Merge "Enabling generic parser in onap-all override file"

diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 3c491b4..ed71c97 100644 (file)
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -129,20 +129,12 @@ single command
   The --timeout 900 is currently required in Dublin to address long running initialization tasks
   for DMaaP and SO. Without this timeout value both applications may fail to deploy.
 
- a. To deploy all ONAP applications use this command::
+ To deploy all ONAP applications use this command::
 
     > cd oom/kubernetes
-    > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
+    > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
 
- b. If you are using a custom override (e.g. integration-override.yaml) use this command::
-
-    > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap --timeout 900
-
-
- c. If you have a slower cloud environment you may want to use the public-cloud.yaml
-    which has longer delay intervals on database updates.::
-
-    > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap --timeout 900
+ All override files may be customized (or replaced by other overrides) as per needs.
 
 
 **Step 9.** Commands to interact with the OOM installation

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 37d8b3f..dc10400 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -55,6 +55,7 @@ Summary
 
 * In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
 * Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
 
 *Known Vulnerabilities in Used Modules*
 

diff --git a/kubernetes/onap/resources/overrides/environment.yaml b/kubernetes/onap/resources/overrides/environment.yaml
new file mode 100644 (file)
index 0000000..75ce8e5
--- /dev/null
+++ b/kubernetes/onap/resources/overrides/environment.yaml
@@ -0,0 +1,225 @@
+# Copyright © 2017,2019 Amdocs, AT&T , Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+#
+# These overrides will affect all helm charts (ie. applications)
+# that are listed below and are 'enabled'.
+#
+#
+# This is specifically for the environments which take time to
+# deploy ONAP. This increase in timeouts prevents false restarting of
+# the pods during startup configuration.
+#
+# These timers have been tuned by the ONAP integration team. They
+# have been tested and validated in the ONAP integration lab (Intel/Windriver lab).
+# They are however indicative and may be adapted to your environment as they
+# depend on the performance of the infrastructure you are installing ONAP on.
+#
+# Please note that these timers must remain reasonable, in other words, if
+# your infrastructure is not performant enough, extending the timers to very
+# large value may not fix all installation issues on over subscribed hardware.
+#
+#################################################################
+aaf:
+  aaf-cs:
+    liveness:
+      initialDelaySeconds: 240
+    readiness:
+      initialDelaySeconds: 240
+  aaf-gui:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  aaf-oauth:
+    liveness:
+      initialDelaySeconds: 300
+    readiness:
+      initialDelaySeconds: 300
+  aaf-service:
+    liveness:
+      initialDelaySeconds: 300
+    readiness:
+      initialDelaySeconds: 300
+aai:
+  liveness:
+    initialDelaySeconds: 120
+  aai-champ:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  aai-data-router:
+    liveness:
+      initialDelaySeconds: 120
+  aai-sparky-be:
+    liveness:
+      initialDelaySeconds: 120
+  aai-spike:
+    liveness:
+      initialDelaySeconds: 120
+  aai-cassandra:
+    liveness:
+      periodSeconds: 120
+    readiness:
+      periodSeconds: 60
+appc:
+  mariadb-galera:
+    liveness:
+      initialDelaySeconds: 180
+      periodSeconds: 60
+cassandra:
+  liveness:
+    initialDelaySeconds: 120
+    periodSeconds: 120
+  readiness:
+    initialDelaySeconds: 120
+    periodSeconds: 60
+clamp:
+  liveness:
+    initialDelaySeconds: 60
+  readiness:
+    initialDelaySeconds: 60
+dcaegen2:
+  dcae-cloudify-manager:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+dmaap:
+  dmaap-bus-controller:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  message-router:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  dmaap-dr-prov:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+    mariadb:
+      liveness:
+        initialDelaySeconds: 180
+        periodSeconds: 60
+  dmaap-dr-node:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+mariadb-galera:
+  liveness:
+    initialDelaySeconds: 180
+    periodSeconds: 60
+  mariadb-galera-server:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+modeling:
+  mariadb-galera:
+    liveness:
+      initialDelaySeconds: 180
+      periodSeconds: 60
+oof:
+  oof-has:
+    music:
+      music-cassandra:
+        liveness:
+          periodSeconds: 120
+        readiness:
+          periodSeconds: 60
+portal:
+  portal-app:
+    liveness:
+      initialDelaySeconds: 60
+    readiness:
+      initialDelaySeconds: 60
+  portal-cassandra:
+    liveness:
+      periodSeconds: 120
+    readiness:
+      periodSeconds: 60
+sdc:
+  sdc-be:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  sdc-cs:
+    liveness:
+      initialDelaySeconds: 120
+      periodSeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+      periodSeconds: 60
+  sdc-es:
+    liveness:
+      initialDelaySeconds: 60
+    readiness:
+      initialDelaySeconds: 120
+  sdc-onboarding-be:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+sdnc:
+  liveness:
+    initialDelaySeconds: 60
+  readiness:
+    initialDelaySeconds: 60
+  dmaap-listener:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+  mariadb-galera:
+    liveness:
+      initialDelaySeconds: 180
+      periodSeconds: 60
+  sdnc-ansible-server:
+    readiness:
+      initialDelaySeconds: 120
+  sdnc-portal:
+    readiness:
+      initialDelaySeconds: 120
+  ueb-listener:
+    liveness:
+      initialDelaySeconds: 60
+    readiness:
+      initialDelaySeconds: 60
+so:
+  liveness:
+    initialDelaySeconds: 120
+  mariadb:
+    liveness:
+      initialDelaySeconds: 900
+    readiness:
+      initialDelaySeconds: 900
+uui:
+  uui-server:
+    liveness:
+      initialDelaySeconds: 120
+    readiness:
+      initialDelaySeconds: 120
+vfc:
+  mariadb-galera:
+    liveness:
+      initialDelaySeconds: 180
+      periodSeconds: 60