echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.1
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
dmaap-mr@dmaap-mr.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-mr|root|30|{'dmaap-mr', 'dmaap-mr.onap', 'message-router', 'message-router.onap', 'mr.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|10.12.25.177|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'pkcs12', 'script'}
dmaapmr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router', 'message-router.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaapmr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
+dmaapmr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router-kafka-0', 'message-router-kafka-0.onap', '{{include "common.release" .}}-message-router-kafka-0.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-1', 'message-router-kafka-1.onap', '{{include "common.release" .}}-message-router-kafka-1.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-2', 'message-router-kafka-2.onap', '{{include "common.release" .}}-message-router-kafka-2.message-router-kafka.onap.svc.cluster.local', 'message-router', 'mr.api.simpledemo.onap.org', 'message-router.onap', 'dmaapmr dmaap.mr', 'dmaap-mr', 'dmaap.mr.onap', 'dmaap-mr.onap', 'dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
dmaapmr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|holmes-rule-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-rule-mgmt|root|30|{'holmes-rule-mgmt', 'holmes-rule-mgmt.api.simpledemo.onap.org', 'holmes-rule-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|holmes-engine-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-engine-mgmt|root|30|{'holmes-engine-mgmt', 'holmes-engine-mgmt.api.simpledemo.onap.org', 'holmes-engine-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.policy|53344||
pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-engine-mgmt|53344||
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-rule-mgmt|53344||
nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
\ No newline at end of file
+portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
org.onap.dmaap||org.onap||3
org.onap.holmes||org.onap||3
+org.onap.holmes-engine-mgmt||org.onap||3
+org.onap.holmes-rule-mgmt||org.onap||3
org.onap.music||org.onap||3
org.onap.msb-eag||org.onap||3
org.onap.msb-iag||org.onap||3
org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
+org.onap.holmes-engine-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|service'}"
+org.onap.holmes-engine-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-engine-mgmt|owner'}"
+org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
+org.onap.holmes-rule-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|service'}"
+org.onap.holmes-rule-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-rule-mgmt|owner'}"
+org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
org.onap.holmes|service||
+org.onap.holmes-engine-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-engine-mgmt|access|*|*', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-engine-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-engine-mgmt|access|*|read'}"
+org.onap.holmes-engine-mgmt|seeCerts||"{'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-engine-mgmt|service||"{'org.onap.holmes-engine-mgmt|access|*|*'}"
+org.onap.holmes-rule-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-rule-mgmt|access|*|*', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-rule-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-rule-mgmt|access|*|read'}"
+org.onap.holmes-rule-mgmt|seeCerts||"{'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-rule-mgmt|service||"{'org.onap.holmes-rule-mgmt|access|*|*'}"
org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.holmes-engine-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|owner
+mmanager@people.osaaf.org|org.onap.holmes-rule-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|owner
mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.holmes-engine-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|admin
+aaf_admin@people.osaaf.org|org.onap.holmes-rule-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|admin
aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
dcae@dcae.onap.org|org.onap.dmaap.mr.PM_MAPPER.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|publisher
dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_READY.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|pub
dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|sub
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|seeCerts
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|service
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|seeCerts
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|service
oof@oof.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
oof@oof.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
oof@oof.onap.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
small:
limits:
cpu: 400m
- memory: 40Mi
+ memory: 80Mi
requests:
- cpu: 10m
- memory: 25Mi
+ cpu: 40m
+ memory: 40Mi
large:
limits:
cpu: 400m
memory: 700Mi
requests:
- cpu: 10m
+ cpu: 40m
memory: 100Mi
unlimited: {}
policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+holmes-engine-mgmt|ONAP Holmes Engine Management Application|HOLMES-ENGINE|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+holmes-rule-mgmt|ONAP Holmes Rules Management Application|HOLMES-RULES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}'
+ value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-resources
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-resources:1.8.2
/bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
- name: DISABLE_UPDATE_QUERY
value: {{ .Values.config.disableUpdateQuery | quote }}
- name: LOCAL_USER_ID
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-traversal
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** writing passwords into prop file"
+ echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-traversal:1.8.0
cadi_latitude: "0.0"
credsPath: /opt/app/osaaf/local
aaf_add_config: |
- echo "*** retrieving passwords from AAF"
- /opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
- export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0)
echo "*** transform AAF certs into pem files"
mkdir -p {{ .Values.credsPath }}/certs
keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.0.3
+image: onap/ccsdk-blueprintsprocessor:1.1.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.0.3
+image: onap/ccsdk-commandexecutor:1.1.1
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.0.3
+image: onap/ccsdk-py-executor:1.1.1
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.0.3
+image: onap/ccsdk-sdclistener:1.1.1
name: sdc-listener
pullPolicy: Always
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.0.3
+image: onap/ccsdk-cds-ui-server:1.1.1
pullPolicy: Always
# application configuration
--- /dev/null
+{{/*
+# Copyright © 2021 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ Generate comma separated list of kafka or zookeper nodes to reuse in message router charts.
+ How to use:
+
+ zookeeper servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
+ kafka servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
+
+*/}}
+{{- define "common.kafkaNodes" -}}
+{{- $dot := .dot -}}
+{{- $replicaCount := .replicaCount -}}
+{{- $componentName := .componentName -}}
+{{- $port := .port -}}
+{{- $kafkaNodes := list -}}
+{{- range $i, $e := until (int $replicaCount) -}}
+{{- $kafkaNodes = print (include "common.release" $dot) "-" $componentName "-" $i "." $componentName "." (include "common.namespace" $dot) ".svc.cluster.local:" $port | append $kafkaNodes -}}
+{{- end -}}
+{{- $kafkaNodes | join "," -}}
+{{- end -}}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.0.2
+image: onap/ccsdk-dgbuilder-image:1.1.1
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.0.2
+image: onap/ccsdk-apps-ms-neng:1.1.1
pullPolicy: IfNotPresent
# application configuration
collector.truststore.file.location: /opt/app/dcae-certificate/trust.jks
collector.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
collector.schema.checkflag: "1"
- collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2_ONAP.json\"}"
+ collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2.1_ONAP.json\"}"
collector.externalSchema.checkflag: 1
collector.externalSchema.schemasLocation: "./etc/externalRepo/"
collector.externalSchema.mappingFileLocation: "./etc/externalRepo/schema-map.json"
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{
-{{ if .Values.componentImages.holmes_engine }}
- "he_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
-{{ end }}
- "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
- "dcae_CL_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.DCAE_CL_OUTPUT",
- "ves_fault_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT",
- "pgaas_cluster_name" : "{{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}",
- "database_name":"holmes"
-}
- --container-name
- consul-server
- --container-name
- - msb-discovery
- - --container-name
- - kube2msb
- - --container-name
- dcae-config-binding-service
- --container-name
- dcae-db
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- holmes_rules: onap/holmes/rule-management:1.2.9
- holmes_engine: onap/holmes/engine-management:1.2.9
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0
- snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4
# Resource Limit flavor -By Default using small
flavor: small
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.4
+image: onap/dmaap/dmaap-bc:2.0.5
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.7
+image: onap/dmaap/datarouter-node:2.1.8
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.7
+image: onap/dmaap/datarouter-prov:2.1.8
pullPolicy: Always
# flag to enable debugging - application support required
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+++ /dev/null
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-
-cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
-
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
\ No newline at end of file
{{- if .Values.global.aafEnabled }}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
---
{{- end }}
-
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
kind: ConfigMap
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $global.Values.replicaCount) }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
+ namespace: {{ include "common.namespace" $global }}
labels:
app: {{ $global.Values.service.name }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
*/}}
{{- $root := . -}}
-{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $root.Values.replicaCount) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $root.Values.service.name }}-{{ $i }}
- namespace: {{ $root.Release.Namespace }}
+ namespace: {{ include "common.namespace" $root }}
labels:
app: {{ $root.Values.service.name }}
chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
- |
export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
{{- if .Values.global.aafEnabled }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.final_cadi_files }} /etc/kafka/data/{{ .Values.certInitializer.final_cadi_files }} && \
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
{{ else }}
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- containerPort: {{ .Values.jmx.port }}
name: jmx
{{- end }}
- {{ if eq .Values.liveness.enabled true }}
+ {{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
apiVersion: v1
fieldPath: status.hostIP
- name: KAFKA_ZOOKEEPER_CONNECT
- value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ value: "{{ include "common.kafkaNodes" (dict "dot" . "replicaCount" .Values.zookeeper.replicaCount "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}"
- name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
value: "{{ .Values.kafka.enableSupport }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
{{- if .Values.global.aafEnabled }}
- name: KAFKA_OPTS
value: "{{ .Values.kafka.jaasOptionsAaf }}"
{{- end }}
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
- {{- if .Values.global.aafEnabled }}
- - mountPath: /etc/kafka/data/cadi.properties
- subPath: cadi.properties
- name: cadi
- {{ end }}
- name: jaas-config
mountPath: /etc/kafka/secrets/jaas
- mountPath: /var/lib/kafka/data
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: jaas
configMap:
name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
+ {{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
nodePortPrefix: 302
persistence: {}
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-mr-kafka-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-mr
+ fqi: dmaapmr@mr.dmaap.onap.org
+ public_fqdn: mr.dmaap.onap.org
+ cadi_longitude: "-122.26147"
+ cadi_latitude: "37.78187"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.dmaap.mr
+ final_cadi_files: cadi.properties
+ aaf_add_config: |
+ echo "*** concat the three prop files"
+ cd {{ .Values.credsPath }}
+ cat {{ .Values.fqi_namespace }}.props > {{ .Values.final_cadi_files }}
+ cat {{ .Values.fqi_namespace }}.cred.props >> {{ .Values.final_cadi_files }}
+ cat {{ .Values.fqi_namespace }}.location.props >> {{ .Values.final_cadi_files }}
+ echo "*** configuration result:"
+ cat {{ .Values.final_cadi_files }}
+ chown -R 1000 .
+
+
#################################################################
# Application configuration defaults.
#################################################################
zookeeper:
name: message-router-zookeeper
port: 2181
+ replicaCount: 3
kafka:
heapOptions: -Xmx5G -Xms1G
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $global.Values.replicaCount) }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
+ namespace: {{ include "common.namespace" $global }}
labels:
app: {{ $global.Values.service.name }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
#config.zk.servers=172.18.1.1
#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
*/}}
-config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
+config.zk.servers={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
#config.zk.root=/fe3c/cambria/config
## if you want to change request.required.acks it can take this one value
#kafka.metadata.broker.list=localhost:9092,localhost:9093
#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}}
-kafka.metadata.broker.list={{include "common.release" .}}-{{.Values.kafka.name}}-0.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{include "common.release" .}}-{{.Values.kafka.name}}-1.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{include "common.release" .}}-{{.Values.kafka.name}}-2.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}}
+kafka.metadata.broker.list={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
+
##kafka.request.required.acks=-1
#kafka.client.zookeeper=${config.zk.servers}
consumer.timeout.ms=100
cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
consumer.timeout=17
default.partitions=3
-default.replicas=3
+default.replicas={{ index .Values "message-router-kafka" "replicaCount" }}
##############################################################################
#100mb
maxcontentlength=10000
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
kafka.session.timeout.ms=240000
-kafka.max.poll.records=1000
\ No newline at end of file
+kafka.max.poll.records=1000
+++ /dev/null
-aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-
-cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
-
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
\ No newline at end of file
--- /dev/null
+###############################################################################
+# ============LICENSE_START=======================================================
+# org.onap.dmaap
+# ================================================================================
+# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+###############################################################################
+#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
+#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
+#to a SOA/CSI Cloud node. For more information,
+
+#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
+#particular service, please add them AFTER all AJSC related System Properties.
+
+#For Cadi Authorization, use value="authentication-scheme-1
+CadiAuthN=authentication-scheme-1
+
+#For Basic Authorization, use value="authentication-scheme-1
+authN=authentication-scheme-2
+
+#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
+ajscPersistence=file
+
+# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
+hawtio.authenticationEnabled=false
+hawtio.config.pullOnStartup=false
+
+#Removes the extraneous restlet console output
+org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
+
+#server.host property to be enabled for local DME2 related testing
+#server.host=<Your network IP address>
+
+#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
+enableSSL=false
+
+#Enable/disable csi logging (values=true/false). This can be disabled during local development
+csiEnable=false
+
+#Enable/disable CAET This can be disabled during local development
+isCAETEnable=true
+
+#Enable/disable EJB Container
+ENABLE_EJB=false
+
+#Enable/disable OSGI
+isOSGIEnable=false
+
+#Configure JMS Queue (WMQ/TIBCO)
+JMS_BROKER=WMQ
+
+#Generate/Skip api docs
+isApiDoc=false
+
+
+#WMQ connectivity
+JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
+JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
+JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
+JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
+JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
+
+#CSI related variables for CSM framework
+csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
+
+#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
+endpointLogging=false
+
+#Enable/disable trail logging and trail logging summary
+enableTrailLogging=false
+enableTrailLoggingSummary=false
+
+#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
+SOA_CLOUD_ENV=false
+
+#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
+CONTINUE_ON_LISTENER_EXCEPTION=false
+
+#Jetty Container ThreadCount Configuration Variables
+AJSC_JETTY_ThreadCount_MIN=1
+AJSC_JETTY_ThreadCount_MAX=200
+AJSC_JETTY_IDLETIME_MAX=3000
+
+#Camel Context level default threadPool Profile configuration
+CAMEL_POOL_SIZE=10
+CAMEL_MAX_POOL_SIZE=20
+CAMEL_KEEP_ALIVE_TIME=60
+CAMEL_MAX_QUEUE_SIZE=1000
+
+#File Monitor configurations
+ssf_filemonitor_polling_interval=5
+ssf_filemonitor_threadpool_size=10
+
+#GRM/DME2 System Properties
+AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
+AJSC_ENV=SOACLOUD
+
+SOACLOUD_NAMESPACE=org.onap.dmaap.dev
+SOACLOUD_ENV_CONTEXT=TEST
+SOACLOUD_PROTOCOL=http
+SOACLOUD_ROUTE_OFFER=DEFAULT
+
+AFT_LATITUDE=23.4
+AFT_LONGITUDE=33.6
+AFT_ENVIRONMENT=AFTUAT
+
+#Restlet Component Default Properties
+RESTLET_COMPONENT_CONTROLLER_DAEMON=true
+RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
+RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
+RESTLET_COMPONENT_MIN_THREADS=1
+RESTLET_COMPONENT_MAX_THREADS=10
+RESTLET_COMPONENT_LOW_THREADS=8
+RESTLET_COMPONENT_MAX_QUEUED=0
+RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
+RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
+RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
+RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
+RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
+RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
+RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
+RESTLET_COMPONENT_REUSE_ADDRESS=true
+
+#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
+#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
+#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
+#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
+#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
+#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
+#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
+#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
+#default csm properties files will be used for local testing with anything CSM knorelated.
+#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
+#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
+#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
+#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
+#when running locally, the following 2 properties should be set within the profile(s) themselves.
+#Example: target/commonLibs|target/otherLibs
+#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
+#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
+#End of AJSC System Properties
+
+#Service System Properties. Please, place any Service related System Properties below.
+
+#msgrtr content length and error message
+#100mb
+maxcontentlength=10000
+msg_size_exceeds=Message size exceeds the default size.
+forceAAF=false
+cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- {{/*
+ ============LICENSE_START=======================================================
+ org.onap.dmaap
+ ================================================================================
+ Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
+ Copyright © 2021 Orange Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+*/}}
+-->
+
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
+ <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
+ <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
+ <Set name="extractWAR">true</Set>
+ <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
+ <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
+ <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
+ <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
+ <Set name="throwUnavailableOnStartupException">true</Set>
+ <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
+ <Set name="servletHandler">
+ <New class="org.eclipse.jetty.servlet.ServletHandler">
+ <Set name="startWithUnavailable">false</Set>
+ </New>
+ </Set>
+ </New>
+
+ <Set name="handler">
+ <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
+ <Set name="Handlers">
+ <Array type="org.eclipse.jetty.webapp.WebAppContext">
+ <Item>
+ <Ref refid="ajscContext" />
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
+ <Set name="contexts">
+ <Ref refid="Contexts" />
+ </Set>
+ <Call id="extAppHotDeployProvider" name="addAppProvider">
+ <Arg>
+ <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
+ <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
+ <Set name="scanInterval">10</Set>
+ <Set name="extractWars">true</Set>
+ </New>
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </Call>
+
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <!-- SSL Keystore configuration -->
+
+ <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
+ <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
+ <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
+ <Set name="WantClientAuth">true</Set>
+ </New>
+ <Call id="sslConnector" name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory">
+ <Ref refid="sslContextFactory" />
+ </Arg>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config">
+ <New class="org.eclipse.jetty.server.HttpConfiguration">
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
+ <Set name="idleTimeout">30000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <Get name="ThreadPool">
+ <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
+ <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
+ <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
+ <Set name="detailedDump">false</Set>
+ </Get>
+
+</Configure>
--- /dev/null
+aaf_locate_url=https://aaf-locate.onap:8095
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+aaf_env=DEV
+aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
+
+cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
+
+cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+
+cadi_alias={{ .Values.certInitializer.fqi }}
+cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+
+cadi_loglevel=INFO
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--{{/*
+ ============LICENSE_START=======================================================
+ org.onap.dmaap
+ ================================================================================
+ Copyright c 2017 AT&T Intellectual Property. All rights reserved.
+ Copyright c 2021 Orange Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
+
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/spring-servlet.xml,
+ classpath:applicationContext.xml
+</param-value>
+ </context-param>
+
+ <context-param>
+ <param-name>spring.profiles.default</param-name>
+ <param-value>nooauth</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <servlet>
+ <servlet-name>ManagementServlet</servlet-name>
+ <servlet-class>ajsc.ManagementServlet</servlet-class>
+ </servlet>
+
+ <filter>
+ <filter-name>WriteableRequestFilter</filter-name>
+ <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
+ </filter>
+
+ <filter>
+ <filter-name>InterceptorFilter</filter-name>
+ <filter-class>ajsc.filters.InterceptorFilter</filter-class>
+ <init-param>
+ <param-name>preProcessor_interceptor_config_file</param-name>
+ <param-value>/etc/PreProcessorInterceptors.properties</param-value>
+ </init-param>
+ <init-param>
+ <param-name>postProcessor_interceptor_config_file</param-name>
+ <param-value>/etc/PostProcessorInterceptors.properties</param-value>
+ </init-param>
+
+ </filter>
+
+ <!-- Content length filter for Msgrtr -->
+ <filter>
+ <display-name>DMaaPAuthFilter</display-name>
+ <filter-name>DMaaPAuthFilter</filter-name>
+ <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
+ <init-param>
+ <param-name>cadi_prop_files</param-name>
+ <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
+ </init-param>
+ </filter>
+
+ <!-- End Content length filter for Msgrtr -->
+ <servlet>
+ <servlet-name>RestletServlet</servlet-name>
+ <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
+ <init-param>
+ <param-name>org.restlet.component</param-name>
+ <param-value>restletComponent</param-value>
+ </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name>CamelServlet</servlet-name>
+ <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
+ </servlet>
+
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <servlet>
+ <servlet-name>spring</servlet-name>
+ <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>spring</servlet-name>
+ <url-pattern>/</url-pattern>
+ </servlet-mapping>
+
+</web-app>
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-logback-xml-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-logback-xml-configmap
+ name: {{ include "common.fullname" . }}-etc
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-sys-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
+---
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
kind: ConfigMap
{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
---
{{ end }}
-
-
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config
+ name: jetty
+ - mountPath: /config-input
+ name: etc
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
+ cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
+ /bin/sh /appl/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
env:
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
subPath: logback.xml
name: logback
- - mountPath: /appl/dmaapMR1/etc/cadi.properties
- subPath: cadi.properties
- name: cadi
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
+ - mountPath: /appl/dmaapMR1/etc/runner-web.xml
+ subPath: runner-web.xml
+ name: etc
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
+ subPath: sys-props.properties
+ name: sys-props
+ - mountPath: /jetty-config
+ name: jetty
resources: {{ include "common.resources" . | nindent 12 }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
+ - name: etc
+ configMap:
+ name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
{{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
+ - name: sys-props
+ configMap:
+ name: {{ include "common.fullname" . }}-sys-props
+ - name: jetty
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
global:
nodePortPrefix: 302
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-mr-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-mr
+ fqi: dmaapmr@mr.dmaap.onap.org
+ public_fqdn: mr.dmaap.onap.org
+ cadi_longitude: "-122.26147"
+ cadi_latitude: "37.78187"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
+ fqi_namespace: org.onap.dmaap.mr
+ aaf_add_config: |
+ cd {{ .Values.credsPath }}
+ echo "*** change jks password into shell safe one"
+ export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ echo "*** set key password as same password as jks keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+ echo "*** store the passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+ echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
+ echo "*** give ownership of files to the user"
+ chown -R 1000 .
+
#################################################################
# Application configuration defaults.
#################################################################
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2021 ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP multicloud Azure plugin
-name: multicloud-azure
+description: ONAP DCAE HOLMES
+name: holmes
version: 8.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: Holmes Engine Management
+name: holmes-engine-mgmt
+version: 8.0.0
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{
+ "services_calls": {},
+ "streams_publishes": {
+ "dcae_cl_out": {
+ "dmaap_info": {
+ "topic_url": "http://message-router.onap:3904/events/unauthenticated.DCAE_CL_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ },
+ "streams_subscribes": {
+ "ves_fault": {
+ "dmaap_info": {
+ "topic_url": "http://message-router.onap:3904/events/unauthenticated.SEC_FAULT_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ }
+}
--- /dev/null
+#
+# Copyright 2017 ZTE Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+server:
+ type: simple
+ rootPath: '/api/holmes-engine-mgmt/v1/*'
+ applicationContextPath: /
+ adminContextPath: /admin
+ connector:
+ type: https
+ port: 9102
+ keyStorePath: /opt/onap/conf/holmes.keystore
+ keyStorePassword: holmes
+ validateCerts: false
+ validatePeers: false
+
+
+# Logging settings.
+logging:
+
+ # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
+ level: ALL
+
+ # Logger-specific levels.
+ loggers:
+
+ # Sets the level for 'com.example.app' to DEBUG.
+ org.onap.holmes.engine: ALL
+
+ appenders:
+ - type: console
+ threshold: ALL
+ timeZone: UTC
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ - type: file
+ threshold: ERROR
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/engine-d-error.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+ - type: file
+ threshold: DEBUG
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+
+
+database:
+ driverClass: org.postgresql.Driver
+ user: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ properties:
+ charSet: UTF-8
+ maxWaitForConnection: 1s
+ validationQuery: "/* MyService Health Check */ SELECT 1"
+ minSize: 8
+ maxSize: 100
+ checkConnectionWhileIdle: false
+ evictionInterval: 10s
+ minIdleTime: 1s
--- /dev/null
+--
+-- Copyright 2017 ZTE Corporation.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+\c postgres
+
+/******************CREATE NEW DATABASE AND USER***************************/
+CREATE DATABASE ${DB_NAME};
+
+CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN;
+
+\encoding UTF8;
+
+/******************DELETE OLD TABLE AND CREATE NEW***************************/
+\c ${DB_NAME};
+
+DROP TABLE IF EXISTS ALARM_INFO;
+
+CREATE TABLE ALARM_INFO (
+ EVENTID VARCHAR(150) NOT NULL,
+ EVENTNAME VARCHAR(150) NOT NULL,
+ ALARMISCLEARED SMALLINT NOT NULL,
+ ROOTFLAG SMALLINT NOT NULL,
+ STARTEPOCHMICROSEC BIGINT NOT NULL,
+ LASTEPOCHMICROSEC BIGINT NOT NULL,
+ SOURCEID VARCHAR(150) NOT NULL,
+ SOURCENAME VARCHAR(150) NOT NULL,
+ PRIMARY KEY (EVENTID)
+);
+
+CREATE TABLE IF NOT EXISTS ENGINE_ENTITY (
+ ID VARCHAR(150) NOT NULL,
+ IP VARCHAR(128) NOT NULL,
+ PORT SMALLINT NOT NULL,
+ LASTMODIFIED BIGINT NOT NULL,
+ PRIMARY KEY (ID)
+);
+
+GRANT ALL PRIVILEGES ON ALARM_INFO TO ${JDBC_USERNAME};
+GRANT ALL PRIVILEGES ON ENGINE_ENTITY TO ${JDBC_USERNAME};
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - holmes-engine-mgmt|/hemconfig/cfy.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /hemconfig
+ name: {{ include "common.fullname" . }}-config
+ - name: {{ include "common.name" . }}-env-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /hemconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done"
+ env:
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumeMounts:
+ - mountPath: /hemconfig
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-env-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-env-config
+ mountPath: /opt/hemconfig
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ scheme: {{ .Values.liveness.scheme }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ failureThreshold: 1
+ successThreshold: 1
+ timeoutSeconds: 1
+ env:
+ - name: CONSUL_HOST
+ value: consul-server.{{ include "common.namespace" . }}
+ - name: CONFIG_BINDING_SERVICE
+ value: config-binding-service
+ - name: msb_hostname
+ value: "msb-iag.onap"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ defaultMode: 422
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-env-config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-{
-{{ if .Values.componentImages.holmes_rules }}
- "hr_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
-{{ end }}
-
- "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
- "pgaas_cluster_name" : "{{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}",
- "database_name":"holmes"
-}
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/holmes/engine-management:1.3.2
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: holmes-engine-mgmt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: holmes-engine-mgmt
+ fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
+ fqi_namespace: org.onap.holmes-engine-mgmt
+ public_fqdn: holmes-engine-mgmt.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
+ -keystore {{ .Values.fqi_namespace }}.p12 \
+ -keypass "${cadi_keystore_password_p12}" \
+ -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- uid: pg-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}'
+ login: '{{ .Values.config.pgConfig.dbUser }}'
+ password: '{{ .Values.config.pgConfig.dbUserPassword }}'
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # Addresses of other ONAP entities
+ address:
+ consul:
+ host: consul-server
+ port: 8500
+ pgConfig:
+ dbName: defaultName
+ dbHost: defaultHost
+ dbPort: 1234
+ dbUser: admin
+ dbUserPassword: admin
+ # dbUserCredsExternalSecret
+
+service:
+ type: ClusterIP
+ name: holmes-engine-mgmt
+ ports:
+ - name: https-rest
+ port: &svc_port 9102
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ path: /api/holmes-engine-mgmt/v1/healthcheck
+ scheme: HTTPS
+ port: *svc_port
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ path: /api/holmes-engine-mgmt/v1/healthcheck
+ scheme: HTTPS
+ port: *svc_port
+
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 1Gi
+ requests:
+ cpu: 250m
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 250m
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: Holmes Rule Management
+name: holmes-rule-mgmt
+version: 8.0.0
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{
+ "holmes.default.rule.volte.scenario1": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b$$$package org.onap.holmes.droolsRule;\n\nimport org.onap.holmes.common.dmaap.DmaapService;\nimport org.onap.holmes.common.api.stat.VesAlarm;\nimport org.onap.holmes.common.aai.CorrelationUtil;\nimport org.onap.holmes.common.dmaap.entity.PolicyMsg;\nimport org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;\nimport org.onap.holmes.common.utils.DroolsLog;\n \n\nrule \"Relation_analysis_Rule\"\nsalience 200\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0,\n $sourceId: sourceId, sourceId != null && !sourceId.equals(\"\"),\n\t\t\t$sourceName: sourceName, sourceName != null && !sourceName.equals(\"\"),\n\t\t\t$startEpochMicrosec: startEpochMicrosec,\n eventName in (\"Fault_MultiCloud_VMFailure\"),\n $eventId: eventId)\n $child : VesAlarm( eventId != $eventId, parentId == null,\n CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),\n eventName in (\"Fault_MME_eNodeB out of service alarm\"),\n startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"Relation_analysis_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\t$child.setParentId($root.getEventId());\n\t\tupdate($child);\n\t\t\nend\n\nrule \"root_has_child_handle_Rule\"\nsalience 150\nno-loop true\n\twhen\n\t\t$root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)\n\t\t$child : VesAlarm(eventId != $eventId, parentId == $eventId)\n\tthen\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_has_child_handle_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_no_child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,\n sourceId != null && !sourceId.equals(\"\"),\n\t\t\tsourceName != null && !sourceName.equals(\"\"),\n eventName in (\"Fault_MultiCloud_VMFailure\"))\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_no_child_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_cleared_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_cleared_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\tretract($root);\nend\n\nrule \"child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"child_handle_Rule: childId=\" + $child.getEventId());\n\t\tretract($child);\nend",
+ "services_calls": {},
+ "streams_publishes": {},
+ "streams_subscribes": {}
+}
--- /dev/null
+--
+-- Copyright 2017 ZTE Corporation.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+\c postgres
+
+/******************CREATE NEW DATABASE AND USER***************************/
+CREATE DATABASE ${DB_NAME};
+
+CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN;
+
+\encoding UTF8;
+
+/******************DELETE OLD TABLE AND CREATE NEW***************************/
+\c ${DB_NAME};
+
+CREATE TABLE IF NOT EXISTS APLUS_RULE (
+ RID VARCHAR(30) NOT NULL,
+ NAME VARCHAR(150) NOT NULL,
+ CTRLLOOP VARCHAR(150) NOT NULL,
+ DESCRIPTION VARCHAR(4000) NULL,
+ ENABLE SMALLINT NOT NULL,
+ TEMPLATEID BIGINT NOT NULL,
+ ENGINEID VARCHAR(20) NOT NULL,
+ ENGINETYPE VARCHAR(20) NOT NULL,
+ CREATOR VARCHAR(20) NOT NULL,
+ CREATETIME TIMESTAMP NOT NULL,
+ UPDATOR VARCHAR(20) NULL,
+ UPDATETIME TIMESTAMP NULL,
+ PARAMS VARCHAR(4000) NULL,
+ CONTENT VARCHAR(20000) NOT NULL,
+ VENDOR VARCHAR(100) NOT NULL,
+ ENGINEINSTANCE VARCHAR(100) NOT NULL,
+ PACKAGE VARCHAR(255) NULL,
+ PRIMARY KEY (RID),
+ UNIQUE (NAME)
+);
+
+CREATE INDEX IDX_APLUS_RULE_NAME ON APLUS_RULE (NAME);
+CREATE INDEX IDX_APLUS_RULE_CTRLLOOP ON APLUS_RULE (CTRLLOOP);
+CREATE INDEX IDX_APLUS_RULE_ENABLE ON APLUS_RULE (ENABLE);
+CREATE INDEX IDX_APLUS_RULE_TEMPLATEID ON APLUS_RULE (TEMPLATEID);
+CREATE INDEX IDX_APLUS_RULE_ENGINEID ON APLUS_RULE (ENGINEID);
+CREATE INDEX IDX_APLUS_RULE_ENGINETYPE ON APLUS_RULE (ENGINETYPE);
+
+GRANT ALL PRIVILEGES ON APLUS_RULE TO ${JDBC_USERNAME};
--- /dev/null
+apidescription: ZTE Holmes rule Management rest API
+
+# use the simple server factory if you only want to run on a single port
+#server:
+# type: simple
+# connector:
+# type: http
+# port: 12003
+
+server:
+ type: simple
+ rootPath: '/api/holmes-rule-mgmt/v1/*'
+ applicationContextPath: /
+ adminContextPath: /admin
+ connector:
+ type: https
+ port: 9101
+ keyStorePath: /opt/onap/conf/holmes.keystore
+ keyStorePassword: holmes
+ validateCerts: false
+ validatePeers: false
+
+# Logging settings.
+logging:
+
+ # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
+ level: ALL
+
+ # Logger-specific levels.
+ loggers:
+
+ # Sets the level for 'com.example.app' to DEBUG.
+ org.onap.holmes.rulemgt: ALL
+
+ appenders:
+ - type: console
+ threshold: ALL
+ timeZone: UTC
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ - type: file
+ threshold: ERROR
+ #logFormat: "%nopexception%logger\n|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}\n|%level\n|%message\n|%X{InvocationID}\n|%rootException\n|%marker\n|%thread\n|%n \r\n"
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-error.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+ - type: file
+ threshold: DEBUG
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+
+#database
+database:
+ driverClass: org.postgresql.Driver
+ user: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ properties:
+ charSet: UTF-8
+ maxWaitForConnection: 1s
+ validationQuery: "/* MyService Health Check */ SELECT 1"
+ minSize: 8
+ maxSize: 100
+ checkConnectionWhileIdle: false
+ evictionInterval: 10s
+ minIdleTime: 1s
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - holmes-rule-mgmt|/hrmconfigs/cfy.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /hrmconfigs
+ name: {{ include "common.fullname" . }}-config
+ - name: {{ include "common.name" . }}-env-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /hrmconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done"
+ env:
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumeMounts:
+ - mountPath: /hrmconfig
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-env-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 8 }}
+ volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-env-config
+ mountPath: /opt/hrmconfig
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ scheme: {{ .Values.liveness.scheme }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ failureThreshold: 1
+ successThreshold: 1
+ timeoutSeconds: 1
+ env:
+ - name: CONSUL_HOST
+ value: consul-server.{{ include "common.namespace" . }}
+ - name: CONFIG_BINDING_SERVICE
+ value: config-binding-service
+ - name: msb_hostname
+ value: "msb-iag.onap"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ defaultMode: 422
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-env-config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration.
+#################################################################
+global:
+ nodePortPrefixExt: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/holmes/rule-management:1.3.2
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: holmes-rule-mgmt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: holmes-rule-mgmt
+ fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
+ fqi_namespace: org.onap.holmes-rule-mgmt
+ public_fqdn: holmes-rule-mgmt.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** set key password as same password as keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
+ -keystore {{ .Values.fqi_namespace }}.p12 \
+ -keypass "${cadi_keystore_password_p12}" \
+ -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- uid: pg-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}'
+ login: '{{ .Values.config.pgConfig.dbUser }}'
+ password: '{{ .Values.config.pgConfig.dbUserPassword }}'
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # Addresses of other ONAP entities
+ address:
+ consul:
+ host: consul-server
+ port: 8500
+ pgConfig:
+ dbName: defaultName
+ dbHost: defaultHost
+ dbPort: 1234
+ dbUser: admin
+ dbUserPassword: admin
+ # dbUserCredsExternalSecret
+
+service:
+ type: NodePort
+ name: holmes-rule-mgmt
+ ports:
+ - name: https-rest
+ port: &svc_port 9101
+ nodePort: 92
+ - name: https-ui
+ port: 9104
+ nodePort: 93
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ port: *svc_port
+ periodSeconds: 10
+ path: /api/holmes-rule-mgmt/v1/healthcheck
+ enabled: true
+ scheme: HTTPS
+
+readiness:
+ initialDelaySeconds: 30
+ port: *svc_port
+ periodSeconds: 30
+ path: /api/holmes-rule-mgmt/v1/healthcheck
+ scheme: HTTPS
+
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 250m
+ memory: 256Mi
+ requests:
+ cpu: 250m
+ memory: 1024Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 500m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada , ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: holmes-rule-mgmt
+ version: ~8.x-0
+ repository: 'file://components/holmes-rule-mgmt'
+ - name: holmes-engine-mgmt
+ version: ~8.x-0
+ repository: 'file://components/holmes-engine-mgmt'
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2021 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+secrets:
+- uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "holmes-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootPassword }}'
+- uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-holmes-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "holmes-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+pullPolicy: IfNotPresent
+
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+# application configuration override for postgres
+postgres:
+ nameOverride: holmes-pg
+ service:
+ name: holmes-postgres
+ name2: &dbHost holmes-postgres-primary
+ name3: holmes-postgres-replica
+ container:
+ name:
+ primary: holmes-postgres-primary
+ replica: holmes-postgres-replica
+ config:
+ pgUserName: holmes
+ pgDatabase: &dbName holmes
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgPort: &dbPort "5432"
+ persistence:
+ mountSubPath: holmes/data
+ mountInitPath: holmes
+
+holmes-engine-mgmt:
+ config:
+ pgConfig:
+ dbName: *dbName
+ dbHost: *dbHost
+ dbPort: *dbPort
+ dbUserCredsExternalSecret: *pgUserCredsSecretName
+
+holmes-rule-mgmt:
+ config:
+ pgConfig:
+ dbName: *dbName
+ dbHost: *dbHost
+ dbPort: *dbPort
+ dbUserCredsExternalSecret: *pgUserCredsSecretName
+
+# Resource Limit flavor -By Default using small
+flavor: small
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-version: 1
-disable_existing_loggers: False
-
-loggers:
- vio:
- handlers: [azure_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vio_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/azure/azure.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /opt/multicloud_azure/multicloud_azure/pub/config/log.yml
- name: azure-logconfig
- subPath: log.yml
- resources:
-{{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-azure/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- # side car containers
- - image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /usr/share/filebeat/data
- name: azure-data-filebeat
- volumes:
- - name: azure-log
- emptyDir: {}
- - name: azure-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: azure-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-azure",
- "version": "v0",
- "url": "/api/multicloud-azure/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/multicloud/azure:1.2.4
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- msbgateway: msb-iag
- msbPort: 80
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- portName: multicloud-azure
- externalPort: 9008
- internalPort: 9008
- nodePort: 61
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
- - name: multicloud-azure
- version: ~8.x-0
- repository: 'file://components/multicloud-azure'
- condition: multicloud-azure.enabled
- name: multicloud-fcaps
version: ~8.x-0
repository: 'file://components/multicloud-fcaps'
},
"provider_plugin": "multicloud-vio"
},
- "azure": {
- "vim_type": "azure",
- "versions": {
- "1.0": {
- "version": "1.0",
- "extra_info_hint": "",
- "provider_plugin": "multicloud-azure"
- }
- },
- "provider_plugin": "multicloud-azure"
- },
"k8s": {
"vim_type": "k8s",
"versions": {
#Istio sidecar injection policy
istioSidecar: true
-multicloud-azure:
- enabled: true
multicloud-fcaps:
enabled: true
multicloud-k8s:
version: ~8.x-0
repository: '@local'
condition: dcaemod.enabled
+ - name: holmes
+ version: ~8.x-0
+ repository: '@local'
+ condition: holmes.enabled
- name: dmaap
version: ~8.x-0
repository: '@local'
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
+holmes:
+ holmes-rule-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ holmes-engine-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
dmaap:
dmaap-bus-controller:
liveness:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
+holmes:
+ holmes-rule-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ holmes-engine-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
dmaap:
dmaap-bus-controller:
liveness:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
enabled: true
dcaegen2-services:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
esr:
enabled: true
dcaemod:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
esr:
enabled: true
dcaegen2-services:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
log:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
esr:
enabled: false
log:
enabled: false
dcaemod:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
GLOBAL_INJECTED_SO_REQDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-request-db-adapter") }}'
GLOBAL_INJECTED_SO_SDNC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-sdnc-adapter") }}'
GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vfc-adapter") }}'
-GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vnfm-adapter") }}'
+GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-etsi-sol003-adapter") }}'
GLOBAL_INJECTED_SO_NSSMF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-nssmf-adapter") }}'
GLOBAL_INJECTED_UBUNTU_1404_IMAGE = '{{ .Values.ubuntu14Image }}'
GLOBAL_INJECTED_UBUNTU_1604_IMAGE = '{{ .Values.ubuntu16Image }}'
GLOBAL_SO_REQDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-request-db-adapter" "port" 8083) }}'
GLOBAL_SO_SDNC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdnc-adapter" "port" 8086) }}'
GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vfc-adapter" "port" 8084) }}'
-GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vnfm-adapter" "port" 9092) }}'
+GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-etsi-sol003-adapter" "port" 9092) }}'
GLOBAL_SO_NSSMF_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-nssmf-adapter" "port" 8088) }}'
GLOBAL_SO_USERNAME = '{{ .Values.soUsername }}'
GLOBAL_SO_CATDB_USERNAME = '{{ .Values.soCatdbUsername }}'
GLOBAL_CCSDK_CDS_PASSWORD = 'ccsdkapps'
GLOBAL_CCSDK_CDS_AUTHENTICATION = [GLOBAL_CCSDK_CDS_USERNAME, GLOBAL_CCSDK_CDS_PASSWORD]
GLOBAL_CDS_AUTH = "Y2NzZGthcHBzOmNjc2RrYXBwcw=="
-
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.0.5
+image: onap/sdnc-dmaap-listener-image:2.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.0.5
+image: onap/sdnc-ansible-server-image:2.1.3
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.0.5"
+image: "onap/sdnc-web-image:2.1.3"
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.0.5
+image: onap/sdnc-ueb-listener-image:2.1.3
pullPolicy: Always
# flag to enable debugging - application support required
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
- name: AAI_CLIENT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: AAI_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 10 }}
+ - name: ANSIBLE_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 10 }}
+ - name: SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 10 }}
+ - name: SO_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 10 }}
+ - name: NENG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 10 }}
+ - name: NENG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 10 }}
+ - name: CDS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 10 }}
+ - name: CDS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 10 }}
+ - name: HONEYCOMB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 10 }}
+ - name: HONEYCOMB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 10 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ - name: DMAAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 10 }}
+ - name: DMAAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 10 }}
+ - name: DMAAP_AUTHKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 10 }}
- name: MODELSERVICE_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
- name: MODELSERVICE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: ODL_ADMIN_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
{{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
- name: DMAAP_HTTP_PROXY_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: ODL_ADMIN_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
- name: SDNC_DB_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: "{{ .Values.config.dbSdnctlDatabase }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 12 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 12 }}
+ - name: AAI_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 12 }}
+ - name: ANSIBLE_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 12 }}
+ - name: SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 12 }}
+ - name: SO_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 12 }}
+ - name: NENG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 12 }}
+ - name: NENG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 12 }}
+ - name: CDS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 12 }}
+ - name: CDS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 12 }}
+ - name: HONEYCOMB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 12 }}
+ - name: HONEYCOMB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: DMAAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 12 }}
+ - name: DMAAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 12 }}
+ - name: DMAAP_AUTHKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 12 }}
- name: ENABLE_ODL_CLUSTER
value: "{{ .Values.config.enableClustering }}"
- name: MY_ODL_CLUSTER
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
password: '{{ .Values.config.netboxApikey }}'
passwordPolicy: required
+ - uid: aai-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}'
+ password: '{{ .Values.config.aaiTruststorePassword }}'
+ passwordPolicy: required
+ - uid: ansible-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}'
+ password: '{{ .Values.config.ansibleTruststorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.truststoreExternalSecret }}'
+ password: '{{ .Values.config.truststorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ .Values.config.keystoreExternalSecret }}'
+ password: '{{ .Values.config.keystorePassword }}'
+ passwordPolicy: required
+ - uid: dmaap-authkey
+ type: password
+ externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}'
+ password: '{{ .Values.config.dmaapAuthKey }}'
+ passwordPolicy: required
- uid: aai-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
login: '{{ .Values.config.aaiUser }}'
password: '{{ .Values.config.aaiPassword }}'
passwordPolicy: required
+ - uid: so-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.soCredsExternalSecret}}'
+ login: '{{ .Values.config.soUser }}'
+ password: '{{ .Values.config.soPassword }}'
+ passwordPolicy: required
+ - uid: neng-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.nengCredsExternalSecret}}'
+ login: '{{ .Values.config.nengUser }}'
+ password: '{{ .Values.config.nengPassword }}'
+ passwordPolicy: required
+ - uid: cds-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}'
+ login: '{{ .Values.config.cdsUser }}'
+ password: '{{ .Values.config.cdsPassword }}'
+ passwordPolicy: required
+ - uid: honeycomb-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}'
+ login: '{{ .Values.config.honeycombUser }}'
+ password: '{{ .Values.config.honeycombPassword }}'
+ passwordPolicy: required
+ - uid: dmaap-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}'
+ login: '{{ .Values.config.dmaapUser }}'
+ password: '{{ .Values.config.dmaapPassword }}'
+ passwordPolicy: required
- uid: modeling-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.0.5
+image: onap/sdnc-image:2.1.3
# flag to enable debugging - application support required
debugEnabled: false
# odlCredsExternalSecret: some secret
netboxApikey: onceuponatimeiplayedwithnetbox20180814
# netboxApikeyExternalSecret: some secret
+ aaiTruststorePassword: changeit
+ # aaiTruststoreExternalSecret: some secret
+ ansibleTruststorePassword: changeit
+ # ansibleTruststoreExternalSecret: some secret
+ truststorePassword: adminadmin
+ # truststoreExternalSecret: some secret
+ keystorePassword: adminadmin
+ # keystoreExternalSecret: some secret
aaiUser: sdnc@sdnc.onap.org
aaiPassword: demo123456!
# aaiCredsExternalSecret: some secret
+ soUser: sdncaBpmn
+ soPassword: password1$
+ # soCredsExternalSecret: some secret
+ nengUser: ccsdkapps
+ nengPassword: ccsdkapps
+ # nengCredsExternalSecret: some secret
+ cdsUser: ccsdkapps
+ cdsPassword: ccsdkapps
+ # cdsCredsExternalSecret: some secret
+ honeycombUser: admin
+ honeycombPassword: admin
+ # honeycombCredsExternalSecret: some secret
+ dmaapUser: admin
+ dmaapPassword: admin
+ dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs="
+ # dmaapCredsExternalSecret: some secret
+ # dmaapAuthKeyExternalSecret: some secret
modelingUser: ccsdkapps
modelingPassword: ccsdkapps
# modelingCredsExternalSecret: some secret
# @author: gareth.roper@ericsson.com
apiVersion: v1
description: A Helm chart for ONAP Service Orchestration Monitoring
-name: so-monitoring
+name: so-admin-cockpit
version: 8.0.0
security:
usercredentials:
-
- username: ${SO_MONITORING_USERNAME}
- password: ${SO_MONITORING_PASSWORD}
+ username: ${SO_COCKPIT_USERNAME}
+ password: ${SO_COCKPIT_PASSWORD}
role: GUI-Client
APP: {{ index .Values.app }}
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
args:
- -c
- |
- export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ export SO_COCKPIT_PASSWORD=`htpasswd -bnBC 10 "" $SO_COCKPIT_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- - name: SO_MONITORING_USERNAME
+ - name: SO_COCKPIT_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
- - name: SO_MON_PASS
+ - name: SO_COCKPIT_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
passwordPolicy: required
- uid: app-user-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
- login: '{{ .Values.server.monitoring.username }}'
- password: '{{ .Values.server.monitoring.password }}'
+ externalSecret: '{{ tpl (default "" .Values.server.cockpit.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.cockpit.username }}'
+ password: '{{ .Values.server.cockpit.password }}'
#secretsFilePaths: |
# - 'my file 1'
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.7.11
+image: onap/so/so-admin-cockpit:1.8.2
pullPolicy: Always
db:
minReadySeconds: 10
containerPort: &containerPort 9091
logPath: app/logs/
-app: so-monitoring
+app: so-admin-cockpit
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-monitoring-cert-init
+ nameOverride: so-cockpit-cert-init
certInitializer:
- nameOverride: so-monitoring-cert-init
+ nameOverride: so-cockpit-cert-init
credsPath: /opt/app/osaaf/local
cadi:
apiEnforcement: org.onap.so.monitoringPerm
containerPort: *containerPort
server:
- monitoring:
+ cockpit:
username: demo
# password: demo123456!
# soMonitoringCredsExternalSecret: some secret
nodePort: 24
internalPort: *containerPort
externalPort: *containerPort
- portName: so-monitor-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
ingress:
enabled: false
service:
- - baseaddr: "somonitoring"
- name: "so-monitoring"
+ - baseaddr: "soadmincockpit"
+ name: "so-admin-cockpit"
port: 9091
config:
ssl: "none"
so:
vnfm:
adapter:
- url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: {{ .Values.so.vnfm.adapter.auth }}
+ url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
org:
onap:
so:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.7.11
+image: onap/so/bpmn-infra:1.8.1
pullPolicy: Always
db:
oof:
auth: test:testpwd
so:
- vnfm:
+ sol003:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
sniro:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.7.11
+image: onap/so/catalog-db-adapter:1.8.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/mso-cnf-adapter:1.7.11
+image: onap/so/mso-cnf-adapter:1.8.0
pullPolicy: Always
readinessCheck:
so:
adapters:
sol003-adapter:
- url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
auth: {{ .Values.so.sol003.adapter.auth }}
etsi-catalog-manager:
base:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-etsi-nfvo-ns-lcm:1.7.11
+image: onap/so/so-etsi-nfvo-ns-lcm:1.8.2
pullPolicy: Always
aai:
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
-description: ONAP SO VNFM Adapter
-name: so-vnfm-adapter
+description: ONAP SO ETSI SOL003 Adapter
+name: so-etsi-sol003-adapter
version: 8.0.0
mso:
key: {{ .Values.mso.key }}
site-name: localSite
- logPath: ./logs/vnfm-adapter
+ logPath: ./logs/etsi-sol003-adapter
config:
cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
- endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
+ endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/vnfm-adapter:1.7.11
+image: onap/so/so-etsi-sol003-adapter:1.8.2
pullPolicy: Always
aaf:
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 9092
-logPath: ./logs/vnfm-adapter/
-app: vnfm-adapter
+logPath: ./logs/etsi-sol003-adapter/
+app: etsi-sol003-adapter
service:
type: NodePort
internalPort: *containerPort
externalPort: *containerPort
nodePort: "06"
- portName: so-vnfm-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-vnfm-cert-init
+ nameOverride: so-etsi-sol003-cert-init
certInitializer:
- nameOverride: so-vnfm-cert-init
+ nameOverride: so-etsi-sol003-cert-init
credsPath: /opt/app/osaaf/local
cadi:
apiEnforcement: org.onap.so.vnfmAdapterPerm
ingress:
enabled: false
service:
- - baseaddr: "sovnfmadapter"
- name: "so-vnfm-adapter"
+ - baseaddr: "soetsisol003adapter"
+ name: "so-etsi-sol003-adapter"
port: 9092
config:
ssl: "redirect"
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+#
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cd /docker-entrypoint-initdb.d/db-sql-scripts
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.14.0.sql || exit 1
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.14.0.sql || exit 1
echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
insert into ACT_GE_PROPERTY
values ('startup.lock', '0', 1);
+insert into ACT_GE_PROPERTY
+values ('telemetry.lock', '0', 1);
+
+insert into ACT_GE_PROPERTY
+values ('installationId.lock', '0', 1);
+
create table ACT_GE_BYTEARRAY (
ID_ varchar(64),
REV_ integer,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+create table ACT_GE_SCHEMA_LOG (
+ ID_ varchar(64),
+ TIMESTAMP_ datetime(3),
+ VERSION_ varchar(255),
+ primary key (ID_)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
+insert into ACT_GE_SCHEMA_LOG
+values ('0', CURRENT_TIMESTAMP, '7.14.0');
+
create table ACT_RE_DEPLOYMENT (
ID_ varchar(64),
NAME_ varchar(255),
- DEPLOY_TIME_ timestamp(3),
+ DEPLOY_TIME_ datetime(3),
SOURCE_ varchar(255),
TENANT_ID_ varchar(64),
primary key (ID_)
ID_ varchar(64) NOT NULL,
REV_ integer,
TYPE_ varchar(255) NOT NULL,
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
LOCK_OWNER_ varchar(255),
EXCLUSIVE_ boolean,
EXECUTION_ID_ varchar(64),
RETRIES_ integer,
EXCEPTION_STACK_ID_ varchar(64),
EXCEPTION_MSG_ varchar(4000),
- DUEDATE_ timestamp(3) NULL,
+ FAILED_ACT_ID_ varchar(255),
+ DUEDATE_ datetime(3) NULL,
REPEAT_ varchar(255),
+ REPEAT_OFFSET_ bigint DEFAULT 0,
HANDLER_TYPE_ varchar(255),
HANDLER_CFG_ varchar(4000),
DEPLOYMENT_ID_ varchar(64),
SUSPENSION_STATE_ integer,
JOB_PRIORITY_ bigint,
TENANT_ID_ varchar(64),
+ DEPLOYMENT_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
ASSIGNEE_ varchar(255),
DELEGATION_ varchar(64),
PRIORITY_ integer,
- CREATE_TIME_ timestamp(3),
+ CREATE_TIME_ datetime(3),
DUE_DATE_ datetime(3),
FOLLOW_UP_DATE_ datetime(3),
SUSPENSION_STATE_ integer,
NAME_ varchar(255) not null,
EXECUTION_ID_ varchar(64),
PROC_INST_ID_ varchar(64),
+ PROC_DEF_ID_ varchar(64),
CASE_EXECUTION_ID_ varchar(64),
CASE_INST_ID_ varchar(64),
TASK_ID_ varchar(64),
+ BATCH_ID_ varchar(64),
BYTEARRAY_ID_ varchar(64),
DOUBLE_ double,
LONG_ bigint,
PROC_INST_ID_ varchar(64),
ACTIVITY_ID_ varchar(255),
CONFIGURATION_ varchar(255),
- CREATED_ timestamp(3) not null,
+ CREATED_ datetime(3) not null,
TENANT_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
create table ACT_RU_INCIDENT (
ID_ varchar(64) not null,
REV_ integer not null,
- INCIDENT_TIMESTAMP_ timestamp(3) not null,
+ INCIDENT_TIMESTAMP_ datetime(3) not null,
INCIDENT_MSG_ varchar(4000),
INCIDENT_TYPE_ varchar(255) not null,
EXECUTION_ID_ varchar(64),
ACTIVITY_ID_ varchar(255),
+ FAILED_ACTIVITY_ID_ varchar(255),
PROC_INST_ID_ varchar(64),
PROC_DEF_ID_ varchar(64),
CAUSE_INCIDENT_ID_ varchar(64),
RESOURCE_TYPE_ integer not null,
RESOURCE_ID_ varchar(255),
PERMS_ integer,
+ REMOVAL_TIME_ datetime(3),
+ ROOT_PROC_INST_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
NAME_ varchar(64) not null,
REPORTER_ varchar(255),
VALUE_ bigint,
- TIMESTAMP_ timestamp(3),
+ TIMESTAMP_ datetime(3),
MILLISECONDS_ bigint DEFAULT 0,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
RETRIES_ integer,
ERROR_MSG_ varchar(4000),
ERROR_DETAILS_ID_ varchar(64),
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
SUSPENSION_STATE_ integer,
EXECUTION_ID_ varchar(64),
PROC_INST_ID_ varchar(64),
create index ACT_IDX_EXEC_TENANT_ID on ACT_RU_EXECUTION(TENANT_ID_);
create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_);
create index ACT_IDX_TASK_ASSIGNEE on ACT_RU_TASK(ASSIGNEE_);
+create index ACT_IDX_TASK_OWNER on ACT_RU_TASK(OWNER_);
create index ACT_IDX_TASK_TENANT_ID on ACT_RU_TASK(TENANT_ID_);
create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_);
create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_);
create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_);
create index ACT_IDX_EVENT_SUBSCR_TENANT_ID on ACT_RU_EVENT_SUBSCR(TENANT_ID_);
+
create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_);
create index ACT_IDX_VARIABLE_TENANT_ID on ACT_RU_VARIABLE(TENANT_ID_);
+create index ACT_IDX_VARIABLE_TASK_NAME_TYPE on ACT_RU_VARIABLE(TASK_ID_, NAME_, TYPE_);
+
create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_);
create index ACT_IDX_INC_CONFIGURATION on ACT_RU_INCIDENT(CONFIGURATION_);
create index ACT_IDX_INC_TENANT_ID on ACT_RU_INCIDENT(TENANT_ID_);
foreign key (BATCH_JOB_DEF_ID_)
references ACT_RU_JOBDEF (ID_);
+create index ACT_IDX_BATCH_ID ON ACT_RU_VARIABLE(BATCH_ID_);
+alter table ACT_RU_VARIABLE
+ add constraint ACT_FK_VAR_BATCH
+ foreign key (BATCH_ID_)
+ references ACT_RU_BATCH (ID_);
+
-- indexes for deadlock problems - https://app.camunda.com/jira/browse/CAM-2567 --
create index ACT_IDX_INC_CAUSEINCID on ACT_RU_INCIDENT(CAUSE_INCIDENT_ID_);
create index ACT_IDX_INC_EXID on ACT_RU_INCIDENT(EXECUTION_ID_);
create index ACT_IDX_PROCDEF_DEPLOYMENT_ID ON ACT_RE_PROCDEF(DEPLOYMENT_ID_);
create index ACT_IDX_PROCDEF_TENANT_ID ON ACT_RE_PROCDEF(TENANT_ID_);
create index ACT_IDX_PROCDEF_VER_TAG ON ACT_RE_PROCDEF(VERSION_TAG_);
+
+-- indices for history cleanup: https://jira.camunda.com/browse/CAM-11616
+create index ACT_IDX_AUTH_ROOT_PI on ACT_RU_AUTHORIZATION(ROOT_PROC_INST_ID_);
+create index ACT_IDX_AUTH_RM_TIME on ACT_RU_AUTHORIZATION(REMOVAL_TIME_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_CASE_DEF_TENANT_ID on ACT_RE_CASE_DEF(TENANT_ID_);
create index ACT_IDX_CASE_EXEC_TENANT_ID on ACT_RU_CASE_EXECUTION(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_DEC_DEF_REQ_ID on ACT_RE_DECISION_DEF(DEC_REQ_ID_);
create index ACT_IDX_DEC_REQ_DEF_TENANT_ID on ACT_RE_DECISION_REQ_DEF(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
CALL_CASE_INST_ID_ varchar(64),
ACT_NAME_ varchar(255),
ACT_TYPE_ varchar(255) not null,
- ASSIGNEE_ varchar(64),
+ ASSIGNEE_ varchar(255),
START_TIME_ datetime(3) not null,
END_TIME_ datetime(3),
DURATION_ bigint,
TENANT_ID_ varchar(64),
OPERATION_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
+ INITIAL_ boolean,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
NEW_VALUE_ varchar(4000),
TENANT_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
+ CATEGORY_ varchar(64),
+ EXTERNAL_TASK_ID_ varchar(64),
+ ANNOTATION_ varchar(4000),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
INCIDENT_MSG_ varchar(4000),
INCIDENT_TYPE_ varchar(255) not null,
ACTIVITY_ID_ varchar(255),
+ FAILED_ACTIVITY_ID_ varchar(255),
CAUSE_INCIDENT_ID_ varchar(64),
ROOT_CAUSE_INCIDENT_ID_ varchar(64),
CONFIGURATION_ varchar(255),
+ HISTORY_CONFIGURATION_ varchar(255),
INCIDENT_STATE_ integer,
TENANT_ID_ varchar(64),
JOB_DEF_ID_ varchar(64),
create table ACT_HI_JOB_LOG (
ID_ varchar(64) not null,
- TIMESTAMP_ timestamp(3) not null,
+ TIMESTAMP_ datetime(3) not null,
JOB_ID_ varchar(64) not null,
- JOB_DUEDATE_ timestamp(3) NULL,
+ JOB_DUEDATE_ datetime(3) NULL,
JOB_RETRIES_ integer,
JOB_PRIORITY_ bigint NOT NULL DEFAULT 0,
JOB_EXCEPTION_MSG_ varchar(4000),
JOB_DEF_TYPE_ varchar(255),
JOB_DEF_CONFIGURATION_ varchar(255),
ACT_ID_ varchar(255),
+ FAILED_ACT_ID_ varchar(255),
ROOT_PROC_INST_ID_ varchar(64),
EXECUTION_ID_ varchar(64),
PROCESS_INSTANCE_ID_ varchar(64),
DEPLOYMENT_ID_ varchar(64),
SEQUENCE_COUNTER_ bigint,
TENANT_ID_ varchar(64),
+ HOSTNAME_ varchar(255),
REMOVAL_TIME_ datetime(3),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
create index ACT_IDX_HI_PRO_INST_RM_TIME on ACT_HI_PROCINST(REMOVAL_TIME_);
create index ACT_IDX_HI_ACTINST_ROOT_PI on ACT_HI_ACTINST(ROOT_PROC_INST_ID_);
-create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_);
+create index ACT_IDX_HI_ACT_INST_START_END on ACT_HI_ACTINST(START_TIME_, END_TIME_);
create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_);
create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_);
create index ACT_IDX_HI_ACT_INST_COMP on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_, END_TIME_, ID_);
create index ACT_IDX_HI_DETAIL_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_);
create index ACT_IDX_HI_DETAIL_RM_TIME on ACT_HI_DETAIL(REMOVAL_TIME_);
create index ACT_IDX_HI_DETAIL_TASK_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_, TASK_ID_);
+create index ACT_IDX_HI_DETAIL_VAR_INST_ID on ACT_HI_DETAIL(VAR_INST_ID_);
create index ACT_IDX_HI_IDENT_LNK_ROOT_PI on ACT_HI_IDENTITYLINK(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_);
create index ACT_IDX_HI_IDENT_LNK_PROC_DEF_KEY on ACT_HI_IDENTITYLINK(PROC_DEF_KEY_);
create index ACT_IDX_HI_IDENT_LINK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_);
create index ACT_IDX_HI_IDENT_LINK_RM_TIME on ACT_HI_IDENTITYLINK(REMOVAL_TIME_);
+create index ACT_IDX_HI_IDENT_LNK_TIMESTAMP on ACT_HI_IDENTITYLINK(TIMESTAMP_);
create index ACT_IDX_HI_VARINST_ROOT_PI on ACT_HI_VARINST(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_);
create index ACT_IDX_HI_VAR_INST_PROC_DEF_KEY on ACT_HI_VARINST(PROC_DEF_KEY_);
create index ACT_IDX_HI_VARINST_BYTEAR on ACT_HI_VARINST(BYTEARRAY_ID_);
create index ACT_IDX_HI_VARINST_RM_TIME on ACT_HI_VARINST(REMOVAL_TIME_);
+create index ACT_IDX_HI_VAR_PI_NAME_TYPE on ACT_HI_VARINST(PROC_INST_ID_, NAME_, VAR_TYPE_);
create index ACT_IDX_HI_INCIDENT_TENANT_ID on ACT_HI_INCIDENT(TENANT_ID_);
create index ACT_IDX_HI_INCIDENT_PROC_DEF_KEY on ACT_HI_INCIDENT(PROC_DEF_KEY_);
create index ACT_IDX_HI_INCIDENT_ROOT_PI on ACT_HI_INCIDENT(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_INCIDENT_PROCINST on ACT_HI_INCIDENT(PROC_INST_ID_);
create index ACT_IDX_HI_INCIDENT_RM_TIME on ACT_HI_INCIDENT(REMOVAL_TIME_);
+create index ACT_IDX_HI_INCIDENT_CREATE_TIME on ACT_HI_INCIDENT(CREATE_TIME_);
+create index ACT_IDX_HI_INCIDENT_END_TIME on ACT_HI_INCIDENT(END_TIME_);
create index ACT_IDX_HI_JOB_LOG_ROOT_PI on ACT_HI_JOB_LOG(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_JOB_LOG_PROCINST on ACT_HI_JOB_LOG(PROCESS_INSTANCE_ID_);
create index ACT_IDX_HI_JOB_LOG_PROC_DEF_KEY on ACT_HI_JOB_LOG(PROCESS_DEF_KEY_);
create index ACT_IDX_HI_JOB_LOG_EX_STACK on ACT_HI_JOB_LOG(JOB_EXCEPTION_STACK_ID_);
create index ACT_IDX_HI_JOB_LOG_RM_TIME on ACT_HI_JOB_LOG(REMOVAL_TIME_);
+create index ACT_IDX_HI_JOB_LOG_JOB_CONF on ACT_HI_JOB_LOG(JOB_DEF_CONFIGURATION_);
create index ACT_HI_BAT_RM_TIME on ACT_HI_BATCH(REMOVAL_TIME_);
create index ACT_IDX_HI_OP_LOG_TASK on ACT_HI_OP_LOG(TASK_ID_);
create index ACT_IDX_HI_OP_LOG_RM_TIME on ACT_HI_OP_LOG(REMOVAL_TIME_);
create index ACT_IDX_HI_OP_LOG_TIMESTAMP on ACT_HI_OP_LOG(TIMESTAMP_);
+create index ACT_IDX_HI_OP_LOG_USER_ID on ACT_HI_OP_LOG(USER_ID_);
+create index ACT_IDX_HI_OP_LOG_OP_TYPE on ACT_HI_OP_LOG(OPERATION_TYPE_);
+create index ACT_IDX_HI_OP_LOG_ENTITY_TYPE on ACT_HI_OP_LOG(ENTITY_TYPE_);
create index ACT_IDX_HI_COMMENT_TASK on ACT_HI_COMMENT(TASK_ID_);
create index ACT_IDX_HI_COMMENT_ROOT_PI on ACT_HI_COMMENT(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_ATTACHMENT_TASK on ACT_HI_ATTACHMENT(TASK_ID_);
create index ACT_IDX_HI_ATTACHMENT_RM_TIME on ACT_HI_ATTACHMENT(REMOVAL_TIME_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_HI_CAS_A_I_CASEINST on ACT_HI_CASEACTINST(CASE_INST_ID_, CASE_ACT_ID_);
create index ACT_IDX_HI_CAS_A_I_TENANT_ID on ACT_HI_CASEACTINST(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
EMAIL_ varchar(255),
PWD_ varchar(255),
SALT_ varchar(255),
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
ATTEMPTS_ integer,
PICTURE_ID_ varchar(64),
primary key (ID_)
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/nssmf-adapter:1.7.11
+image: onap/so/nssmf-adapter:1.8.0
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-oof-adapter:1.7.11
+image: onap/so/so-oof-adapter:1.8.2
pullPolicy: Always
mso:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.7.11
+image: onap/so/openstack-adapter:1.8.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.7.11
+image: onap/so/request-db-adapter:1.8.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.7.11
+image: onap/so/sdc-controller:1.8.1
pullPolicy: Always
db:
server:
port: {{ index .Values.containerPort }}
mso:
+ msoKey: ${MSO_KEY}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "${AAF_AUTH}" "value2" "${MSO_AUTH}" )}}
async:
core-pool-size: 50
max-pool-size: 50
db:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
+ #needs to be confirmed TODO
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
org:
onap:
so:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: MSO_AUTH
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-auth" "key" "password") | indent 10 }}
+ - name: AAF_AUTH
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-aaf-auth" "key" "password") | indent 10 }}
{{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ #encryptedSecret: some secret
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
-
+ - uid: sdnc-adapter-mso-key
+ name: '{{ include "common.release" . }}-so-sdnc-mso-key'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: sdnc-adapter-aaf-auth
+ name: '{{ include "common.release" . }}-so-sdnc-aaf-auth'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.global.aaf.auth.encryptedSecret) . }}'
+ password: '{{ .Values.global.aaf.auth.encrypted }}'
+ - uid: sdnc-adapter-mso-auth
+ name: '{{ include "common.release" . }}-so-sdnc-mso-auth'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.authSecret) . }}'
+ password: '{{ .Values.mso.auth }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.7.11
+image: onap/so/sdnc-adapter:1.8.1
pullPolicy: Always
org:
network:
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ #msoKeySecret: some secret
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ #authSecret: some secret
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
- name: soHelpers
version: ~8.x-0
repository: 'file://components/soHelpers'
+ - name: so-admin-cockpit
+ version: ~8.x-0
+ repository: 'file://components/so-admin-cockpit'
+ condition: so-admin-cockpit.enabled
- name: so-appc-orchestrator
version: ~8.x-0
repository: 'file://components/so-appc-orchestrator'
version: ~8.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-etsi-sol003-adapter
+ version: ~8.x-0
+ repository: 'file://components/so-etsi-sol003-adapter'
+ condition: so-etsi-sol003-adapter.enabled
- name: so-mariadb
version: ~8.x-0
repository: 'file://components/so-mariadb'
- - name: so-monitoring
- version: ~8.x-0
- repository: 'file://components/so-monitoring'
- condition: so-monitoring.enabled
- name: so-nssmf-adapter
version: ~8.x-0
repository: 'file://components/so-nssmf-adapter'
version: ~8.x-0
repository: 'file://components/so-vfc-adapter'
condition: so-vfc-adapter.enabled
- - name: so-vnfm-adapter
- version: ~8.x-0
- repository: 'file://components/so-vnfm-adapter'
- condition: so-vnfm-adapter.enabled
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.7.11
+image: onap/so/api-handler-infra:1.8.1
server:
aaf:
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
-so-monitoring:
+so-admin-cockpit:
enabled: true
db:
<<: *dbSecrets
enabled: true
db:
<<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
so-ve-vnfm-adapter:
enabled: false
db:
<<: *dbSecrets
-so-vnfm-adapter:
+so-etsi-sol003-adapter:
enabled: true
# application image
flavor: small
-image: onap/vfc/gvnfmdriver:1.4.0
+image: onap/vfc/gvnfmdriver:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/nfvo/svnfm/huawei:1.3.8
+image: onap/vfc/nfvo/svnfm/huawei:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/nslcm:1.4.1
+image: onap/vfc/nslcm:1.4.3
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/vnflcm:1.4.0
+image: onap/vfc/vnflcm:1.4.1
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/vnfmgr:1.3.9
+image: onap/vfc/vnfmgr:1.4.0
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/vnfres:1.3.8
+image: onap/vfc/vnfres:1.3.9
pullPolicy: Always
#Istio sidecar injection policy
# application image
flavor: small
-image: onap/vfc/ztevnfmdriver:1.3.8
+image: onap/vfc/ztevnfmdriver:1.4.0
pullPolicy: Always
#Istio sidecar injection policy