-Subproject commit 1990a02ce9295df7c94009401c24fa226a10f8e8
+Subproject commit 5a01a0953803b3d1b140a77c779a3b942e293228
esac
done
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
+}
+
# usage: file_env VAR [DEFAULT]
# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
- val=`echo -n $val | sed -e "s/'/''/g"`
+ val=`prepare_password $val`
export "$var"="$val"
unset "$fileVar"
}
{{ end }}
{{- end -}}
+{{- define "common._defaultPasswordStrength" -}}
+ {{ if .Values.passwordStrengthOverride }}
+ {{- printf "%s" .Values.passwordStrengthOverride -}}
+ {{ else if .Values.global.passwordStrength }}
+ {{- printf "%s" .Values.global.passwordStrength -}}
+ {{ else if .Values.passwordStrength }}
+ {{- printf "%s" .Values.passwordStrength -}}
+ {{ else }}
+ {{- printf "long" }}
+ {{ end }}
+{{- end -}}
+
{{/*
Generate a new password based on masterPassword. The new password is not
random, it is derived from masterPassword, fully qualified chart name and
{{- define "common.createPassword" -}}
{{- $dot := default . .dot -}}
{{- $uid := default "onap" .uid -}}
- {{- $strength := default "long" .strength -}}
+ {{- $defaultStrength := include "common._defaultPasswordStrength" $dot | trim -}}
+ {{- $strength := default $defaultStrength .strength -}}
{{- $mp := include "common.masterPassword" $dot -}}
{{- derivePassword 1 $strength $mp (include "common.fullname" $dot) $uid -}}
{{- end -}}
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
{{- end }}
containers:
- name: {{ template "common.fullname" . }}-curator
- image: {{printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts:
- name: config-volume
##
enabled: false
name: curator
-image:
- imageName: bitnami/elasticsearch-curator
- tag: 5.8.1-debian-9-r74
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
+image: bitnami/elasticsearch-curator:5.8.1-debian-9-r74
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
service:
port: 9200
cronjob:
{{- end }}
containers:
- name: {{ include "common.name" . }}-data
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
- name: http-transport
port: 9300
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## updateStrategy for ElasticSearch Data statefulset
{{- end }}
containers:
- name: {{ include "common.name" . }}-master
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
{{- if .Values.securityContext.enabled }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" . }}
- name: ELASTICSEARCH_CLUSTER_HOSTS
## master acts as master only node, choose 'no' if no further data nodes are deployed)
dedicatednode: "yes"
## dedicatednode: "no"
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
{{- include "common.certInitializer.volumeMount" . | nindent 10 }}
- name: {{ include "common.name" . }}-elasticsearch
- image: {{ printf "%s/%s:%s" (include "common.repository" .) .Values.image.imageName .Values.image.tag }}
+ image: {{ printf "%s/%s" (include "common.repository" .) .Values.image }}
{{- if .Values.securityContext.enabled }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
securityContext:
{{- end }}
env:
- name: BITNAMI_DEBUG
- value: {{ ternary "true" "false" .Values.image.debug | quote }}
+ value: {{ ternary "true" "false" .Values.debug | quote }}
- name: ELASTICSEARCH_CLUSTER_NAME
value: {{ include "elasticsearch.clustername" .}}
- name: ELASTICSEARCH_CLUSTER_HOSTS
enabled: true
# application image
-image:
- imageName: bitnami/elasticsearch
- tag: 6.8.6-debian-9-r23
- ## Specify a imagePullPolicy
- ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
- ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
- ##
- pullPolicy: IfNotPresent
- ## Optionally specify an array of imagePullSecrets.
- ## Secrets must be manually created in the namespace.
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
- ##
- # pullSecrets:
- # - myRegistryKeySecretName
- ## Set to true if you would like to see extra information on logs
- ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
- ##
- debug: false
+image: bitnami/elasticsearch:6.8.6-debian-9-r23
+## Specify a imagePullPolicy
+## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+pullPolicy: IfNotPresent
+## Optionally specify an array of imagePullSecrets.
+## Secrets must be manually created in the namespace.
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+##
+# pullSecrets:
+# - myRegistryKeySecretName
+## Set to true if you would like to see extra information on logs
+## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging
+##
+debug: false
## String to partially override common.fullname template (will maintain the release name)
##
mysql_tzinfo_to_sql /usr/share/zoneinfo | sed 's/Local time zone must be set--see zic manual page/FCTY/' | "${mysql[@]}" mysql
fi
-function prepare_password {
- echo -n $1 | sed -e "s/'/''/g"
+prepare_password()
+{
+ echo "$1" | sed -e "s/'/\\\\'/g; s/\"/\\\\\"/g"
}
mysql_root_password=`prepare_password $MYSQL_ROOT_PASSWORD`
{{/*
# Copyright © 2019 Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
{{- define "mariadbInit.mariadbClusterSecret" -}}
{{- include "common.mariadb.secret.rootPassSecretName" (dict "dot" . "chartName" (default "mariadb-galera" .Values.global.mariadbGalera.nameOverride)) -}}
{{- end -}}
+
+{{- define "mariadbInit._updateSecrets" -}}
+ {{- if not .Values.secretsUpdated }}
+ {{- $global := . }}
+ {{- range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
+ {{- $item := dict "uid" $db "type" "basicAuth" "externalSecret" (default "" $dbInfos.externalSecret) "login" (default "" $dbInfos.user) "password" (default "" $dbInfos.password) "passwordPolicy" "required" }}
+ {{- $newList := append $global.Values.secrets $item }}
+ {{- $_ := set $global.Values "secrets" $newList }}
+ {{- end -}}
+ {{ $_ := set $global.Values "secretsUpdated" true }}
+ {{- end -}}
+{{- end -}}
# See the License for the specific language governing permissions and
# limitations under the License.
+{{ include "mariadbInit._updateSecrets" . -}}
+
apiVersion: batch/v1
kind: Job
metadata:
- /app/ready.py
args:
- --container-name
- - {{ .Values.global.mariadbGalera.nameOverride }}
+ - {{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.containerName }}
env:
- name: NAMESPACE
valueFrom:
- /db_init/db_init.sh
env:
- name: DB_HOST
- value: "{{ .Values.global.mariadbGalera.nameOverride }}"
+ value: "{{ default .Values.global.mariadbGalera.nameOverride .Values.mariadbGalera.serviceName }}"
- name: DB_PORT
- value: "{{ .Values.global.mariadbGalera.servicePort }}"
+ value: "{{ default .Values.global.mariadbGalera.servicePort .Values.mariadbGalera.servicePort }}"
- name: MYSQL_ROOT_PASSWORD
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "root-password" "key" (default "password" .Values.global.mariadbGalera.userRootSecretKey)) | indent 10 }}
- name: {{ printf "MYSQL_USER_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" .Values.config.mysqlDatabase | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" .Values.config.mysqlDatabase "key" "password") | indent 10 }}
{{- $root := . }}
{{ range $db, $_values := .Values.config.mysqlAdditionalDatabases }}
- name: {{ printf "MYSQL_USER_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "login") | indent 10 }}
- name: {{ printf "MYSQL_PASSWORD_%s" $db | upper }}
- {{- include "common.secret.envFromSecret" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" $root "uid" $db "key" "password") | indent 10 }}
{{ end }}
volumeMounts:
- mountPath: /etc/localtime
# Copyright © 2017 Amdocs, Bell Canada, Orange
+# Copyright © 2020 Samsung Electronics
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# See the License for the specific language governing permissions and
# limitations under the License.
-{{- define "mariadb-init._update-secrets" -}}
- {{ range $db, $dbInfos := .Values.config.mysqlAdditionalDatabases }}
-{{ printf "- uid: %s" $db }}
-{{ printf " type: basicAuth" }}
- {{- if $dbInfos.externalSecret }}
-{{ printf " externalSecret: %s" $dbInfos.externalSecret }}
- {{- end }}
-{{ printf " login: %s" $dbInfos.user }}
-{{ printf " password: %s" $dbInfos.password }}
-{{ printf " passwordPolicy: required" }}
- {{- end -}}
-{{- end -}}
+{{ include "mariadbInit._updateSecrets" . -}}
-{{ $global := . }}
-{{ $secretsString := .Values.secrets | toYaml | indent 2 }}
-{{ $additionalSecretsString := (include "mariadb-init._update-secrets" .) | indent 2 }}
-{{ $finalSecretsString := (cat "\nsecrets:\n" $secretsString $additionalSecretsString) | replace " -" " -" }}
-{{ $finalSecrets := ($finalSecretsString | fromYaml).secrets }}
-
-{{ $newValues := set $global.Values "secrets" $finalSecrets }}
-{{ $tmpGlobal := set $global "Values" $newValues }}
-
-{{ include "common.secret" $tmpGlobal }}
+{{ include "common.secretFast" . }}
secrets:
- uid: root-password
type: password
- externalSecret: '{{ tpl (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) . }}'
- password: '{{ tpl (default "" .global.mariadbGalera.userRootPassword) . }}'
+ externalSecret: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootSecret) (default (include "mariadbInit.mariadbClusterSecret" .) .Values.global.mariadbGalera.userRootSecret) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
+ password: '{{ tpl (ternary (default "" .Values.mariadbGalera.userRootPassword) (default "" .Values.global.mariadbGalera.userRootPassword) (not (empty (default "" .Values.mariadbGalera.serviceName)))) . }}'
- uid: '{{ .Values.config.mysqlDatabase }}'
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.userCredentialsExternalSecret) . }}'
# Set it if you want to change the name of the different components
# nameOverride:
+mariadbGalera: {}
+# serviceName: some-name
+# containerName: some-name
+# servicePort: 3306
+# userRootPassword: some-password
+# userRootSecret: some-secret-name
+# userRootSecretKey: password
+
+
config:
userPassword: Ci@shsOd3pky1Vji
userName: u5WZ1GMSIS1wHZF
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
spec:
+{{ include "common.podSecurityContext" . | indent 6 }}
containers:
- name: {{ include "common.name" . }}
image: "{{ .Values.dockerHubRepository }}/{{ .Values.image }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - docker-entrypoint.sh
+ args:
+ - --nounixsocket
env:
- name: MONGO_INITDB_DATABASE
value: "{{ .Values.config.dbName }}"
mountPath: /var/lib/mongo
resources:
{{ include "common.resources" . | indent 12 }}
+{{ include "common.containerSecurityContext" . | indent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 10 }}
rpcbindPort: 111
rpcbindUdpPort: 111
+securityContext:
+ user_id: 999
+ group_id: 999
+
ingress:
enabled: false
<appender-ref ref="asyncDebug" />
<appender-ref ref="asyncError" />
<appender-ref ref="asyncJettyLog" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
<appender-ref ref="asyncEELFError" />
<appender-ref ref="asyncEELFjettylog" />
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
\ No newline at end of file
<jmxConfigurator />
<property name="logDirectory" value="${AJSC_HOME}/log" />
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <filter class="ch.qos.logback.classic.filter.LevelFilter">
- <level>ERROR</level>
- <onMatch>ACCEPT</onMatch>
- <onMismatch>DENY</onMismatch>
- </filter>
<encoder>
<pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n
</pattern>
# limitations under the License.
-->
-<configuration scan="false" debug="true">
- <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
- <property name="p_lvl" value="%level"/>
- <property name="p_log" value="%logger"/>
- <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
- <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
- <property name="p_thr" value="%thread"/>
- <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
-
- <property name="logDir" value="/var/log/onap" />
- <property name="debugDir" value="/var/log/onap" />
-
- <property name="componentName" value="esr"></property>
- <property name="subComponentName" value="esr-server"></property>
+<configuration scan="{{ .Values.log.scan.enabled }}" debug="{{ .Values.log.debug }}">
+
+ <property name="componentName" value='{{default "UNSET_COMPONENT" .Values.log.componentName}}'/>
+ <property name="subcomponentName" value='{{default "UNSET_SUBCOMPONENT" .Values.log.subcomponentName}}'/>
+
+ <property name="logDir" value="{{ .Values.log.logDir }}" />
+ <property name="queueSize" value="{{ .Values.log.queueSize }}"/>
+
+ <property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
+ <property name="p_lvl" value="%level"/>
+ <property name="p_log" value="%logger"/>
+ <property name="p_mdc" value="%replace(%replace(%mdc){'\t','\\\\t'}){'\n', '\\\\n'}"/>
+ <property name="p_msg" value="%replace(%replace(%msg){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_exc" value="%replace(%replace(%rootException){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
+ <property name="p_thr" value="%thread"/>
+ <property name="pattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
<property name="errorLogName" value="error" />
<property name="metricsLogName" value="metrics" />
<property name="auditLogName" value="audit" />
<property name="debugLogName" value="debug" />
- <property name="errorPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
- <property name="debugPattern" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
-
+ <property name="errorPattern" value="${p_tim}|%X{RequestId}|%thread|%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%.-5level|%X{ErrorCode}|%X{ErrorDesc}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
+ <property name="debugPattern" value="${p_tim}|%X{RequestId}|%msg%n\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n" />
<property name="auditPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||||||%msg%n" />
<property name="metricPattern" value="%X{BeginTimestamp}|%X{EndTimestamp}|%X{RequestId}|%X{ServiceInstanceId}|%thread||%X{ServiceName}|%X{PartnerName}|%X{TargetEntity}|%X{TargetServiceName}|%X{StatusCode}|%X{ResponseCode}|%X{ResponseDesc}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{Timer}|%X{ServerFQDN}|%X{RemoteHost}||||%X{TargetVirtualEntity}|||||%msg%n" />
+
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
- <property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+
+ <!-- Console (human-readable) logging -->
+ <property name="consolePattern" value="%nopexception${p_log}\t${p_tim}\t${p_lvl}\t%message\t${p_mdc}\t%rootException\t${p_mak}\t${p_thr}%n"/>
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
</appender>
<appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFAudit" />
</appender>
</appender>
<appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFMetrics"/>
</appender>
</appender>
<appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFError"/>
</appender>
<appender name="EELFDebug"
class="ch.qos.logback.core.rolling.RollingFileAppender">
- <file>${debugLogDirectory}/${debugLogName}.log</file>
+ <file>${logDirectory}/${debugLogName}.log</file>
<rollingPolicy
class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${debugLogDirectory}/${debugLogName}.log.%d</fileNamePattern>
+ <fileNamePattern>${logDirectory}/${debugLogName}.log.%d</fileNamePattern>
</rollingPolicy>
<encoder>
<pattern>${debugPattern}</pattern>
</appender>
<appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
- <queueSize>256</queueSize>
+ <queueSize>${queueSize}</queueSize>
<appender-ref ref="EELFDebug" />
<includeCallerData>true</includeCallerData>
</appender>
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${consolePattern}</pattern>
+ </encoder>
+ </appender>
+
<logger name="com.att.eelf.audit" level="info" additivity="false">
<appender-ref ref="asyncEELFAudit" />
</logger>
<appender-ref ref="asyncEELFError" />
</logger>
- <root level="INFO">
+ <root level="{{ .Values.log.root.level }}">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
-</configuration>
-
+</configuration>
\ No newline at end of file
ingress:
enabled: false
+log:
+ componentName: esr
+ subcomponentName: esr-server
+ debug: true
+ scan:
+ enabled: false
+ logDir: /var/log/onap
+ queueSize: 256
+ root:
+ level: INFO
+
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
<property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
<property name="debugLogDirectory" value="${debugDir}/${componentName}/${subComponentName}" />
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
<appender name="EELFAudit"
class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDirectory}/${auditLogName}.log</file>
<root level="INFO">
<appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
</root>
</configuration>
# flag to enable debugging - application support required
debugEnabled: false
+ # default password complexity
+ # available options: phrase, name, pin, basic, short, medium, long, maximum security
+ # More datails: https://masterpassword.app/masterpassword-algorithm.pdf
+ passwordStrength: long
+
# configuration to set log level to all components (the one that are using
# "common.log.level" to set this)
# can be overrided per components by setting logConfiguration.logLevelOverride
make-has:
cd charts && helm dep up oof-has
cd charts && helm dep up oof-cmso
+
+clean:
+ @find . -type f -name '*.tgz' -delete
+ @find . -type f -name '*.lock' -delete
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
- name: JAVA_TRUSTSTORE
value: /share/etc/certs/{{ .Values.global.truststoreFile }}
- name: SSL_KEYSTORE
# Copyright © 2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
# user: cmso-admin
# Copyright (c) 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ - name: {{ include "common.name" . }}-db-config-readiness
+ command:
+ - /app/ready.py
+ args:
+ - -j
+ - "{{ include "common.release" . }}-cmso-db-config-config-job"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}"
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: {{ include "common.name" . }}-chown
command: ["/bin/sh", "-c", "chown -Rf 1000:1000 /share/"]
image: "{{ .Values.global.busyBoxRepository }}/{{ .Values.global.busyBoxImage }}"
- name: DB_PORT
value: {{ .Values.config.db.port | quote}}
- name: DB_USERNAME
- value: {{ .Values.config.db.root }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "login") | indent 10}}
- name: DB_SCHEMA
value: {{ .Values.config.db.mysqlDatabase }}
- name: DB_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-root-password" "key" "password") | indent 10}}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-db-user-secret" "key" "password") | indent 10}}
terminationMessagePolicy: File
volumeMounts:
- name: {{ include "common.fullname" . }}-config
# Copyright © 2018-2019 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# Secrets metaconfig
#################################################################
secrets:
- - uid: cmso-db-root-password
- type: password
- password: '{{ .Values.config.db.rootPassword }}'
- externalSecret: '{{ tpl (default "" .Values.config.db.rootPasswordExternalSecret) . }}'
- policy: required
- uid: cmso-db-user-secret
type: basicAuth
externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
config:
db:
port: 3306
- root: root
# rootPassword: pass
# rootPasswordExternalSecret: some secret
# user: cmso-admin
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: mariadb-galera
version: ~6.x-0
repository: '@local'
+ - name: mariadb-init
+ version: ~6.x-0
+ repository: '@local'
# Copyright © 2018 AT&T
+# Copyright (C) 2020 Wipro Limited.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
#################################################################
secrets:
- uid: cmso-db-root-password
- name: '{{ include "common.release" . }}-cmso-db-root-password'
+ name: &rootPassword '{{ include "common.release" . }}-cmso-db-root-password'
type: password
password: ''
policy: generate
+ - uid: cmso-service-db-secret
+ name: &serviceDbCreds '{{ include "common.release" . }}-cmso-service-db-secret'
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.db.service.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.service.userName }}'
+ password: '{{ .Values.config.db.service.userPassword }}'
+ passwordPolicy: generate
- uid: cmso-db-secret
- name: '{{ include "common.release" . }}-cmso-db-secret'
+ name: &optimizerDbCreds '{{ include "common.release" . }}-cmso-optimizer-db-secret'
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.config.db.userCredentialsExternalSecret) . }}'
- login: '{{ .Values.config.db.userName }}'
- password: '{{ .Values.config.db.userPassword }}'
+ externalSecret: '{{ tpl (default "" .Values.config.db.optimizer.userCredentialsExternalSecret) . }}'
+ login: '{{ .Values.config.db.optimizer.userName }}'
+ password: '{{ .Values.config.db.optimizer.userPassword }}'
passwordPolicy: generate
mariadb-galera:
replicaCount: 1
- nameOverride: cmso-db
+ nameOverride: &containerName cmso-db
service:
type: ClusterIP
- name: oof-cmso-dbhost
+ name: &serviceName oof-cmso-dbhost
portName: cmso-dbhost
nfsprovisionerPrefix: cmso
sdnctlPrefix: cmso
enabled: true
disableNfsProvisioner: true
config:
- mariadbRootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- mysqlDatabase: cmso
+ mariadbRootPasswordExternalSecret: *rootPassword
+ # userCredentialsExternalSecret: *dbCreds
+ # mysqlDatabase: cmso
externalConfig: |
[mysqld]
lower_case_table_names = 1
busyBoxImage: busybox:1.30
busyBoxRepository: docker.io
+mariadb-init:
+ mariadbGalera:
+ containerName: *containerName
+ serviceName: *serviceName
+ servicePort: 3306
+ userRootSecret: *rootPassword
+ config:
+ userCredentialsExternalSecret: *serviceDbCreds
+ mysqlDatabase: cmso
+ mysqlAdditionalDatabases:
+ optimizer:
+ externalSecret: *optimizerDbCreds
+ nameOverride: cmso-db-config
+
flavor: small
config:
logstashServiceName: log-ls
logstashPort: 5044
db:
- # userCredentialsExternalsecret: some secret
- userName: cmso-admin
- # userPassword: password
+ service:
+ # userCredentialsExternalsecret: some secret
+ userName: cmso-admin
+ # userPassword: password
+ optimizer:
+ userName: cmso-optimizer
oof-cmso-service:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *serviceDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: cmso
oof-cmso-optimizer:
config:
db:
- userCredentialsExternalSecret: '{{ include "common.release" . }}-cmso-db-secret'
- rootPasswordExternalSecret: '{{ include "common.release" . }}-cmso-db-root-password'
+ userCredentialsExternalSecret: *optimizerDbCreds
host: oof-cmso-dbhost
container: cmso-db
mysqlDatabase: optimizer
<root>
<appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
<!-- <appender-ref ref="asyncEELFDebug" /> -->
</root>
--- /dev/null
+TransportType=HTTPNOAUTH
+Latitude =50.000000
+Longitude =-100.000000
+Version =1.0
+ServiceName=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}/events
+Environment =TEST
+Partner =
+routeOffer=MR1
+SubContextPath =/
+Protocol =http
+MethodType =GET
+username =UNUSED
+password =UNUSED
+contenttype =application/json
+authKey=UNUSED
+authDate=UNUSED
+host=message-router.{{.Release.Namespace}}:{{.Values.config.dmaapPort}}
+topic=RAN-Slice-Mgmt
+group=users
+id=sdnc1
+timeout=15000
+limit=1000
+filter=
+AFT_DME2_EXCHANGE_REQUEST_HANDLERS=com.att.nsa.test.PreferredRouteRequestHandler
+AFT_DME2_EXCHANGE_REPLY_HANDLERS=com.att.nsa.test.PreferredRouteReplyHandler
+AFT_DME2_REQ_TRACE_ON=true
+AFT_ENVIRONMENT=AFTUAT
+AFT_DME2_EP_CONN_TIMEOUT=15000
+AFT_DME2_ROUNDTRIP_TIMEOUT_MS=240000
+AFT_DME2_EP_READ_TIMEOUT_MS=50000
+sessionstickinessrequired=NO
+DME2preferredRouterFilePath=/opt/onap/sdnc/data/properties/dmaap-listener.preferredRoute.txt
+sdnc.odl.user=${ODL_USER}
+sdnc.odl.password=${ODL_PASSWORD}
+sdnc.odl.url-base=http://sdnc-oam.{{.Release.Namespace}}:{{.Values.config.sdncPort}}/restconf/operations
- mountPath: {{ .Values.config.configDir }}/dmaap-consumer-oofpcipoc.properties
name: properties
subPath: dmaap-consumer-oofpcipoc.properties
+ - mountPath: {{ .Values.config.configDir }}/dmaap-consumer-RANSlice.properties
+ name: properties
+ subPath: dmaap-consumer-RANSlice.properties
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
global:
nodePortPrefixExt: 304
repository: nexus3.onap.org:10001
- readinessRepository: oomk8s
- readinessImage: readiness-check:2.0.2
+ readinessImage: onap/oom/readiness:3.0.1
persistence:
mountPath: /dockerdata-nfs