vvp-jenkins:8080/"
+JENKINS_USERNAME = "admin"
+JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":8282"
+chdir = '/app'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/ci/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ admin_password: "Y2lhZG1pbnBhc3M="
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 8282
+ - containerPort: 9000
+ volumeMounts:
+ - name: ci-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ICE_ENVIRONMENT
+ value: "development"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "vvp"
+ - name: SERVICE_PROVIDER
+ value: "NA"
+ - name: PROGRAM_NAME
+ value: "VVP"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "na.com"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EM_DB_HOST
+ value: postgresql
+ - name: EM_DB_PORT
+ value: "5432"
+ - name: EM_DB_NAME
+ value: icedb
+ - name: EM_DB_USER
+ value: "em_postgresuser"
+ - name: EM_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: CMS_DB_HOST
+ value: postgresql
+ - name: CMS_DB_PORT
+ value: "5432"
+ - name: CMS_DB_NAME
+ value: "icecmsdb"
+ - name: CMS_DB_USER
+ value: "cms_postgresuser"
+ - name: CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: CI_DB_HOST
+ value: postgresql
+ - name: CI_DB_PORT
+ value: "5432"
+ - name: CI_DB_NAME
+ value: icedb
+ - name: CI_DB_USER
+ value: "em_postgresuser"
+ - name: CI_DB_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: ciPassword}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: ICE_DOMAIN
+ value: https://development.vvp.example.com
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://development.vvp.example.com
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: CI_ADMIN_USER
+ value: "ciadminuser"
+ - name: CI_ADMIN_MAIL
+ value: "ciadminmail@example.com"
+ - name: CI_ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: admin_password}
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/app/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "web.wsgi:application", ]
+ volumes:
+ - name: ci-settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-kind: ConfigMap
+kind: Service
metadata:
- name: {{ include "common.fullname" . }}-docker-entry-initd
+ name: {{ include "common.servicename" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ .Release.Name }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cassandra/docker-entrypoint-initdb.d/*").AsConfig . | indent 2 }}
-
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-# Default values for mariadb.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-global: # global defaults
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
nodePortPrefix: 302
- persistence: {}
-
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+#################################################################
+# Application configuration defaults.
+#################################################################
# application image
repository: nexus3.onap.org:10001
-image: zookeeper:3.4
+image: onap/vvp/test-engine:1.0.0
pullPolicy: Always
-# default number of instances
+# flag to enable debugging - application support required
+debugEnabled: false
+
replicaCount: 1
+
nodeSelector: {}
+
affinity: {}
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- memory: 4Gi
- cpu: 2000m
- requests:
- memory: 1Gi
- cpu: 500m
- large:
- limits:
- memory: 8Gi
- cpu: 4000m
- requests:
- memory: 2Gi
- cpu: 1000m
- unlimited: {}
+
# probe configuration parameters
liveness:
initialDelaySeconds: 10
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
+
readiness:
initialDelaySeconds: 10
periodSeconds: 10
+
service:
type: ClusterIP
- name: oof-has-zk
- externalPort: 2181
- internalPort: 2181
- portName: oof-has-zookeeper
+ internalPort: 8282
+
ingress:
enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: backend uwsgi server which hosts django application
+name: vvp-cms-uwsgi
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from __future__ import absolute_import, unicode_literals
+import os
+from cms.envbool import envbool
+
+from django import VERSION as DJANGO_VERSION
+from django.utils.translation import ugettext_lazy as _
+from boto.s3.connection import OrdinaryCallingFormat
+
+
+######################
+# MEZZANINE SETTINGS #
+######################
+
+# The following settings are already defined with default values in
+# the ``defaults.py`` module within each of Mezzanine's apps, but are
+# common enough to be put here, commented out, for conveniently
+# overriding. Please consult the settings documentation for a full list
+# of settings Mezzanine implements:
+# http://mezzanine.jupo.org/docs/configuration.html#default-settings
+
+# Controls the ordering and grouping of the admin menu.
+#
+# ADMIN_MENU_ORDER = (
+# ("Content", ("pages.Page", "blog.BlogPost",
+# "generic.ThreadedComment", (_("Media Library"), "media-library"),)),
+# ("Site", ("sites.Site", "redirects.Redirect", "conf.Setting")),
+# ("Users", ("auth.User", "auth.Group",)),
+# )
+
+# A three item sequence, each containing a sequence of template tags
+# used to render the admin dashboard.
+#
+# DASHBOARD_TAGS = (
+# ("blog_tags.quick_blog", "mezzanine_tags.app_list"),
+# ("comment_tags.recent_comments",),
+# ("mezzanine_tags.recent_actions",),
+# )
+
+# A sequence of templates used by the ``page_menu`` template tag. Each
+# item in the sequence is a three item sequence, containing a unique ID
+# for the template, a label for the template, and the template path.
+# These templates are then available for selection when editing which
+# menus a page should appear in. Note that if a menu template is used
+# that doesn't appear in this setting, all pages will appear in it.
+
+# PAGE_MENU_TEMPLATES = (
+# (1, _("Top navigation bar"), "pages/menus/dropdown.html"),
+# (2, _("Left-hand tree"), "pages/menus/tree.html"),
+# (3, _("Footer"), "pages/menus/footer.html"),
+# )
+
+# A sequence of fields that will be injected into Mezzanine's (or any
+# library's) models. Each item in the sequence is a four item sequence.
+# The first two items are the dotted path to the model and its field
+# name to be added, and the dotted path to the field class to use for
+# the field. The third and fourth items are a sequence of positional
+# args and a dictionary of keyword args, to use when creating the
+# field instance. When specifying the field class, the path
+# ``django.models.db.`` can be omitted for regular Django model fields.
+#
+# EXTRA_MODEL_FIELDS = (
+# (
+# # Dotted path to field.
+# "mezzanine.blog.models.BlogPost.image",
+# # Dotted path to field class.
+# "somelib.fields.ImageField",
+# # Positional args for field class.
+# (_("Image"),),
+# # Keyword args for field class.
+# {"blank": True, "upload_to": "blog"},
+# ),
+# # Example of adding a field to *all* of Mezzanine's content types:
+# (
+# "mezzanine.pages.models.Page.another_field",
+# "IntegerField", # 'django.db.models.' is implied if path is omitted.
+# (_("Another name"),),
+# {"blank": True, "default": 1},
+# ),
+# )
+
+# Setting to turn on featured images for blog posts. Defaults to False.
+#
+# BLOG_USE_FEATURED_IMAGE = True
+
+# If True, the django-modeltranslation will be added to the
+# INSTALLED_APPS setting.
+USE_MODELTRANSLATION = False
+
+
+########################
+# MAIN DJANGO SETTINGS #
+########################
+
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
+ALLOWED_HOSTS = ['*']
+
+# Set UTC time zone:
+TIME_ZONE = 'UTC'
+USE_TZ = True
+
+# Local time zone for this installation. Choices can be found here:
+# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
+# although not all choices may be available on all operating systems.
+# On Unix systems, a value of None will cause Django to use the same
+# timezone as the operating system.
+# If running in a Windows environment this must be set to the same as your
+# system time zone.
+TIME_ZONE = 'UTC'
+
+# If you set this to True, Django will use timezone-aware datetimes.
+USE_TZ = True
+
+# Language code for this installation. All choices can be found here:
+# http://www.i18nguy.com/unicode/language-identifiers.html
+LANGUAGE_CODE = "en"
+
+# Supported languages
+LANGUAGES = (
+ ('en', _('English')),
+)
+
+ENVIRONMENT = os.environ['ENVIRONMENT']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# A boolean that turns on/off debug mode. When set to ``True``, stack traces
+# are displayed for error pages. Should always be set to ``False`` in
+# production. Best set to ``True`` in local_settings.py
+DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+# Whether a user's session cookie expires when the Web browser is closed.
+SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+
+SITE_ID = 1
+
+# If you set this to False, Django will make some optimizations so as not
+# to load the internationalization machinery.
+USE_I18N = False
+
+AUTHENTICATION_BACKENDS = ("mezzanine.core.auth_backends.MezzanineBackend",)
+
+# The numeric mode to set newly-uploaded files to. The value should be
+# a mode you'd pass directly to os.chmod.
+FILE_UPLOAD_PERMISSIONS = 0o644
+
+
+#############
+# DATABASES #
+#############
+
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+}
+
+
+#########
+# PATHS #
+#########
+
+# Full filesystem path to the project.
+PROJECT_APP_PATH = os.path.dirname(os.path.abspath(__file__))
+PROJECT_APP = os.path.basename(PROJECT_APP_PATH)
+PROJECT_ROOT = BASE_DIR = os.path.dirname(PROJECT_APP_PATH)
+
+# Every cache key will get prefixed with this value - here we set it to
+# the name of the directory the project is in to try and use something
+# project specific.
+CACHE_MIDDLEWARE_KEY_PREFIX = PROJECT_APP
+
+# Package/module name to import the root urlpatterns from for the project.
+ROOT_URLCONF = 'cms.urls'
+
+TEMPLATES = [
+ {
+ "BACKEND": "django.template.backends.django.DjangoTemplates",
+ "DIRS": [
+ os.path.join(PROJECT_ROOT, "templates")
+ ],
+ "APP_DIRS": True,
+ "OPTIONS": {
+ "context_processors": [
+ "django.contrib.auth.context_processors.auth",
+ "django.contrib.messages.context_processors.messages",
+ "django.template.context_processors.debug",
+ "django.template.context_processors.i18n",
+ "django.template.context_processors.static",
+ "django.template.context_processors.media",
+ "django.template.context_processors.request",
+ "django.template.context_processors.tz",
+ "mezzanine.conf.context_processors.settings",
+ "mezzanine.pages.context_processors.page",
+ ],
+ "builtins": [
+ "mezzanine.template.loader_tags",
+ ],
+ },
+ },
+]
+
+if DJANGO_VERSION < (1, 9):
+ del TEMPLATES[0]["OPTIONS"]["builtins"]
+
+
+################
+# APPLICATIONS #
+################
+
+INSTALLED_APPS = (
+ "mezzanine_api",
+ "rest_framework",
+ "rest_framework_swagger",
+ "oauth2_provider",
+ "django.contrib.admin",
+ "django.contrib.auth",
+ "django.contrib.contenttypes",
+ "django.contrib.redirects",
+ "django.contrib.sessions",
+ "django.contrib.sites",
+ "django.contrib.sitemaps",
+ "django.contrib.staticfiles",
+ "mezzanine.boot",
+ "mezzanine.conf",
+ "mezzanine.core",
+ "mezzanine.generic",
+ "mezzanine.pages",
+ "mezzanine.blog",
+ "mezzanine.forms",
+ "mezzanine.galleries",
+ "mezzanine.twitter",
+ # "mezzanine.accounts",
+ # "mezzanine.mobile",
+ "cms" ,
+ "storages",
+)
+
+# List of middleware classes to use. Order is important; in the request phase,
+# these middleware classes will be applied in the order given, and in the
+# response phase the middleware will be applied in reverse order.
+MIDDLEWARE_CLASSES = (
+ "mezzanine.core.middleware.UpdateCacheMiddleware",
+ "mezzanine_api.middleware.ApiMiddleware",
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ # Uncomment if using internationalisation or localisation
+ # 'django.middleware.locale.LocaleMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.middleware.csrf.CsrfViewMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware',
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+ "mezzanine.core.request.CurrentRequestMiddleware",
+ "mezzanine.core.middleware.RedirectFallbackMiddleware",
+ "mezzanine.core.middleware.TemplateForDeviceMiddleware",
+ "mezzanine.core.middleware.TemplateForHostMiddleware",
+ "mezzanine.core.middleware.AdminLoginInterfaceSelectorMiddleware",
+ "mezzanine.core.middleware.SitePermissionMiddleware",
+ "mezzanine.pages.middleware.PageMiddleware",
+ "mezzanine.core.middleware.FetchFromCacheMiddleware",
+)
+
+# Store these package names here as they may change in the future since
+# at the moment we are using custom forks of them.
+PACKAGE_NAME_FILEBROWSER = "filebrowser_safe"
+PACKAGE_NAME_GRAPPELLI = "grappelli_safe"
+
+#########################
+# OPTIONAL APPLICATIONS #
+#########################
+
+# These will be added to ``INSTALLED_APPS``, only if available.
+OPTIONAL_APPS = (
+ "debug_toolbar",
+ "django_extensions",
+ "compressor",
+ PACKAGE_NAME_FILEBROWSER,
+ PACKAGE_NAME_GRAPPELLI,
+)
+
+#####################
+# REST API SETTINGS #
+#####################
+try:
+ from mezzanine_api.settings import *
+except ImportError:
+ pass
+
+
+##################
+# LOCAL SETTINGS #
+##################
+
+# Allow any settings to be defined in local_settings.py which should be
+# ignored in your version control system allowing for settings to be
+# defined per ma chine.
+
+# Instead of doing "from .local_settings import *", we use exec so that
+# local_settings has full access to everything defined in this module.
+# Also force into sys.modules so it's visible to Django's autoreload.
+
+f = os.path.join(PROJECT_APP_PATH, "local_settings/__init__.py")
+if os.path.exists(f):
+ import sys
+ import imp
+ module_name = "%s.local_settings" % PROJECT_APP
+ module = imp.new_module(module_name)
+ module.__file__ = f
+ sys.modules[module_name] = module
+ exec(open(f, "rb").read())
+
+
+####################
+# DYNAMIC SETTINGS #
+####################
+
+# set_dynamic_settings() will rewrite globals based on what has been
+# defined so far, in order to provide some better defaults where
+# applicable. We also allow this settings module to be imported
+# without Mezzanine installed, as the case may be when using the
+# fabfile, where setting the dynamic settings below isn't strictly
+# required.
+try:
+ from mezzanine.utils.conf import set_dynamic_settings
+except ImportError:
+ pass
+else:
+ set_dynamic_settings(globals())
+
+# default settings for mezzanine
+NEVERCACHE_KEY = os.getenv('CMS_NEVERCACHE_KEY', ''),
+# Application User
+CMS_APP_USER = os.getenv('CMS_APP_USER')
+CMS_APP_USER_PASSWORD = os.getenv('CMS_APP_USER_PASSWORD')
+CMS_APP_USER_MAIL = os.getenv('CMS_APP_USER_MAIL')
+# Client App (EM)
+CMS_APP_CLIENT_ID = os.getenv('CMS_APP_CLIENT_ID')
+CMS_APP_CLIENT_SECRET = os.getenv('CMS_APP_CLIENT_SECRET')
+CMS_APP_NAME = 'Engagement_Manager_App'
+REST_FRAMEWORK['DEFAULT_RENDERER_CLASSES'] = (
+ 'rest_framework.renderers.JSONRenderer',
+)
+
+# S3 configuration for static resources storage and media upload
+
+# used by our custom storage.py
+MEDIA_BUCKET = "cms-media"
+STATIC_BUCKET = "cms-static"
+
+# django-storages configuration
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+AWS_AUTO_CREATE_BUCKET = True
+AWS_PRELOAD_METADATA = True
+
+# Set by custom subclass.
+# AWS_STORAGE_BUCKET_NAME = "em-static"
+AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+DEFAULT_FILE_STORAGE = 'cms.settings.storage.S3MediaStorage'
+STATICFILES_STORAGE = 'cms.settings.storage.S3StaticStorage'
+
+# These seem to have no effect even when we don't override with custom_domain?
+STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+STATIC_ROOT = os.environ['STATIC_ROOT']
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":80"
+chdir = '/srv'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+storage.py
+
+In order to make Django store trusted static files and untrusted media
+(user-uploaded) files in separate s3 buckets, we must create two different
+storage classes.
+
+https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+"""
+
+# FIXME this module never changes so might not need not be kept in a
+# configmap. Also it is (almost) the same as what we use in em; that does
+# not use S3BotoStorageMixin.
+
+# There is a newer storage based on boto3 but that doesn't support changing
+# the HOST, as we need to for non-amazon s3 services. It does support an
+# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+from storages.backends.s3boto import S3BotoStorage
+from filebrowser_safe.storage import S3BotoStorageMixin
+from django.conf import settings
+
+
+# NOTE for some reason, collectstatic uploads to bucket/location but the
+# urls constructed are domain/location
+class S3StaticStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+class S3MediaStorage(S3BotoStorage, S3BotoStorageMixin):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/cms/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "common.fullname" . }}-secret
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ key: "KCtkbV9yaigwMDU9XmV2emVzZDMjeHB5JC0kY15qI2NsemlsYngmXz0wbGg3by0zNCM="
+ app_user: "Y21zYXBwdXNlcg=="
+ app_user_mail: "Y21zYXBwdXNlckBleGFtcGxlLmNvbQ=="
+ app_user_password: "Y21zYXBwdXNlcnBhc3N3b3Jk"
+ app_client_id: "RWVCNFhlaW1vb2M2eGllU2VlS2FoOGRhZTFlaXBhZTRvdGFlc2hlZQ=="
+ app_client_secret: "aGFpTW9vcGllWmVlMXdlaTNsZWY0Z2FleWlhMnZhaHdvaHRoMG1haWQ5aXRoMnBoZWVzaGFpdGh1VG9vcjJKb2hzaGVpNWJhZXk3RWlxdWFldGhlaWI4cXVhaXF1ZWU3cGhpYXRoN2V1YjJhaU5haWMzb3U5dmFpemViZWlGNXU="
+ nevercache_key: "YV9qLWc1aCszKW9AMndpYXNtYmcoaHV4cHVqaD05NShwLSR2ejF4aiZ0K20pKy11ODQ="
+---
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort1 }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ env:
+ - name: ENVIRONMENT
+ value: "development"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: key}
+ - name: EMAIL_HOST
+ value: "localhost"
+ - name: EMAIL_HOST_USER
+ value: "example"
+ - name: EMAIL_PORT
+ value: "25"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: vvp-postgres
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: "icecmsdb"
+ - name: PGUSER
+ value: "cms_postgresuser"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: cmsPassword}
+ - name: ICE_CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: CMS_NEVERCACHE_KEY
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: nevercache_key}
+ - name: CMS_APP_USER
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user}
+ - name: CMS_APP_USER_MAIL
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_mail}
+ - name: CMS_APP_USER_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_user_password}
+ - name: CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_id}
+ - name: CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: {{ include "common.fullname" . }}-secret, key: app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "True"
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "cms.wsgi:application", ]
+ volumeMounts:
+ - name: settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ volumes:
+ - name: settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
+ - name: site-crt
+ secret:
+ secretName: site-crt
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/cms:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort1: 80
+ internalPort2: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: backend uwsgi server which hosts django application
+name: vvp-em-uwsgi
+version: 3.0.0
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+Django settings for VVP project.
+
+Environment variables that must exist:
+
+ ENVIRONMENT
+ SECRET_KEY
+ SECRET_WEBHOOK_TOKEN
+ SECRET_GITLAB_AUTH_TOKEN
+ SECRET_JENKINS_PASSWORD
+ SECRET_CMS_APP_CLIENT_ID
+ SECRET_CMS_APP_CLIENT_SECRET
+
+Environment variables that must exist in production:
+
+ EMAIL_HOST
+ EMAIL_HOST_PASSWORD
+ EMAIL_HOST_USER
+ EMAIL_PORT
+
+"""
+
+import os
+from vvp.settings.envbool import envbool
+from corsheaders.defaults import default_headers
+from boto.s3.connection import OrdinaryCallingFormat
+import datetime
+
+# With this file at ice/settings/__init__.py, we need three applications of
+# dirname() to find the project root.
+import engagementmanager
+PROJECT_PATH = os.path.dirname(os.path.dirname(engagementmanager.__file__))
+LOGS_PATH = os.path.join(PROJECT_PATH, "logs")
+
+ENVIRONMENT = os.environ['ENVIRONMENT']
+PROGRAM_NAME_URL_PREFIX = os.environ['PROGRAM_NAME_URL_PREFIX']
+SERVICE_PROVIDER = os.environ['SERVICE_PROVIDER']
+PROGRAM_NAME = os.environ['PROGRAM_NAME']
+SERVICE_PROVIDER_DOMAIN = os.environ['SERVICE_PROVIDER_DOMAIN']
+
+# See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
+SECRET_KEY = os.environ["SECRET_KEY"]
+
+# https://docs.djangoproject.com/en/1.10/ref/settings/#allowed-hosts
+# Anything in the Host header that does not match our expected domain should
+# raise SuspiciousOperation exception.
+ALLOWED_HOSTS = ['*']
+
+DEBUG = envbool('DJANGO_DEBUG_MODE', False)
+
+if ENVIRONMENT == 'production':
+ EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+ EMAIL_HOST = os.environ['EMAIL_HOST']
+ EMAIL_HOST_PASSWORD = os.environ['EMAIL_HOST_PASSWORD']
+ EMAIL_HOST_USER = os.environ['EMAIL_HOST_USER']
+ EMAIL_PORT = os.environ['EMAIL_PORT']
+else:
+ EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
+
+# Note: Only SSL email backends are allowed
+EMAIL_USE_SSL = True
+
+REST_FRAMEWORK = {
+ # Use Django's standard `django.contrib.auth` permissions,
+ # or allow read-only access for unauthenticated users.
+ 'EXCEPTION_HANDLER': 'engagementmanager.utils.exception_handler.ice_exception_handler',
+ 'PAGE_SIZE': 10,
+ 'DEFAULT_PERMISSION_CLASSES': (
+ 'rest_framework.permissions.IsAuthenticated',
+ ),
+ 'DEFAULT_AUTHENTICATION_CLASSES': (
+ 'rest_framework.authentication.SessionAuthentication',
+ 'rest_framework.authentication.BasicAuthentication',
+ 'rest_framework_jwt.authentication.JSONWebTokenAuthentication',
+ ),
+ 'DEFAULT_PARSER_CLASSES': (
+ 'engagementmanager.rest.parsers.XSSJSONParser',
+ 'engagementmanager.rest.parsers.XSSFormParser',
+ 'engagementmanager.rest.parsers.XSSMultiPartParser',
+ )
+}
+
+JWT_AUTH = {
+ 'JWT_AUTH_HEADER_PREFIX': 'token',
+ 'JWT_ALGORITHM': 'HS256',
+ 'JWT_EXPIRATION_DELTA': datetime.timedelta(days=1),
+ 'JWT_DECODE_HANDLER': 'engagementmanager.utils.authentication.ice_jwt_decode_handler',
+}
+
+APPEND_SLASH = False
+
+# Application definition
+INSTALLED_APPS = [
+ 'django.contrib.auth', # required by d.c.admin
+ 'corsheaders',
+ 'django.contrib.contenttypes', # required by d.c.admin
+ 'django.contrib.sessions', # required by d.c.admin
+ 'django.contrib.messages', # required by d.c.admin
+ 'django.contrib.staticfiles',
+ 'django.contrib.admin', # django admin site
+ 'rest_framework',
+ 'engagementmanager.apps.EngagementmanagerConfig',
+ 'validationmanager.apps.ValidationmanagerConfig',
+]
+
+MIDDLEWARE_CLASSES = [
+ 'django.middleware.security.SecurityMiddleware',
+ 'django.contrib.sessions.middleware.SessionMiddleware',
+ 'django.middleware.common.CommonMiddleware',
+ 'django.contrib.auth.middleware.AuthenticationMiddleware', # required by d.c.admin
+ 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
+ 'django.contrib.messages.middleware.MessageMiddleware',
+ 'django.middleware.clickjacking.XFrameOptionsMiddleware',
+ 'corsheaders.middleware.CorsMiddleware',
+]
+
+ROOT_URLCONF = 'vvp.urls'
+
+TEMPLATES = [
+ {
+ 'BACKEND': 'django.template.backends.django.DjangoTemplates',
+ 'DIRS': [PROJECT_PATH + '/web/templates'],
+ 'APP_DIRS': True,
+ 'OPTIONS': {
+ 'context_processors': [
+ 'django.template.context_processors.debug',
+ 'django.template.context_processors.request',
+ 'django.contrib.auth.context_processors.auth', # required by d.c.admin
+ 'django.contrib.messages.context_processors.messages', # required by d.c.admin
+ ],
+ },
+ },
+]
+
+WSGI_APPLICATION = 'vvp.wsgi.application'
+
+
+# Database
+# https://docs.djangoproject.com/en/1.9/ref/settings/#databases
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.postgresql',
+ 'NAME': os.environ['PGDATABASE'],
+ 'USER': os.environ['PGUSER'],
+ 'PASSWORD': os.environ['PGPASSWORD'],
+ 'HOST': os.environ['PGHOST'],
+ 'PORT': os.environ['PGPORT'],
+ }
+}
+
+
+# Password validation
+# https://docs.djangoproject.com/en/1.9/ref/settings/#auth-password-validators
+AUTH_PASSWORD_VALIDATORS = [
+ {'NAME': 'django.contrib.auth.password_validation.%s' % s} for s in [
+ 'UserAttributeSimilarityValidator',
+ 'MinimumLengthValidator',
+ 'CommonPasswordValidator',
+ 'NumericPasswordValidator',
+ ]]
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.9/topics/i18n/
+LANGUAGE_CODE = 'en-us'
+TIME_ZONE = 'UTC'
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+CORS_ALLOW_HEADERS = default_headers + ('ICE-USER-ID',)
+
+# Static files (CSS, JavaScript, Images)
+# https://docs.djangoproject.com/en/1.9/howto/static-files/
+STATIC_ROOT = os.environ['STATIC_ROOT']
+
+
+LOGGING = {
+ 'version': 1,
+ 'disable_existing_loggers': False,
+ 'formatters': { # All possible attributes are: https://docs.python.org/3/library/logging.html#logrecord-attributes
+ 'verbose': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(module)s %(lineno)d %(process)d %(thread)d %(message)s'
+ },
+ 'simple': {
+ 'format': '%(asctime)s %(levelname)s %(name)s %(message)s'
+ },
+ },
+ 'handlers': {
+ 'console': {
+ 'class': 'logging.StreamHandler',
+ 'formatter': 'simple'
+ },
+ 'vvp-info.log': {
+ 'level': 'INFO', # handler will ignore DEBUG (only process INFO, WARN, ERROR, CRITICAL, FATAL)
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-info.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-debug.log': {
+ 'level': 'DEBUG',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-debug.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-requests.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-requests.log'),
+ 'formatter': 'verbose'
+ },
+ 'vvp-db.log': {
+ 'level': 'ERROR',
+ 'class': 'logging.FileHandler',
+ 'filename': os.path.join(LOGS_PATH, 'vvp-db.log'),
+ 'formatter': 'verbose',
+ },
+ },
+ 'loggers': {
+ 'vvp.logger': {
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'vvp-requests.log', 'vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'INFO',
+ },
+ 'django': {
+ 'handlers': ['console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.request': {
+ 'handlers': ['vvp-requests.log', 'console'],
+ 'level': 'INFO' if DEBUG else 'ERROR',
+ },
+ 'django.db.backends': {
+ 'handlers': ['vvp-db.log', 'console'],
+ 'level': 'DEBUG' if DEBUG else 'ERROR',
+ 'propagate': False,
+ },
+ # silence the hundred lines of useless "missing variable in template"
+ # complaints per admin pageview.
+ 'django.template': {
+ 'level': 'DEBUG',
+ 'handlers': ['vvp-info.log', 'vvp-debug.log', 'console'],
+ 'propagate': False,
+ },
+ }
+}
+
+
+#############################
+# VVP Related Configuration
+#############################
+CONTACT_FROM_ADDRESS = os.getenv('CONTACT_FROM_ADDRESS', 'dummy@example.com')
+CONTACT_EMAILS = [s.strip() for s in os.getenv('CONTACT_EMAILS', 'user@example.com').split(',') if s]
+DOMAIN = os.getenv('EM_DOMAIN_NAME')
+TOKEN_EXPIRATION_IN_HOURS = 48
+DAILY_SCHEDULED_JOB_HOUR = 20
+NUMBER_OF_POLLED_ACTIVITIES = 5
+TEMP_PASSWORD_EXPIRATION_IN_HOURS = 48
+# This is the DNS name pointing to the private-network ip of the host machine
+# running (a haproxy that points to) (an nginx frontend for) this app
+API_DOMAIN = 'em'
+
+# The authentication token needed by Jenkins or Gitlab to issue webhook updates
+# to us. This is a "secret" shared by Jenkins and Django. It must be part of
+# the URL path component for the Jenkins webhook in ValidationManager to accept
+# a notification. It should be a set of random URL-path-safe characters, with
+# no slash '/'.
+# FIXME: Does this authentication scheme actually gain us anything? What's the
+# threat model
+WEBHOOK_TOKEN = os.environ['SECRET_WEBHOOK_TOKEN']
+
+# The authentication token and URL needed for us to issue requests to the GitLab API.
+GITLAB_TOKEN = os.environ['SECRET_GITLAB_AUTH_TOKEN']
+GITLAB_URL = "http://vvp-gitlab/"
+
+JENKINS_URL = "http://vvp-jenkins:8080/"
+JENKINS_USERNAME = "admin"
+JENKINS_PASSWORD = os.environ['SECRET_JENKINS_PASSWORD']
+
+IS_CL_CREATED_ON_REVIEW_STATE = envbool('IS_CL_CREATED_ON_REVIEW_STATE', False) # Options: True, False
+IS_SIGNAL_ENABLED = envbool('IS_SIGNAL_ENABLED', True)
+RECENT_ENG_TTL = 3 # In days
+CMS_URL = "http://vvp-cms-uwsgi/api/"
+CMS_APP_CLIENT_ID = os.environ['SECRET_CMS_APP_CLIENT_ID']
+CMS_APP_CLIENT_SECRET = os.environ['SECRET_CMS_APP_CLIENT_SECRET']
+
+# slack integration
+SLACK_API_TOKEN = os.environ['SLACK_API_TOKEN']
+ENGAGEMENTS_CHANNEL = os.getenv('ENGAGEMENTS_CHANNEL', '')
+ENGAGEMENTS_NOTIFICATIONS_CHANNEL = os.getenv('ENGAGEMENTS_NOTIFICATIONS_CHANNEL:', '')
+DEVOPS_CHANNEL = os.getenv('DEVOPS_CHANNEL', '')
+DEVOPS_NOTIFICATIONS_CHANNEL = os.getenv('DEVOPS_NOTIFICATIONS_CHANNEL', '')
+
+# S3 configuration for static resources storage and media upload
+
+# used by our custom storage.py
+MEDIA_BUCKET = "em-media"
+STATIC_BUCKET = "em-static"
+
+# django-storages configuration
+AWS_S3_HOST = os.environ['S3_HOST']
+AWS_S3_PORT = int(os.environ['S3_PORT'])
+AWS_S3_CUSTOM_DOMAIN = os.environ['S3_HOST']
+AWS_ACCESS_KEY_ID = os.environ['AWS_ACCESS_KEY_ID']
+AWS_SECRET_ACCESS_KEY = os.environ['AWS_SECRET_ACCESS_KEY']
+AWS_AUTO_CREATE_BUCKET = True
+AWS_PRELOAD_METADATA = True
+
+# Set by custom subclass.
+# AWS_STORAGE_BUCKET_NAME = "em-static"
+AWS_S3_CALLING_FORMAT = OrdinaryCallingFormat()
+DEFAULT_FILE_STORAGE = 'vvp.settings.storage.S3MediaStorage'
+STATICFILES_STORAGE = 'vvp.settings.storage.S3StaticStorage'
+
+# These seem to have no effect even when we don't override with custom_domain?
+STATIC_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, STATIC_BUCKET)
+MEDIA_URL = 'https://%s/%s/' % (AWS_S3_CUSTOM_DOMAIN, MEDIA_BUCKET)
+
+STATIC_ROOT = os.environ['STATIC_ROOT']
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+envbool.py
+
+Return which environment is currently running on (to setting.py).
+
+"""
+import os
+
+
+def envbool(key, default=False, unknown=True):
+ """Return a boolean value based on that of an environment variable.
+
+ Environment variables have no native boolean type. They are always strings, and may be empty or
+ unset (which differs from empty.) Furthermore, notions of what is "truthy" in shell script
+ differ from that of python.
+
+ This function converts environment variables to python boolean True or False in
+ case-insensitive, expected ways to avoid pitfalls:
+
+ "True", "true", and "1" become True
+ "False", "false", and "0" become False
+ unset or empty becomes False by default (toggle with 'default' parameter.)
+ any other value becomes True by default (toggle with 'unknown' parameter.)
+
+ """
+ return {
+ 'true': True, '1': True, # 't': True,
+ 'false': False, '0': False, # 'f': False.
+ '': default,
+ }.get(os.getenv(key, '').lower(), unknown)
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+bind = ":80"
+chdir = '/srv'
+pidfile = '/tmp/ice-project-master.pid'
+backlog = '5000'
+errorlog = '-'
+loglevel = 'info'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+"""
+storage.py
+
+In order to make Django store trusted static files and untrusted media
+(user-uploaded) files in separate s3 buckets, we must create two different
+storage classes.
+
+https://www.caktusgroup.com/blog/2014/11/10/Using-Amazon-S3-to-store-your-Django-sites-static-and-media-files/
+http://www.leehodgkinson.com/blog/my-mezzanine-s3-setup/
+
+"""
+
+# FIXME this module never changes so might not need not be kept in a
+# configmap. Also it is (almost) the same as what we use in cms.
+
+# There is a newer storage based on boto3 but that doesn't support changing
+# the HOST, as we need to for non-amazon s3 services. It does support an
+# "endpoint"; setting AWS_S3_ENDPOINT_URL may cause it to work.
+from storages.backends.s3boto import S3BotoStorage
+from django.conf import settings
+
+
+# NOTE for some reason, collectstatic uploads to bucket/location but the
+# urls constructed are domain/location
+class S3StaticStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.STATIC_BUCKET)
+ bucket_name = settings.STATIC_BUCKET
+ # location = ...
+
+
+class S3MediaStorage(S3BotoStorage):
+ custom_domain = '%s/%s' % (settings.AWS_S3_HOST, settings.MEDIA_BUCKET)
+ bucket_name = settings.MEDIA_BUCKET
+ # location = ...
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/em/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 9000
+ volumeMounts:
+ - name: em-settings
+ mountPath: /opt/configmaps/settings/
+ - name: site-crt
+ mountPath: /opt/secrets/site-crt/
+ env:
+ - name: ENVIRONMENT
+ value: "development"
+ - name: PROGRAM_NAME_URL_PREFIX
+ value: "vvp"
+ - name: SERVICE_PROVIDER
+ value: "NA"
+ - name: PROGRAM_NAME
+ value: "VVP"
+ - name: SERVICE_PROVIDER_DOMAIN
+ value: "na.com"
+ - name: SECRET_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: key}
+ - name: EMAIL_HOST
+ value: "localhost"
+ - name: EMAIL_HOST_USER
+ value: "example"
+ - name: EMAIL_PORT
+ value: "25"
+ - name: EMAIL_HOST_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: email-secret, key: password}
+ - name: PGHOST
+ value: vvp-postgres
+ - name: PGPORT
+ value: "5432"
+ - name: PGDATABASE
+ value: icedb
+ - name: PGUSER
+ value: "em_postgresuser"
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef: {name: postgresql-passwords, key: emPassword}
+ - name: DOMAIN
+ value: https://development.vvp.example.com
+ - name: ICE_EM_DOMAIN_NAME
+ value: https://development.vvp.example.com
+ - name: CONTACT_FROM_ADDRESS
+ value: "example"
+ - name: OAUTHLIB_INSECURE_TRANSPORT
+ value: "1"
+ - name: SECRET_WEBHOOK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: em_webhook_token}
+ - name: SECRET_GITLAB_AUTH_TOKEN
+ valueFrom:
+ secretKeyRef: {name: gitlab-password, key: auth-token}
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ - name: SECRET_CMS_APP_CLIENT_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_id}
+ - name: SECRET_CMS_APP_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: cms_app_client_secret}
+ - name: STATIC_ROOT
+ value: "/app/htdocs"
+ - name: DJANGO_DEBUG_MODE
+ value: "True"
+ - name: SLACK_API_TOKEN
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: slack_api_token}
+ - name: ENGAGEMENTS_CHANNEL
+ value: ""
+ - name: ENGAGEMENTS_NOTIFICATIONS_CHANNEL
+ value: ""
+ - name: DEVOPS_CHANNEL
+ value: ""
+ - name: DEVOPS_NOTIFICATIONS_CHANNEL
+ value: ""
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ command: ["/docker-entrypoint.sh", "/usr/local/bin/gunicorn", "-c", "/opt/configmaps/settings/gunicorn.ini", "vvp.wsgi:application", ]
+ volumes:
+ - name: site-crt
+ secret:
+ secretName: site-crt
+ - name: em-settings
+ configMap:
+ name: {{ include "common.fullname" . }}-settings
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/engagementmgr:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 80
+ portName: em
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: load balancer for external transport
+name: vvp-ext-haproxy
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_ssh
+ mode tcp
+ option tcplog
+ timeout server 2h
+ server gitlabssh vvp-gitlab:22 resolvers dns
+
+frontend gitlab_ssh_frontend
+ mode tcp
+ option tcplog
+ timeout client 2h
+ bind 0.0.0.0:22
+ acl is_ssh dst_port 22
+ use_backend gitlab_ssh if is_ssh
+
+backend portal_backend
+ mode http
+ server ice_portal vvp:8181 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend s3
+ mode http
+ balance roundrobin
+ option httpchk HEAD /
+ server ceph-01 10.252.0.21:8080 check inter 10000ms
+
+frontend portal
+ mode http
+ acl is_api_call path_beg -i /vvp
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+ use_backend api if is_api_call
+ use_backend s3 if is_s3
+ bind 0.0.0.0:80
+ bind 0.0.0.0:443 ssl crt /etc/haproxy/site.pem force-tlsv12
+ default_backend portal_backend
+
+listen stats
+ bind 0.0.0.0:9001
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ http-request deny if !network_allowed
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cfg
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/ext-haproxy-cfg/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 22
+ - containerPort: 443
+ - containerPort: 9001
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: ext-haproxy-cfg
+ - mountPath: /etc/haproxy/
+ name: site-pem
+ volumes:
+ - name: ext-haproxy-cfg
+ configMap:
+ name: {{ include "common.fullname" . }}-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
+ - name: site-pem
+ secret:
+ secretName: site-pem
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ - port: {{ .Values.service.internalPort4 }}
+ name: {{ .Values.service.portName4 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: haproxy:1.7.2-alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName1: web
+ internalPort1: 80
+ portName2: ssl
+ internalPort2: 443
+ portName3: ssh
+ internalPort3: 22
+ portName4: stats
+ internalPort4: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: holds all customers files in repos
+name: vvp-gitlab
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Secret
+metadata:
+ name: gitlab-password
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ password: "YW82aWo2d29oV2VpcXU0ZQ=="
+ auth-token: "amFkdTZ5b2hqYWl5OFdvYjBJZUs="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-deploykey
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ deploykey.pub: "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUlQWFNQT2ppSkYvWEdicmNpVXNja1hMbFA0Q0ZHNS9POHErQ0xRZW1CTlE="
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "common.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: {{ .Values.service.internalPort1 }}
+ - containerPort: {{ .Values.service.internalPort2 }}
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - mountPath: /var/opt/gitlab
+ name: gitlab
+ subPath: var/opt/gitlab
+ - mountPath: /etc/gitlab
+ name: gitlab
+ subPath: etc/gitlab
+ - mountPath: /var/log/gitlab
+ name: gitlab
+ subPath: var/log/gitlab
+ - mountPath: /tmp/deploykey
+ name: jenkins-deploykey
+ env:
+ - name: ADMIN_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: password
+ - name: AUTHENTICATION_TOKEN
+ valueFrom:
+ secretKeyRef:
+ name: gitlab-password
+ key: auth-token
+ - name: EXTERNAL_URL
+ value: "http://vvp-gitlab"
+ volumes:
+ - name: gitlab
+ emptyDir: {}
+ - name: jenkins-deploykey
+ secret:
+ secretName: jenkins-deploykey
+ imagePullSecrets:
+ - name: onapkey
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/gitlab:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort1: 80
+ internalPort2: 22
+ portName1: web
+ portName2: ssh
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: scan for validity and viruses on users files
+name: vvp-imagescanner
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import os
+from pathlib import Path
+from awsauth import S3Auth
+# A mapping from host names to Requests Authentication Objects; see
+# http://docs.python-requests.org/en/master/user/authentication/
+AUTHS = {}
+if 'S3_HOST' in os.environ:
+ AUTHS[os.environ['S3_HOST']] = S3Auth(
+ os.environ['AWS_ACCESS_KEY_ID'],
+ os.environ['AWS_SECRET_ACCESS_KEY'],
+ service_url='https://%s/' % os.environ['S3_HOST']
+ )
+LOGS_PATH = Path(os.environ['IMAGESCANNER_LOGS_PATH'])
+STATUSFILE = LOGS_PATH/'status.txt'
+# A dict passed as kwargs to jenkins.Jenkins constructor.
+JENKINS = {
+ 'url': 'http://jenkins:8080',
+ 'username': 'admin',
+ 'password': os.environ['SECRET_JENKINS_PASSWORD'],
+ }
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: imagescanner-settings
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/imagescanner/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: slack-tokens
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ notifications: ""
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: imagescanner-ssh
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ # FIXME the imagescanner really should have its own private key, but then we
+ # have to adjust the gitlab wrapper script to set two public keys as
+ # deploykeys.
+ id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: site-certificate
+ namespace: {{ include "common.namespace" . }}
+data:
+ site.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIDEDCCAfgCCQDhahVKE9/eUjANBgkqhkiG9w0BAQsFADBKMRAwDgYDVQQKDAdF
+ eGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtkZXZlbG9wbWVudC52
+ dnAuZXhhbXBsZS5jb20wHhcNMTcxMjI0MTUzOTA3WhcNMTgxMjI0MTUzOTA3WjBK
+ MRAwDgYDVQQKDAdFeGFtcGxlMRAwDgYDVQQLDAdleGFtcGxlMSQwIgYDVQQDDBtk
+ ZXZlbG9wbWVudC52dnAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+ DwAwggEKAoIBAQCkvNGXe+bdvL2kvrP2L3WABt2WCFoZ2Pn8Px0eEsRiJHVD0eWz
+ rgJYHFJu0C0cK9NYSKxVVI8LnKH7Ny5MFfM4Tqyr3UEOLs+fSwaAqM5tSyZU/tEK
+ ractA7bi9fDk2lkcs+LLuZMqGPZ37UZcZwsUQ0BONHP668LqkWqT9hNLIN4ejInr
+ 32WA3Y7hPNd8Cj+AaLt1x2cXYzi9hrE5l3h9ofkOpXsgDzeIHlp4jJ6kXXQf8UM5
+ 1viqa2CWXHBHEG+5eftLSaeE6LAlNt5IJ6LcWEZgNtXr2es4LJC3FjXrv0gc04Cp
+ U2OfizpbhT11cLGaeXOq1cUCXNIb4FcJApoXAgMBAAEwDQYJKoZIhvcNAQELBQAD
+ ggEBAFGPDG9iurAhUKbFkY97xLA443U01bdwi7eAT5T9qo/RzOwcbuKWXVm1k5HK
+ CQO81nlLqLQwhI1+uTTmR41epuJxyGIaDgUySB+8fLzyRSIFaxKD+UeVPgipDNZs
+ h0sKSKrO6MoWzMLUYvdZRw6VIc+UpSCqPY+FKUBUHZtMpSFLnhHjRvVkiP4VvFXj
+ b7jQzHughzeITygws42fKK/MK7wQ6byaMVRbPbQKPAXNxd/UrSPeX+RzKRWOZ6R8
+ Ulyp7dezXCP77UaTZTsxwlurPQIZNMshDxE/SbWt0Q1g28rj5KfAjoZs5Tg/gmQ8
+ LLKI/b1OvKohaANGZ6We5U+ceeU=
+ -----END CERTIFICATE-----
+ wrapper.sh: |
+ #!/bin/sh
+ # This script is meant to be used as a wrapper, so that it can be easily
+ # used with docker or kubernetes' container command specification.
+ #
+ # Kubernetes' volumeMount creates symlinks for configMapped files at the
+ # target directory.
+ # Alpine's update-ca-certificates ignores symlinks.
+ # So we must contrive to copy the contents of the mounted cert (a symlink)
+ # into place as a normal file.
+ dev_cert="${0%/*}/site.crt"
+ echo >&2 "$0: Checking for site CA certificate at $dev_cert..."
+ if [ -s "$dev_cert" ]; then
+ echo >&2 "$0: Updating container CA certificate bundle with site certificate..."
+ cp -L "$dev_cert" /usr/local/share/ca-certificates/
+ update-ca-certificates
+ else
+ echo >&2 "$0: No site CA certificate found."
+ fi
+ echo >&2 "$0: Launching command: $@"
+ exec "$@"
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: imagescanner-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command:
+ - "sh"
+ - "/opt/site-certificate/wrapper.sh"
+ - "/usr/local/bin/imagescanner-worker"
+ securityContext:
+ privileged: true
+ volumeMounts:
+ - name: imagescanner-ssh
+ mountPath: /root/.ssh
+ - name: dev
+ mountPath: /dev
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ - name: site-certificate
+ mountPath: /opt/site-certificate
+ env:
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: S3_HOST
+ value: "dev-s3.vvp.example.com"
+ - name: S3_PORT
+ value: "443"
+ - name: AWS_ACCESS_KEY_ID
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_access_key_id}
+ - name: AWS_SECRET_ACCESS_KEY
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: aws_secret_access_key}
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+ - name: REQUESTS_CA_BUNDLE
+ value: /etc/ssl/certs/ca-certificates.crt
+
+ - name: notifications-worker
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/notifications-worker"]
+ securityContext:
+ privileged: true
+ env:
+ - name: SLACK_TOKEN
+ valueFrom:
+ secretKeyRef: {name: slack-tokens, key: notifications}
+ - name: DOMAIN
+ value: "dev-em.vvp.example.com"
+ - name: PYTHONPATH
+ value: /opt/imagescanner-settings
+ - name: SECRET_JENKINS_PASSWORD
+ valueFrom:
+ secretKeyRef: {name: em-secret, key: jenkins_admin_password}
+ volumeMounts:
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+
+ - name: imagescanner-frontend
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ command: ["/usr/local/bin/imagescanner-frontend"]
+ securityContext:
+ privileged: true
+ ports:
+ - containerPort: 80
+ volumeMounts:
+ - name: logs
+ mountPath: /var/log/imagescanner
+ - name: imagescanner-settings
+ mountPath: /opt/imagescanner-settings
+ env:
+ - name: DEFAULT_SLACK_CHANNEL
+ value: "#notifications"
+ - name: SECRET_JENKINS_PASSWORD
+ value: ''
+
+ volumes:
+ - name: imagescanner-ssh
+ secret:
+ secretName: imagescanner-ssh
+ defaultMode: 0600
+ - name: dev
+ hostPath:
+ path: /dev
+ - name: logs
+ emptyDir: {}
+ - name: imagescanner-settings
+ configMap:
+ name: imagescanner-settings
+ - name: site-certificate
+ configMap:
+ name: site-certificate
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/image-scanner:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 80
+ portName: web
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: load balancer for internal (container to container) transport
+name: vvp-int-haproxy
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+resolvers dns
+ nameserver pod_dns "10.3.0.10:53"
+ resolve_retries 3
+ timeout retry 1s
+ hold valid 30s
+
+defaults
+ mode http
+ timeout connect 5000ms
+ timeout client 50000ms
+ timeout server 50000ms
+ option httpclose
+ option redispatch
+ option abortonclose
+ option httplog
+ option dontlognull
+ default-server init-addr last,libc,none
+
+backend gitlab_web_backend
+ mode http
+ server gitlab_web_1 vvp-gitlab:80 resolvers dns
+
+frontend gitlab_web
+ mode http
+ bind 0.0.0.0:80
+
+ acl is_scanner path_beg /imagescanner
+ acl is_em_admin hdr_beg(host) em. staging-em. dev-em.
+ acl is_cms hdr_beg(host) cms. staging-cms. dev-cms.
+ acl is_ci_admin hdr_beg(host) staging-ci. dev-ci.
+ acl is_s3 hdr_beg(host) s3. staging-s3. dev-s3.
+
+ use_backend imagescanner if is_em_admin is_scanner
+ use_backend cms if is_cms
+ use_backend api if is_em_admin
+ use_backend ci if is_ci_admin
+ use_backend s3 if is_s3
+
+ default_backend gitlab_web_backend
+
+backend s3
+ mode http
+ balance roundrobin
+ server ceph-01 10.252.0.21:8080
+
+backend cms
+ mode http
+ server cms_server vvp-cms-uwsgi:80 resolvers dns
+
+backend api
+ mode http
+ server engagement_manager vvp-em-uwsgi:80 resolvers dns
+
+backend ci
+ mode http
+ server ci_test vvp-ci-uwsgi:8282 resolvers dns
+
+listen jenkins
+ bind 0.0.0.0:8080
+ server jenkins vvp-jenkins:8080 resolvers dns
+
+backend imagescanner
+ mode http
+ server imagescanner vvp-imagescanner:80 resolvers dns
+
+listen stats
+ bind 0.0.0.0:9000
+ mode http
+ stats enable # Enable stats page
+ stats realm Haproxy\ Statistics
+ stats uri /haproxy_stats
+ stats auth "${HAPROXY_USER}:${HAPROXY_PASS}"
+ acl network_allowed src 10.252.0.0/16 127.0.0.1/32 10.2.0.0/16
+ block if !network_allowed
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-cfg
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/int-haproxy-cfg/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 80
+ - containerPort: 8080
+ - containerPort: 9000
+ env:
+ - name: HAPROXY_USER
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: user
+ - name: HAPROXY_PASS
+ valueFrom:
+ secretKeyRef:
+ name: haproxy-auth
+ key: pass
+ volumeMounts:
+ - mountPath: /usr/local/etc/haproxy/
+ name: int-haproxy-cfg
+ volumes:
+ - name: int-haproxy-cfg
+ configMap:
+ name: {{ include "common.fullname" . }}-cfg
+ items:
+ - key: file
+ path: haproxy.cfg
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort1 }}
+ name: {{ .Values.service.portName1 }}
+ - port: {{ .Values.service.internalPort2 }}
+ name: {{ .Values.service.portName2 }}
+ - port: {{ .Values.service.internalPort3 }}
+ name: {{ .Values.service.portName3 }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: haproxy:1.7.2-alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ portName1: web
+ internalPort1: 80
+ portName2: jenkins
+ internalPort2: 8080
+ portName3: stats
+ internalPort3: 9000
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: run validation tasks
+name: vvp-jenkins
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-users-admin
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ config.xml: "PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPHVzZXI+CiAgPGZ1bGxOYW1lPmFkbWluPC9mdWxsTmFtZT4KICA8ZGVzY3JpcHRpb24+PC9kZXNjcmlwdGlvbj4KICA8cHJvcGVydGllcz4KICAgIDxodWRzb24uc2VjdXJpdHkuSHVkc29uUHJpdmF0ZVNlY3VyaXR5UmVhbG1fLURldGFpbHM+CiAgICAgIDxwYXNzd29yZEhhc2g+I2piY3J5cHQ6JDJhJDEwJERyaXVLdThPcTdpaWhtdi80bzlKOHV6cmg2QlVBaUtuejMuM21EMXBDb2dzUHJnOW42M1pXPC9wYXNzd29yZEhhc2g+CiAgICA8L2h1ZHNvbi5zZWN1cml0eS5IdWRzb25Qcml2YXRlU2VjdXJpdHlSZWFsbV8tRGV0YWlscz4KICA8L3Byb3BlcnRpZXM+CjwvdXNlcj4K"
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: jenkins-ssh
+ namespace: {{ include "common.namespace" . }}
+type: Opaque
+data:
+ # .ssh/config isn't really a secret, but it's the easiest way to get it into
+ # the same directory as the key
+ config: "SG9zdCAqClVzZXJLbm93bkhvc3RzRmlsZSAvZGV2L251bGwKU3RyaWN0SG9zdEtleUNoZWNraW5nIG5vCklkZW50aXR5RmlsZSAiL3Zhci9qZW5raW5zX2hvbWUvLnNzaC9pZF9lZDI1NTE5Igo="
+ id_ed25519: "LS0tLS1CRUdJTiBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0KYjNCbGJuTnphQzFyWlhrdGRqRUFBQUFBQkc1dmJtVUFBQUFFYm05dVpRQUFBQUFBQUFBQkFBQUFNd0FBQUF0emMyZ3RaVwpReU5UVXhPUUFBQUNDRDEwanpvNGlSZjF4bTYzSWxMSEpGeTVUK0FoUnVmenZLdmdpMEhwZ1RVQUFBQUpqV3dKZDkxc0NYCmZRQUFBQXR6YzJndFpXUXlOVFV4T1FBQUFDQ0QxMGp6bzRpUmYxeG02M0lsTEhKRnk1VCtBaFJ1Znp2S3ZnaTBIcGdUVUEKQUFBRUFXRktNV0xsNkZnRUJ1Zzk3MSthdE5ZQnQ4R2R1V3pDWWd0L2o5VHU0U2g0UFhTUE9qaUpGL1hHYnJjaVVzY2tYTApsUDRDRkc1L084cStDTFFlbUJOUUFBQUFFM0JoZFd4QVVHRjFiQ2R6SUUxaFl5QlFjbThCQWc9PQotLS0tLUVORCBPUEVOU1NIIFBSSVZBVEUgS0VZLS0tLS0K"
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ ports:
+ - containerPort: 8080
+ volumeMounts:
+ - name: jenkins-home
+ mountPath: /var/jenkins_home
+ - name: jenkins-users-admin
+ mountPath: /var/jenkins_home/users/admin
+ - name: jenkins-ssh
+ mountPath: /var/jenkins_home/.ssh
+ volumes:
+ - name: jenkins-home
+ emptyDir: {}
+ - name: jenkins-users-admin
+ secret:
+ secretName: jenkins-users-admin
+ - name: jenkins-ssh
+ secret:
+ secretName: jenkins-ssh
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/jenkins:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: NodePort
+ internalPort: 8080
+ portName: jenkins
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: store all data of engagement manager
+name: vvp-postgres
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#
+# initdb defaults
+#
+listen_addresses = '*' # what IP address(es) to listen on;
+max_connections = 100 # (change requires restart)
+shared_buffers = 32MB # min 128kB
+datestyle = 'iso, mdy'
+lc_messages = 'en_US.UTF-8' # locale for system error message
+lc_monetary = 'en_US.UTF-8' # locale for monetary formatting
+lc_numeric = 'en_US.UTF-8' # locale for number formatting
+lc_time = 'en_US.UTF-8' # locale for time formatting
+default_text_search_config = 'pg_catalog.english'
+log_line_prefix = 'user=%u,db=%d '
+#
+# our customizations
+#
+dynamic_shared_memory_type = posix
+log_timezone = 'UTC'
+timezone = 'UTC'
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T,VMware
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-my.public.ip=localhost
-all.public.ips=localhost
-my.id=0
-all.ids=0
-#######################################
-# Optional current values are defaults
-#######################################
-zookeeper.host=oof-has-zk
-cassandra.host=oof-has-cassandra
-cassandra.user=root
-cassandra.password=Aa123456
-# AAF Endpoint if using AAF
-aaf.endpoint.url=https://aaf.api.simpledemo.onap.org
+# sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+
+# defaults
+: ${ICE_CMS_DB_USER:="icecmsuser"}
+: ${ICE_CMS_DB_NAME:="icecmsdb"}
+: ${ICE_CMS_DB_PASSWORD:="na"}
+
+psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<- EOF
+ CREATE USER ${ICE_CMS_DB_USER} WITH CREATEDB PASSWORD '${ICE_CMS_DB_PASSWORD}';
+ CREATE DATABASE ${ICE_CMS_DB_NAME} WITH OWNER ${ICE_CMS_DB_USER} ENCODING 'utf-8';
+EOF
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# sourced, not executed, by docker-entrypoint.sh (/bin/bash)
+ln -sf /etc/postgresql/conf.d/postgresql.conf "${PGDATA}"/postgresql.conf
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: postgresql-conf
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/postgres/conf/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: postgresql-initdb
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/postgres/init/*").AsConfig . | indent 2 }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ imagePullSecrets:
+ - name: onapkey
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ ports:
+ - containerPort: 5432
+ volumeMounts:
+ - mountPath: /var/lib/postgresql/data
+ name: postgresql-data
+ - mountPath: /etc/postgresql/conf.d/
+ name: postgresql-conf
+ - mountPath: /docker-entrypoint-initdb.d/
+ name: postgresql-initdb
+ env:
+ - name: POSTGRES_DB
+ value: icedb
+ - name: ICE_CMS_DB_NAME
+ value: icecmsdb
+ - name: POSTGRES_USER
+ value: em_postgresuser
+ - name: ICE_CMS_DB_USER
+ value: cms_postgresuser
+ - name: ICE_CMS_DB_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: cmsPassword
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: postgresql-passwords
+ key: emPassword
+ volumes:
+ - name: postgresql-data
+ emptyDir: {}
+ - name: postgresql-conf
+ configMap:
+ name: postgresql-conf
+ - name: postgresql-initdb
+ configMap:
+ name: postgresql-initdb
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.internalPort }}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/postgresql:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vvp-postgres
+ portName: vvp-postgres
+ internalPort: 5432
+ externalPort: 5432
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+description: in memory key-value store for all project
+name: vvp-redis
+version: 3.0.0
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app: {{ include "common.name" . }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ release: {{ .Release.Name }}
+ name: {{ include "common.name" . }}
+ spec:
+ hostname: {{ include "common.name" . }}
+ containers:
+ - args:
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ name: {{ include "common.name" . }}
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ nodePort: {{ .Values.global.nodePortPrefix | default "302" }}{{ .Values.service.nodePort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: docker.io
+image: redis:alpine
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ name: vvp-redis
+ portName: vvp-redis
+ internalPort: 6379
+ externalPort: 6379
+
+ingress:
+ enabled: false
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~3.0.0
+ repository: '@local'
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+pid /nginx.pid;
+error_log /dev/stdout warn;
+
+http {
+ access_log /dev/stdout;
+ server {
+ listen 0.0.0.0:8181;
+
+ location / {
+ include /etc/nginx/mime.types;
+ root /usr/share/nginx/html/;
+ }
+
+ }
+}
+
+events {
+ worker_connections 4096;
+}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+{
+ "serviceProvider": {
+ "name": "NA"
+ },
+ "program": {
+ "name": "VVP"
+ }
+}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: portal-nginx-config
+ namespace: {{ include "common.namespace" . }}
+data:
+{{ tpl (.Files.Glob "resources/config/vvp/*").AsConfig . | indent 2 }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: onapkey
+data:
+ .dockercfg: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOiB7InVzZXJuYW1lIjogImRvY2tlciIsICJwYXNzd29yZCI6ICJkb2NrZXIiLCAiZW1haWwiOiAiZW1haWxAZW1haWwuY29tIn19
+type: kubernetes.io/dockercfg
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: em-secret
+type: Opaque
+data:
+ key: "IzkxZV9fdzNrPTc4MUB5KGVfIzZodTZ0JmgyNTQjdSkmYmorbTl0aHglayE2XiowNnI="
+ em_webhook_token: "QWlwN29oeDFlaUhhZXNob2g5c2hhaWx1OWVleDd0aGE="
+ gitlab_admin_password: "YW82aWo2d29oV2VpcXU0ZQ=="
+ jenkins_admin_password: "a29peWVCYWlUaDNrYWlOZw=="
+ cms_app_client_id: "RWVCNFhlaW1vb2M2eGllU2VlS2FoOGRhZTFlaXBhZTRvdGFlc2hlZQ=="
+ cms_app_client_secret: "aGFpTW9vcGllWmVlMXdlaTNsZWY0Z2FleWlhMnZhaHdvaHRoMG1haWQ5aXRoMnBoZWVzaGFpdGh1VG9vcjJKb2hzaGVpNWJhZXk3RWlxdWFldGhlaWI4cXVhaXF1ZWU3cGhpYXRoN2V1YjJhaU5haWMzb3U5dmFpemViZWlGNXU="
+ slack_api_token: ""
+ aws_access_key_id: "MlpCMTlVOUQ4SzZYVkpHNzVWWDA="
+ aws_secret_access_key: "N3hWV2Vxc0xJb3RLT3VhMHh2aGFwSXNDdDFWVTB4Nk0yRTRmVFJLTw=="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: email-secret
+type: Opaque
+data:
+ password: "RVhBTVBMRQ=="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: site-crt
+type: Opaque
+data:
+ # the public part of the certificate, not actually a secret.
+ site.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZnQ0NRRGhhaFZLRTkvZVVqQU5CZ2txaGtpRzl3MEJBUXNGQURCS01SQXdEZ1lEVlFRS0RBZEYKZUdGdGNHeGxNUkF3RGdZRFZRUUxEQWRsZUdGdGNHeGxNU1F3SWdZRFZRUUREQnRrWlhabGJHOXdiV1Z1ZEM1MgpkbkF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVGN4TWpJME1UVXpPVEEzV2hjTk1UZ3hNakkwTVRVek9UQTNXakJLCk1SQXdEZ1lEVlFRS0RBZEZlR0Z0Y0d4bE1SQXdEZ1lEVlFRTERBZGxlR0Z0Y0d4bE1TUXdJZ1lEVlFRRERCdGsKWlhabGJHOXdiV1Z1ZEM1MmRuQXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUUNrdk5HWGUrYmR2TDJrdnJQMkwzV0FCdDJXQ0ZvWjJQbjhQeDBlRXNSaUpIVkQwZVd6CnJnSllIRkp1MEMwY0s5TllTS3hWVkk4TG5LSDdOeTVNRmZNNFRxeXIzVUVPTHMrZlN3YUFxTTV0U3laVS90RUsKcmFjdEE3Ymk5ZkRrMmxrY3MrTEx1Wk1xR1BaMzdVWmNad3NVUTBCT05IUDY2OExxa1dxVDloTkxJTjRlaklucgozMldBM1k3aFBOZDhDaitBYUx0MXgyY1hZemk5aHJFNWwzaDlvZmtPcFhzZ0R6ZUlIbHA0ako2a1hYUWY4VU01CjF2aXFhMkNXWEhCSEVHKzVlZnRMU2FlRTZMQWxOdDVJSjZMY1dFWmdOdFhyMmVzNExKQzNGalhydjBnYzA0Q3AKVTJPZml6cGJoVDExY0xHYWVYT3ExY1VDWE5JYjRGY0pBcG9YQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUZHUERHOWl1ckFoVUtiRmtZOTd4TEE0NDNVMDFiZHdpN2VBVDVUOXFvL1J6T3djYnVLV1hWbTFrNUhLCkNRTzgxbmxMcUxRd2hJMSt1VFRtUjQxZXB1Snh5R0lhRGdVeVNCKzhmTHp5UlNJRmF4S0QrVWVWUGdpcEROWnMKaDBzS1NLck82TW9Xek1MVVl2ZFpSdzZWSWMrVXBTQ3FQWStGS1VCVUhadE1wU0ZMbmhIalJ2VmtpUDRWdkZYagpiN2pRekh1Z2h6ZUlUeWd3czQyZktLL01LN3dRNmJ5YU1WUmJQYlFLUEFYTnhkL1VyU1BlWCtSektSV09aNlI4ClVseXA3ZGV6WENQNzdVYVRaVHN4d2x1clBRSVpOTXNoRHhFL1NiV3QwUTFnMjhyajVLZkFqb1pzNVRnL2dtUTgKTExLSS9iMU92S29oYUFOR1o2V2U1VStjZWVVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="
+---
+piVersion: v1
+kind: Secret
+metadata:
+ name: postgresql-passwords
+type: Opaque
+data:
+ emPassword: "ZW1fcG9zdGdyZXNwYXNz"
+ cmsPassword: "Y21zX3Bvc3RncmVzcGFzcw=="
+ ciPassword: "Y2lkYnBhc3M="
+---
+kind: Secret
+apiVersion: v1
+metadata:
+ name: site-pem
+type: Opaque
+data:
+ site.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZnQ0NRRGhhaFZLRTkvZVVqQU5CZ2txaGtpRzl3MEJBUXNGQURCS01SQXdEZ1lEVlFRS0RBZEYKZUdGdGNHeGxNUkF3RGdZRFZRUUxEQWRsZUdGdGNHeGxNU1F3SWdZRFZRUUREQnRrWlhabGJHOXdiV1Z1ZEM1MgpkbkF1WlhoaGJYQnNaUzVqYjIwd0hoY05NVGN4TWpJME1UVXpPVEEzV2hjTk1UZ3hNakkwTVRVek9UQTNXakJLCk1SQXdEZ1lEVlFRS0RBZEZlR0Z0Y0d4bE1SQXdEZ1lEVlFRTERBZGxlR0Z0Y0d4bE1TUXdJZ1lEVlFRRERCdGsKWlhabGJHOXdiV1Z1ZEM1MmRuQXVaWGhoYlhCc1pTNWpiMjB3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQgpEd0F3Z2dFS0FvSUJBUUNrdk5HWGUrYmR2TDJrdnJQMkwzV0FCdDJXQ0ZvWjJQbjhQeDBlRXNSaUpIVkQwZVd6CnJnSllIRkp1MEMwY0s5TllTS3hWVkk4TG5LSDdOeTVNRmZNNFRxeXIzVUVPTHMrZlN3YUFxTTV0U3laVS90RUsKcmFjdEE3Ymk5ZkRrMmxrY3MrTEx1Wk1xR1BaMzdVWmNad3NVUTBCT05IUDY2OExxa1dxVDloTkxJTjRlaklucgozMldBM1k3aFBOZDhDaitBYUx0MXgyY1hZemk5aHJFNWwzaDlvZmtPcFhzZ0R6ZUlIbHA0ako2a1hYUWY4VU01CjF2aXFhMkNXWEhCSEVHKzVlZnRMU2FlRTZMQWxOdDVJSjZMY1dFWmdOdFhyMmVzNExKQzNGalhydjBnYzA0Q3AKVTJPZml6cGJoVDExY0xHYWVYT3ExY1VDWE5JYjRGY0pBcG9YQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUZHUERHOWl1ckFoVUtiRmtZOTd4TEE0NDNVMDFiZHdpN2VBVDVUOXFvL1J6T3djYnVLV1hWbTFrNUhLCkNRTzgxbmxMcUxRd2hJMSt1VFRtUjQxZXB1Snh5R0lhRGdVeVNCKzhmTHp5UlNJRmF4S0QrVWVWUGdpcEROWnMKaDBzS1NLck82TW9Xek1MVVl2ZFpSdzZWSWMrVXBTQ3FQWStGS1VCVUhadE1wU0ZMbmhIalJ2VmtpUDRWdkZYagpiN2pRekh1Z2h6ZUlUeWd3czQyZktLL01LN3dRNmJ5YU1WUmJQYlFLUEFYTnhkL1VyU1BlWCtSektSV09aNlI4ClVseXA3ZGV6WENQNzdVYVRaVHN4d2x1clBRSVpOTXNoRHhFL1NiV3QwUTFnMjhyajVLZkFqb1pzNVRnL2dtUTgKTExLSS9iMU92S29oYUFOR1o2V2U1VStjZWVVPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIFBSSVZBVEUgS0VZLS0tLS0KTUlJRXZRSUJBREFOQmdrcWhraUc5dzBCQVFFRkFBU0NCS2N3Z2dTakFnRUFBb0lCQVFDa3ZOR1hlK2Jkdkwyawp2clAyTDNXQUJ0MldDRm9aMlBuOFB4MGVFc1JpSkhWRDBlV3pyZ0pZSEZKdTBDMGNLOU5ZU0t4VlZJOExuS0g3Ck55NU1GZk00VHF5cjNVRU9McytmU3dhQXFNNXRTeVpVL3RFS3JhY3RBN2JpOWZEazJsa2NzK0xMdVpNcUdQWjMKN1VaY1p3c1VRMEJPTkhQNjY4THFrV3FUOWhOTElONGVqSW5yMzJXQTNZN2hQTmQ4Q2orQWFMdDF4MmNYWXppOQpockU1bDNoOW9ma09wWHNnRHplSUhscDRqSjZrWFhRZjhVTTUxdmlxYTJDV1hIQkhFRys1ZWZ0TFNhZUU2TEFsCk50NUlKNkxjV0VaZ050WHIyZXM0TEpDM0ZqWHJ2MGdjMDRDcFUyT2ZpenBiaFQxMWNMR2FlWE9xMWNVQ1hOSWIKNEZjSkFwb1hBZ01CQUFFQ2dnRUFmaXVua3cvd2FBK3daOGN2YWZRN1dBenFGWWpjQ1VQbllzeXI3bWFOUm1XSgo4cUdGL2pIZDFjSUxXSmZVbE9qeiszL2RqWlV2NGNMYlJONmtkTjJ5NUlOTk9HeEM4U3ZsRkttUGwyYXlnMzYxCkl3L3U1dkROUTJxKzNlRmoyTU5xME5MdGR2N3d1YU5ZMGMxR3dHcWpUNmVhVHN0WnNPcDA1TmJ1KzlmU093ejgKcHJFOUVxU2FpbHBjMFpIMDNUb0JDY1ZpTFBRN0RDeWkzd0QvTHFaWXlqbnNKdnBWVjFGV2paTWRNQjVCTHlQNQp2Wkg5Qk1iQ0Eva2YrUDVYVjBtUU9rcWk3OVN0bEhHc21id3A5YzVEUnZiUHZ3TWdsdUpqVDRRNXZldXNtY1ozClF4ZGpXVVpLeXZUU2w2QmFVV0tmSkxhMGhPWHR1UXB5VHhhMDY3S1RNUUtCZ1FEU2tTUXM4aGhnYVhMQVJDMWUKcWwxK29ZNVNjckxVb3dBbHJoNXYxRjlzcTAyNEkrRXRPa3dUZHZkbDNTQjg0bmhyRDVZQ2JhcXlWRi9uNFRaQQpoMnZkUHVsZ3pOT0FPQUh5bjQyanpuQm5kcWtqaXQrdUhOUVBWVjA3bzVwaDk1N05DT25XNFFPZ01IeFhrbDRzCllROTlVYkJmTmdwTC9PY0NUOWhFbnl3d3pRS0JnUURJU0QvV2poMFZ3Nmd0VXlUcjFUMlQ0S3FzS09HTXNIZ1gKbWVqRkJnQVpoeTNSQTRxSnBLWkdPOWUyK0VvMWRSN1ErVjIzOXhaVy9WdEZDcmdLYUNENm9EWFFQM0grcC93VgpvRXozbDJoMWRrSmxYSVd1Z1ZUY05uOGNHeU1TUi9BMUEycFVQNkMwRTJqSTFXWURpT2VQdnFSVTZpczE4dGYwCkNwMjdnNU5tY3dLQmdGSEUvMUZjNms1MlpKTjVaa3oreDdQbk5RZWJkd3JRQ2J5WU0wV21LVEJnRFp4V2dwazMKckZkYXVaUWJIUVNpUmJUOXBubG04UVN6YzFMdXlFeWl5aVp1eWQ1SGJGSzhiVFUwOUtJS0J1aUcwZ1AxYUF1TApNbWFKOWR5MUdieTFsanQxSEtuUFU4TWZVUW9JMHYxVTY5ajBvaE0zUHlSbkg2WnNMMFhtc2hoNUFvR0FZT0tLCmR5a0NLdUFlUCtiRHFvM2FIdW9FeGdsMHFwRkhWdXR1TGJrc1hTMEdYZURmcUp3TWoxY3RqK1ptUjV2amoyWEMKRDFjbzZHWGhPL0htZTZwSm9kUFVsR3ZNb2tyeTZDZEdkRk03QmU5eVNRUkw2dEhIa2t1T2k3TVk4U1A1c0R0NQp1VTJhV09JMncwaHY4Ky9MVEw4RlVjcUJvclJhQVVVTmJvTkV6NzhDZ1lFQXF0bXI0YmJYeWRnNFpFckY5c2ZWCkh4NUhZdDQweU1QajJrR3hSWm9uQXYvaXBwaHpCNFRXZmZFckdCNlgvdzNnUWpla2Z6S2pFNU5rSGVvMytEQisKbzFqc1BySXhrcFlYSzAydlNWN3RZdnlaczBBWGlGcm5sZFBkSzlhNHRtWHhhZEQwZm1OSkxmU0hwd0tVNXdQagpOR2UzUG5rT1pMUlQ4MHVPWkVpMUx4Zz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo="
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: haproxy-auth
+type: Opaque
+data:
+ user: "aGFwcm94eXVzZXI="
+ pass: "aGFwcm94eXBhc3M="
+
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ include "common.fullname" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ template:
+ metadata:
+ labels:
+ app: {{ include "common.name" . }}
+ name: {{ .Release.Name }}
+ spec:
+ containers:
+ - name: {{ include "common.name" . }}
+ image: "{{ include "common.repository" . }}/{{ .Values.image }}"
+ imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }}
+ volumeMounts:
+ - mountPath: /tmp/
+ name: portal-nginx-config
+ ports:
+ - containerPort: {{ .Values.service.internalPort }}
+ command: ["nginx", "-g", "daemon off;", "-c", "/tmp/nginx.conf"]
+ volumes:
+ - name: portal-nginx-config
+ configMap:
+ name: portal-nginx-config
+ items:
+ - key: file
+ path: nginx.conf
+ - key: service_provider.json
+ path: service_provider.json
+ imagePullSecrets:
+ - name: onapkey
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "common.servicename" . }}
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ {{if eq .Values.service.type "NodePort" -}}
+ - port: {{ .Values.service.internalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- else -}}
+ - port: {{ .Values.service.externalPort }}
+ targetPort: {{ .Values.service.internalPort }}
+ {{- end}}
+ name: {{ .Values.service.portName | default "http" }}
+ selector:
+ app: {{ include "common.name" . }}
--- /dev/null
+# Copyright © 2018 Amdocs, AT&T, Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ repository: nexus3.onap.org:10001
+ readinessRepository: oomk8s
+ readinessImage: readiness-check:2.0.0
+ loggingRepository: docker.elastic.co
+ loggingImage: beats/filebeat:5.5.0
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+repository: nexus3.onap.org:10001
+image: onap/vvp/portal:1.0.0
+pullPolicy: Always
+
+# flag to enable debugging - application support required
+debugEnabled: false
+
+replicaCount: 1
+
+nodeSelector: {}
+
+affinity: {}
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ # necessary to disable liveness probe when setting breakpoints
+ # in debugger so K8s doesn't restart unresponsive container
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+
+service:
+ type: ClusterIP
+ internalPort: 8181
+ externalPort: 8181
+
+ingress:
+ enabled: false
Code Review / oom.git / commitdiff