-#!/bin/bash
+#!/bin/sh
usage () {
echo "Usage:"
#Update the /etc/exports
NFS_EXP=""
for i in $@; do
- NFS_EXP+="$i(rw,sync,no_root_squash,no_subtree_check) "
+ NFS_EXP="${NFS_EXP}$i(rw,sync,no_root_squash,no_subtree_check) "
done
echo "/dockerdata-nfs "$NFS_EXP | sudo tee -a /etc/exports
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
DOCKER_VERSION=18.09.5
systemctl restart docker
apt-mark hold docker-ce
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
docker login -u docker -p docker nexus3.onap.org:10001
-#!/bin/bash
+#!/bin/sh
apt-get update
-IP_ADDR=`ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}'`
-HOSTNAME=`hostname`
+IP_ADDR=$(ip address |grep ens|grep inet|awk '{print $2}'| awk -F / '{print $1}')
+HOST_NAME=$(hostname)
-echo "$IP_ADDR $HOSTNAME" >> /etc/hosts
+echo "$IP_ADDR $HOST_NAME" >> /etc/hosts
sudo apt-get install make -y
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
+ value: '-Djavax.net.ssl.trustStore={{ .Values.certInitializer.credsPath }}/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
.project
.idea/
*.tmproj
+components/
.project
.idea/
*.tmproj
+components/
#!/bin/bash
+
set -e
# first arg is `-f` or `--some-option`
authenticator \
; do
var="CASSANDRA_${yaml^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra.yaml" \
-r 's/^(# )?('"$yaml"':).*/\2 '"$val"'/'
for rackdc in dc rack; do
var="CASSANDRA_${rackdc^^}"
- val="${!var}"
+ # eval presents no security issue here because of limited possible values of var
+ eval val=\$$var
if [ "$val" ]; then
_sed-in-place "$CASSANDRA_CONFIG/cassandra-rackdc.properties" \
-r 's/^('"$rackdc"'=).*/\1 '"$val"'/'
##
type: ClusterIP
headless: {}
+ internalPort: &dbPort 3306
ports:
- name: mysql
- port: 3306
+ port: *dbPort
headlessPorts:
- name: galera
port: 4567
#!/bin/bash
+
{{/*
# Copyright © 2019 Orange
# Copyright © 2020 Samsung Electronics
while read DB ; do
USER_VAR="MYSQL_USER_${DB^^}"
PASS_VAR="MYSQL_PASSWORD_${DB^^}"
- USER=${!USER_VAR}
- PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+{{/*
+ # USER=${!USER_VAR}
+ # PASS=`echo -n ${!PASS_VAR} | sed -e "s/'/''/g"`
+ # eval replacement of the bashism equivalents above might present a security issue here
+ # since it reads content from DB values filled by helm at the end of the script.
+ # These possible values has to be constrainted and/or limited by helm for a safe use of eval.
+*/}}
+ eval USER=\$$USER_VAR
+ PASS=$(eval echo -n \$$PASS_VAR | sed -e "s/'/''/g")
MYSQL_OPTS=( -h ${DB_HOST} -P ${DB_PORT} -uroot -p${MYSQL_ROOT_PASSWORD} )
echo "Creating database ${DB} and user ${USER}..."
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
.idea/
*.tmproj
.vscode/
+components/
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.2.0
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.6.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
importK8S: plugin:k8splugin?version=>=3.5.1,<4.0.0
importPostgres: plugin:pgaas?version=1.3.0
importClamp: plugin:clamppolicyplugin?version=1.1.0
- importDMaaP: plugin:dmaap?version=1.5.0
+ importDMaaP: plugin:dmaap?version=>=1.5.1,<2.0.0
useDmaapPlugin: false
bpResourcesCpuLimit: 250m
bpResourcesMemoryLimit: 128Mi
"topicName": "PNF_READY",
"topicDescription": "This topic will be used to publish the PNF_READY events generated by the PNF REgistration Handler service in the DCAE platform.",
"owner": "PNFRegistrationHandler",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicName": "PNF_REGISTRATION",
"topicDescription": "the VES collector will be publishing pnfRegistration events in this topic",
"owner": "VEScollector",
- "txenabled": false,
+ "tnxEnabled": false,
"clients": [
{
"dcaeLocationName": "san-francisco",
"topicDescription": "the topic used to provision the MM agent whitelist",
"replicationCase": "REPLICATION_NONE",
"owner": "dmaap",
- "txenabled": false,
+ "tnxEnabled": false,
"partitionCount": "1",
"clients": [
{
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.5
+image: onap/dmaap/dmaap-bc:2.0.6
# application configuration
.project
.idea/
*.tmproj
+components/
fi
if [ "$DELAY" = "true" ]; then
echo sleep 3m
- sleep 3m
+ sleep 180
fi
else
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
;;
esac
-exit 0
\ No newline at end of file
+exit 0
.project
.idea/
*.tmproj
+components/
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/
.project
.idea/
*.tmproj
+components/
.project
.idea/
*.tmproj
+components/
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.db.container }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
global: # global defaults
nodePortPrefix: 302
readinessImage: onap/oom/readiness:3.0.1
+ mariadbGalera: {}
subChartsOnly:
enabled: true
# as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
+mariadb-galera: {}
config:
aaf:
password: pass
# userCredentialsExternalSecret: some-secret
db:
- port: 3306
# rootPassword: pass
# rootPasswordExternalSecret: some secret
user: cmso-admin
- /app/ready.py
args:
- --container-name
- - {{ .Values.config.db.container }}
+ - {{ include "common.mariadbService" . }}
env:
- name: NAMESPACE
valueFrom:
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
env:
- name: DB_HOST
- value: {{ .Values.config.db.host }}.{{.Release.Namespace}}
+ value: {{ include "common.mariadbService" . }}.{{.Release.Namespace}}
- name: DB_PORT
- value: {{ .Values.config.db.port | quote}}
+ value: {{ include "common.mariadbPort" . | quote}}
- name: DB_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
#################################################################
global: # global defaults
nodePortPrefix: 302
+ mariadbGalera: {}
subChartsOnly:
enabled: true
# as of 20181022 port 23 is reserved for cmso
# see https://wiki.onap.org/display/DW/OOM+NodePort+List
+mariadb-galera: {}
config:
aaf:
password: pass
# userCredentialsExternalSecret: some-secret
db:
- port: 3306
# rootPassword: pass
# rootPasswordExternalSecret: some secret
user: cmso-admin
- name: mariadb-galera
version: ~8.x-0
repository: '@local'
+ condition: global.mariadbGalera.localCluster
- name: mariadb-init
version: ~8.x-0
repository: '@local'
# See the License for the specific language governing permissions and
# limitations under the License.
+global:
+ commonConfigPrefix: "oof-cmso"
+ truststoreFile: "truststoreONAPall.jks"
+ keystoreFile: "org.onap.oof.jks"
+ truststorePassword:
+ authentication: aaf-auth
+ mariadbGalera: &mariadbGalera
+ #This flag allows OOF-CMSO to instantiate its own mariadb-galera cluster
+ localCluster: false
+ service: mariadb-galera
+ internalPort: 3306
+ nameOverride: mariadb-galera
+
#################################################################
# Secrets metaconfig
#################################################################
login: '{{ .Values.config.aaf.user }}'
password: '{{ .Values.config.aaf.password }}'
-mariadb-galera:
+mariadb-galera: &localMariadb
replicaCount: 1
nameOverride: &dbName cmso-db
nfsprovisionerPrefix: cmso
serviceAccount:
nameOverride: *dbName
-global:
- commonConfigPrefix: "oof-cmso"
- truststoreFile: "truststoreONAPall.jks"
- keystoreFile: "org.onap.oof.jks"
- truststorePassword:
- authentication: aaf-auth
-
mariadb-init:
- mariadbGalera:
- containerName: *dbName
- serviceName: *dbName
- servicePort: 3306
- userRootSecret: *rootPassword
config:
userCredentialsExternalSecret: *serviceDbCreds
mysqlDatabase: cmso
certInitializer:
<< : *certInitConfig
nameOverride: oof-cmso-service-cert-initializer
+ mariadb-galera: *localMariadb
config:
db:
userCredentialsExternalSecret: *serviceDbCreds
- host: *dbName
- container: *dbName
mysqlDatabase: cmso
aaf:
userCredentialsExternalSecret: *aafCreds
certInitializer:
<< : *certInitConfig
nameOverride: oof-cmso-optimizer-cert-initializer
+ mariadb-galera: *localMariadb
config:
enabled: true
db:
userCredentialsExternalSecret: *optimizerDbCreds
- host: *dbName
- container: *dbName
mysqlDatabase: optimizer
aaf:
userCredentialsExternalSecret: *aafCreds
#!/bin/bash
+
set -eo pipefail
shopt -s nullglob
mysql_error "Both $var and $fileVar are set (but are exclusive)"
fi
local val="$def"
+ # val="${!var}"
+ # val="$(< "${!fileVar}")"
+ # eval replacement of the bashism equivalents above presents no security issue here
+ # since var and fileVar variables contents are derived from the file_env() function arguments.
+ # This method is only called inside this script with a limited number of possible values.
if [ "${!var:-}" ]; then
- val="${!var}"
+ eval val=\$$var
elif [ "${!fileVar:-}" ]; then
- val="$(< "${!fileVar}")"
+ val="$(< "$(eval echo "\$$fileVar")")"
fi
export "$var"="$val"
unset "$fileVar"
# so that it won't try to fill in a password file when it hasn't been set yet
extraArgs=()
if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
- extraArgs+=( '--dont-use-mysql-root-password' )
+ extraArgs=${extraArgs}( '--dont-use-mysql-root-password' )
fi
if echo 'SELECT 1' |docker_process_sql "${extraArgs[@]}" --database=mysql >/dev/null 2>&1; then
break
# beginning in 10.4.3, install_db uses "socket" which only allows system user root to connect, switch back to "normal" to allow mysql root without a password
# see https://github.com/MariaDB/server/commit/b9f3f06857ac6f9105dc65caae19782f09b47fb3
# (this flag doesn't exist in 10.0 and below)
- installArgs+=( --auth-root-authentication-method=normal )
+ installArgs=${installArgs}( --auth-root-authentication-method=normal )
fi
# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
mysql_install_db "${installArgs[@]}" "${@:2}"
docker_process_sql() {
passfileArgs=()
if [ '--dont-use-mysql-root-password' = "$1" ]; then
- passfileArgs+=( "$1" )
+ passfileArgs=${passfileArgs}( "$1" )
shift
fi
# args sent in can override this db, since they will be later in the command
if [ $execscript ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
if [ "${!#}" = "execscript" ]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
- [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
+ [ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && . "$DIR/$SCRIPTDIR/$script"
done
fi
global:
pullPolicy: Always
-image: onap/org.onap.sdc.sdc-helm-validator:1.2.0
+image: onap/org.onap.sdc.sdc-helm-validator:1.2.1
containerPort: &svc_port 8080
config:
#!/bin/bash
-{{/*
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
-#!/bin/bash
-{{/*
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
.project
.idea/
*.tmproj
+components/
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+components/