+.. note::
+ If you want to use CMPv2 certificate onboarding, Cert-Manager must be installed.
+ :doc:`Click here <oom_setup_paas>` to see how to install Cert-Manager.
+
+
+
a. Enabling/Disabling Components:
Here is an example of the nominal entries that need to be provided.
We have different values file available for different contexts.
honolulu 1.2.0 13.x
============== ============= =================
-This guide provides instructions on how to install the following PaaS
-components for ONAP:
+This guide provides instructions on how to install the PaaS
+components for ONAP.
-- Cert-Manager
-- Prometheus Stack
+.. contents::
+ :depth: 1
+ :local:
+..
Cert-Manager
============
on other O/Ss), the Kubernetes command line interface used to manage a
Kubernetes cluster::
- > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.8.10/bin/linux/amd64/kubectl
+ > curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl
> chmod +x ./kubectl
> sudo mv ./kubectl /usr/local/bin/kubectl
> mkdir ~/.kube
> kubectl get pods --all-namespaces
-At this point you should see six Kubernetes pods running.
+At this point you should see Kubernetes pods running.
Install Helm
~~~~~~~~~~~~
In any case, setup of the Helm repository is a one time activity.
-Next, install Helm Plugins required to deploy the ONAP Casablanca release::
+Next, install Helm Plugins required to deploy the ONAP release::
> cp -R ~/oom/kubernetes/helm/plugins/ ~/.local/share/helm/plugins
Once the repo is setup, installation of ONAP can be done with a single
command::
- > helm deploy development local/onap --namespace onap
+ > helm deploy development local/onap --namespace onap --set global.masterPassword=password
This will install ONAP from a local repository in a 'development' Helm release.
As described below, to override the default configuration values provided by
OOM, an environment file can be provided on the command line as follows::
- > helm deploy development local/onap --namespace onap -f overrides.yaml
+
+
+ > helm deploy development local/onap --namespace onap -f overrides.yaml --set global.masterPassword=password
+
+.. note::
+ Refer the Configure_ section on how to update overrides.yaml and values.yaml
To get a summary of the status of all of the pods (containers) running in your
deployment::
- > kubectl get pods --all-namespaces -o=wide
+ > kubectl get pods --namespace onap -o=wide
.. note::
The Kubernetes namespace concept allows for multiple instances of a component
(such as all of ONAP) to co-exist with other components in the same
Kubernetes cluster by isolating them entirely. Namespaces share only the
hosts that form the cluster thus providing isolation between production and
- development systems as an example. The OOM deployment of ONAP in Beijing is
- now done within a single Kubernetes namespace where in Amsterdam a namespace
- was created for each of the ONAP components.
+ development systems as an example.
.. note::
The Helm `--name` option refers to a release name and not a Kubernetes namespace.
To install a specific version of a single ONAP component (`so` in this example)
with the given release name enter::
- > helm deploy so onap/so --version 3.0.1
+ > helm deploy so onap/so --version 8.0.0 --set global.masterPassword=password --set global.flavor=unlimited --namespace onap
+
+.. note::
+ The dependent components should be installed for component being installed
+
To display details of a specific resource or group of resources type::
To deploy ONAP with this environment file, enter::
- > helm deploy local/onap -n onap -f environments/onap-production.yaml
+ > helm deploy local/onap -n onap -f onap/resources/environments/onap-production.yaml --set global.masterPassword=password
.. include:: environments_onap_demo.yaml
:code: yaml
dependencies:
<...>
- name: so
- version: ~2.0.0
+ version: ~8.0.0
repository: '@local'
condition: so.enabled
<...>
-The ~ operator in the `so` version value indicates that the latest "2.X.X"
+The ~ operator in the `so` version value indicates that the latest "8.X.X"
version of `so` shall be used thus allowing the chart to allow for minor
-upgrades that don't impact the so API; hence, version 2.0.1 will be installed
+upgrades that don't impact the so API; hence, version 8.0.1 will be installed
in this case.
-The onap/resources/environment/onap-dev.yaml (see the excerpt below) enables
+The onap/resources/environment/dev.yaml (see the excerpt below) enables
for fine grained control on what components are included as part of this
deployment. By changing this `so` line to `enabled: false` the `so` component
will not be deployed. If this change is part of an upgrade the existing `so`
To see the real-time health of a deployment go to: ``http://<kubernetes IP>:30270/ui/``
where a GUI much like the following will be found:
+.. note::
+ If Consul GUI is not accessible, you can refer this
+ `kubectl port-forward <https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/>`_ method to access an application
.. figure:: oomLogoV2-Heal.png
:align: right
In order to change the size of a cluster, an operator could use a helm upgrade
(described in detail in the next section) as follows::
- > helm upgrade --set replicaCount=3 onap/so/mariadb
+ > helm upgrade [RELEASE] [CHART] [flags]
+
+The RELEASE argument can be obtained from the following command::
+
+ > helm list
+
+Below is the example for the same::
+
+ > helm list
+ NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE
+ dev 1 Wed Oct 14 13:49:52 2020 DEPLOYED onap-8.0.0 Honolulu onap
+ dev-cassandra 5 Thu Oct 15 14:45:34 2020 DEPLOYED cassandra-8.0.0 onap
+ dev-contrib 1 Wed Oct 14 13:52:53 2020 DEPLOYED contrib-8.0.0 onap
+ dev-mariadb-galera 1 Wed Oct 14 13:55:56 2020 DEPLOYED mariadb-galera-8.0.0 onap
+
+Here the Name column shows the RELEASE NAME, In our case we want to try the
+scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra.
+
+Now we need to obtain the chart name for casssandra. Use the below
+command to get the chart name::
+
+ > helm search cassandra
+
+Below is the example for the same::
+
+ > helm search cassandra
+ NAME CHART VERSION APP VERSION DESCRIPTION
+ local/cassandra 8.0.0 ONAP cassandra
+ local/portal-cassandra 8.0.0 Portal cassandra
+ local/aaf-cass 8.0.0 ONAP AAF cassandra
+ local/sdc-cs 8.0.0 ONAP Service Design and Creation Cassandra
+
+Here the Name column shows the chart name. As we want to try the scale
+operation for cassandra, thus the correponding chart name is local/cassandra
+
+
+Now we have both the command's arguments, thus we can perform the
+scale opeartion for cassandra as follows::
+
+ > helm upgrade dev-cassandra local/cassandra --set replicaCount=3
+
+Using this command we can scale up or scale down the cassadra db instances.
+
The ONAP components use Kubernetes provided facilities to build clustered,
highly available systems including: Services_ with load-balancers, ReplicaSet_,
> helm list
NAME REVISION UPDATED STATUS CHART NAMESPACE
- so 1 Mon Feb 5 10:05:22 2018 DEPLOYED so-2.0.1 default
+ so 1 Mon Feb 5 10:05:22 2020 DEPLOYED so-8.0.0 onap
When upgrading a cluster a parameter controls the minimum size of the cluster
during the upgrade while another parameter controls the maximum number of nodes
For example, to upgrade a container by changing configuration, specifically an
environment value::
- > helm deploy onap onap/so --version 2.0.1 --set enableDebug=true
+ > helm upgrade so onap/so --version 8.0.1 --set enableDebug=true
Issuing this command will result in the appropriate container being stopped by
Kubernetes and replaced with a new container with the new environment value.
To upgrade a component to a new version with a new configuration file enter::
- > helm deploy onap onap/so --version 2.0.2 -f environments/demo.yaml
+ > helm upgrade so onap/so --version 8.0.1 -f environments/demo.yaml
To fetch release history enter::
> helm history so
REVISION UPDATED STATUS CHART DESCRIPTION
- 1 Mon Feb 5 10:05:22 2018 SUPERSEDED so-2.0.1 Install complete
- 2 Mon Feb 5 10:10:55 2018 DEPLOYED so-2.0.2 Upgrade complete
+ 1 Mon Feb 5 10:05:22 2020 SUPERSEDED so-8.0.0 Install complete
+ 2 Mon Feb 5 10:10:55 2020 DEPLOYED so-8.0.1 Upgrade complete
Unfortunately, not all upgrades are successful. In recognition of this the
lineup of pods within an ONAP deployment is tagged such that an administrator
> helm history so
REVISION UPDATED STATUS CHART DESCRIPTION
- 1 Mon Feb 5 10:05:22 2018 SUPERSEDED so-2.0.1 Install complete
- 2 Mon Feb 5 10:10:55 2018 SUPERSEDED so-2.0.2 Upgrade complete
- 3 Mon Feb 5 10:14:32 2018 DEPLOYED so-2.0.1 Rollback to 1
+ 1 Mon Feb 5 10:05:22 2020 SUPERSEDED so-8.0.0 Install complete
+ 2 Mon Feb 5 10:10:55 2020 SUPERSEDED so-8.0.1 Upgrade complete
+ 3 Mon Feb 5 10:14:32 2020 DEPLOYED so-8.0.0 Rollback to 1
.. note::
Existing deployments can be partially or fully removed once they are no longer
needed. To minimize errors it is recommended that before deleting components
from a running deployment the operator perform a 'dry-run' to display exactly
-what will happen with a given command prior to actually deleting anything. For
-example::
+what will happen with a given command prior to actually deleting anything.
+For example::
> helm undeploy onap --dry-run
> helm undeploy onap
+Once complete undeploy is done then delete the namespace as well
+using following command::
+
+ > kubectl delete namespace <name of namespace>
+
+.. note::
+ You need to provide the namespace name which you used during deployment,
+ below is the example::
+
+ > kubectl delete namespace onap
+
One can also remove individual components from a deployment by changing the
ONAP configuration values. For example, to remove `so` from a running
deployment enter::
"password": "${A1CONTROLLER_PASSWORD}"
}
],
- "ric": [
- {
- "name": "ric1",
- "baseUrl": "{{ .Values.ricLink }}",
- "controller": "controller1",
- "managedElementIds": [
- "kista_1",
- "kista_2"
- ]
- }
- ],
+ "ric": {{ include "a1p.generateRics" . | indent 6 | trim }},
"streams_publishes": {
"dmaap_publisher": {
"type": "message_router",
--- /dev/null
+{{/*
+# Copyright © 2021 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{- define "a1p.generateRics" }}
+ {{- $ricList := (list) }}
+ {{- range $ric := .Values.rics }}
+ {{- $ricItem := (dict "name" $ric.name "baseUrl" $ric.link "controller" "controller1" "managedElementIds" $ric.managedElementIds) }}
+ {{- $ricList = append $ricList $ricItem }}
+ {{- end }}
+ {{- toPrettyJson $ricList }}
+{{- end }}
keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
-storepass "${cadi_truststore_password}" \
-keystore {{ .Values.fqi_namespace }}.trust.jks
- echo "*** set key password as same password as keystore password"
- keytool -keypasswd -new "${KEYSTORE_PASSWORD}" \
- -keystore {{ .Values.fqi_namespace }}.p12 \
- -keypass "${cadi_keystore_password_p12}" \
- -storepass "${KEYSTORE_PASSWORD}" -alias {{ .Values.fqi }}
echo "*** save the generated passwords"
echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
echo "*** change ownership of certificates to targeted user"
chown -R 1000 .
-image: onap/ccsdk-oran-a1policymanagementservice:1.0.1
+image: onap/ccsdk-oran-a1policymanagementservice:1.1.3
userID: 1000 #Should match with image-defined user ID
groupID: 999 #Should match with image-defined group ID
pullPolicy: IfNotPresent
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
sdncLink: https://sdnc.onap:8443
-# Add your own A1 Mediator link. Supports both STD & OSC Version. ex. http://<ip>:<port>
-# Alternatively you can also use the A1 simulator available in ORAN. It provides STD & OSC Version for A1 termination.
+# The information about A1-Mediator/RICs can be added here.
+# The A1 policy management service supports both STD & OSC versions.
+# Alternatively, the A1 simulator from ORAN-SC can also be used. It provides STD & OSC versions for A1 termination.
# Refer source code & run in docker container : https://gerrit.o-ran-sc.org/r/admin/repos/sim/a1-interface
-# Refer it/dep repo for k8's deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
-ricLink:
+# Refer it/dep repo for k8s deployment: https://gerrit.o-ran-sc.org/r/admin/repos/it/dep
+# Example configuration:
+#rics:
+# - name: ric1
+# link: http://ric1url.url.com:1111/
+# managedElementIds:
+# - kista1
+# - kista2
+# - name: ric2
+# link: http://ric2url.url.com:2222/
+# managedElementIds:
+# - kista3
+# - kista4
+rics:
streamPublish: http://message-router:3904/events/A1-POLICY-AGENT-WRITE
streamSubscribe: http://message-router:3904/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100
dmaap-mr@dmaap-mr.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap-mr|root|30|{'dmaap-mr', 'dmaap-mr.onap', 'message-router', 'message-router.onap', 'mr.api.simpledemo.onap.org'}|aaf_admin@osaaf.org|{'jks', 'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|10.12.25.177|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'pkcs12', 'script'}
dmaapmr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router', 'message-router.onap'}|mmanager@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
-dmaapmr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
+dmaapmr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router-kafka-0', 'message-router-kafka-0.onap', '{{include "common.release" .}}-message-router-kafka-0.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-1', 'message-router-kafka-1.onap', '{{include "common.release" .}}-message-router-kafka-1.message-router-kafka.onap.svc.cluster.local', 'message-router-kafka-2', 'message-router-kafka-2.onap', '{{include "common.release" .}}-message-router-kafka-2.message-router-kafka.onap.svc.cluster.local', 'message-router', 'mr.api.simpledemo.onap.org', 'message-router.onap', 'dmaapmr dmaap.mr', 'dmaap-mr', 'dmaap.mr.onap', 'dmaap-mr.onap', 'dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
dmaapmr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaap.mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaapmr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|aaf_admin@osaaf.org|{'pkcs12', 'script'}
dmaap.mr@mr.dmaap.onap.org|dmaap-mr|local|/opt/app/osaaf/local||mailto:|org.onap.dmaap.mr|root|30|{'message-router mr.api.simpledemo.onap.org message-router.onap dmaapmr dmaap.mr dmaap-mr dmaap.mr.onap dmaap-mr.onap dmaap-mr dmaapmr.onap'}|@osaaf.org|{'file', 'jks', 'pkcs12', 'script'}
holmes@holmes.onap.org|holmes|local|/opt/app/osaaf/local||mailto:|org.onap.holmes|root|30|{'holmes.api.simpledemo.onap.org', 'holmes.onap'}|aaf_admin@osaaf.org|{'pkcs12'}
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|holmes-rule-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-rule-mgmt|root|30|{'holmes-rule-mgmt', 'holmes-rule-mgmt.api.simpledemo.onap.org', 'holmes-rule-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|holmes-engine-mgmt|local|/opt/app/osaaf/local||mailto:|org.onap.holmes-engine-mgmt|root|30|{'holmes-engine-mgmt', 'holmes-engine-mgmt.api.simpledemo.onap.org', 'holmes-engine-mgmt.onap'}|aaf_admin@osaaf.org|{'file', 'pkcs12'}
msb-eag@msb-eag.onap.org|msb-eag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-eag|root|30|{'msb-eag', 'msb-eag.api.simpledemo.onap.org', 'msb-eag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
msb-iag@msb-iag.onap.org|msb-iag|local|/opt/app/osaaf/local||mailto:|org.onap.msb-iag|root|30|{'msb-iag', 'msb-iag.api.simpledemo.onap.org', 'msb-iag.onap'}|mmanager@osaaf.org|{'file', 'pkcs12'}
music@music.onap.org|music|aaf|/opt/app/aaf/local||mailto:|org.onap.music|root|30|{'music.api.simpledemo.onap.org', 'music.onap'}|mmanager@osaaf.org|{'pkcs12', 'script'}
policy@policy.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.policy|53344||
pomba@pomba.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.pomba|53344||
holmes@holmes.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes|53344||
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-engine-mgmt|53344||
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.holmes-rule-mgmt|53344||
nbi@nbi.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.nbi|53344||
msb-eag@msb-eag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-eag|53344||
msb-iag@msb-iag.onap.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.onap.msb-iag|53344||
ps0001@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
aaf_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
deployer@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
-portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
\ No newline at end of file
+portal_admin@people.osaaf.org|2|2020-11-26 12:31:54.000+0000|0xd993c5617486296f1b99d04de31633332b8ba1a550038e23860f9dbf0b2fcf95|Initial ID|org.osaaf.people|53344||
org.onap.dmaap.mr.topic-002||org.onap.dmaap.mr||3
org.onap.dmaap||org.onap||3
org.onap.holmes||org.onap||3
+org.onap.holmes-engine-mgmt||org.onap||3
+org.onap.holmes-rule-mgmt||org.onap||3
org.onap.music||org.onap||3
org.onap.msb-eag||org.onap||3
org.onap.msb-iag||org.onap||3
org.onap.dmaap.mr|viewtest|*|view||"{'org.onap.dmaap.mr|viewtest'}"
org.onap.holmes|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes|admin'}"
org.onap.holmes|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes|owner'}"
+org.onap.holmes-engine-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|service'}"
+org.onap.holmes-engine-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-engine-mgmt|owner'}"
+org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-engine-mgmt|admin', 'org.onap.holmes-engine-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
+org.onap.holmes-rule-mgmt|access|*|*|AAF Namespace Write Access|"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|service'}"
+org.onap.holmes-rule-mgmt|access|*|read|AAF Namespace Read Access|"{'org.onap.holmes-rule-mgmt|owner'}"
+org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass||"{'org.onap.holmes-rule-mgmt|admin', 'org.onap.holmes-rule-mgmt|seeCerts', 'org.osaaf.aaf|deploy'}"
org.onap.msb-eag|access|*|*|AAF Namespace Write Access|"{'org.onap.msb-eag|admin', 'org.onap.msb-eag|service'}"
org.onap.msb-eag|access|*|read|AAF Namespace Read Access|"{'org.onap.msb-eag|owner'}"
org.onap.msb-eag|certman|local|request,ignoreIPs,showpass||"{'org.osaaf.aaf|deploy'}"
org.onap.holmes|admin|AAF Namespace Administrators|"{'org.onap.holmes|access|*|*'}"
org.onap.holmes|owner|AAF Namespace Owners|"{'org.onap.holmes|access|*|read'}"
org.onap.holmes|service||
+org.onap.holmes-engine-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-engine-mgmt|access|*|*', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-engine-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-engine-mgmt|access|*|read'}"
+org.onap.holmes-engine-mgmt|seeCerts||"{'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-engine-mgmt|service||"{'org.onap.holmes-engine-mgmt|access|*|*'}"
+org.onap.holmes-rule-mgmt|admin|AAF Namespace Administrators|"{'org.onap.holmes-rule-mgmt|access|*|*', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-rule-mgmt|owner|AAF Namespace Owners|"{'org.onap.holmes-rule-mgmt|access|*|read'}"
+org.onap.holmes-rule-mgmt|seeCerts||"{'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass'}"
+org.onap.holmes-rule-mgmt|service||"{'org.onap.holmes-rule-mgmt|access|*|*'}"
org.onap.msb-eag|admin|AAF Namespace Administrators|"{'org.onap.msb-eag|access|*|*'}"
org.onap.msb-eag|owner|AAF Namespace Owners|"{'org.onap.msb-eag|access|*|read'}"
org.onap.msb-eag|service||"{'org.onap.msb-eag|access|*|*'}"
org.openecomp.dmaapBC|owner|AAF Owners|"{'org.openecomp.dmaapBC.access|*|read'}"
org.openecomp|owner|OpenEcomp Owners|"{'org.openecomp.access|*|read'}"
org.osaaf.aaf|admin|AAF Admins|"{'org.osaaf.aaf.access|*|*', 'org.osaaf.aaf|cache|all|clear', 'org.osaaf.aaf|cache|role|clear', 'org.osaaf.aaf|password|*|create,reset'}"
-org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
+org.osaaf.aaf|deploy|ONAP Deployment Role|"{'org.onap.a1p|certman|local|request,ignoreIPs,showpass', 'org.onap.aaf-sms|certman|local|request,ignoreIPs,showpass', 'org.onap.aai|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-resources|certman|local|request,ignoreIPs,showpass', 'org.onap.aai-traversal|certman|local|request,ignoreIPs,showpass', 'org.onap.appc|certman|local|request,ignoreIPs,showpass', 'org.onap.appc-cdt|certman|local|request,ignoreIPs,showpass', 'org.onap.clamp|certman|local|request,ignoreIPs,showpass', 'org.onap.cli|certman|local|request,ignoreIPs,showpass', 'org.onap.dcae|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-mm-prov|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc-topic-mgr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-bc|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-dr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap-mr|certman|local|request,ignoreIPs,showpass', 'org.onap.dmaap.mr|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-engine-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.holmes-rule-mgmt|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-eag|certman|local|request,ignoreIPs,showpass', 'org.onap.msb-iag|certman|local|request,ignoreIPs,showpass', 'org.onap.music|certman|local|request,ignoreIPs,showpass', 'org.onap.nbi|certman|local|request,ignoreIPs,showpass', 'org.onap.oof|certman|local|request,ignoreIPs,showpass', 'org.onap.policy|certman|local|request,ignoreIPs,showpass', 'org.onap.pomba|certman|local|request,ignoreIPs,showpass', 'org.onap.portal|certman|local|request,ignoreIPs,showpass', 'org.onap.refrepo|certman|local|request,ignoreIPs,showpass', 'org.onap.sdc|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc-cds|certman|local|request,ignoreIPs,showpass', 'org.onap.sdnc|certman|local|request,ignoreIPs,showpass', 'org.onap.so|certman|local|request,ignoreIPs,showpass', 'org.onap.vfc|certman|local|request,ignoreIPs,showpass', 'org.onap.vid1|certman|local|request,ignoreIPs,showpass', 'org.onap.vid2|certman|local|request,ignoreIPs,showpass', 'org.onap.vid|certman|local|request,ignoreIPs,showpass', 'org.osaaf.aaf|certman|local|request,ignoreIPs,showpass'}"
org.osaaf.aaf|owner|AAF Owners|"{'org.osaaf.aaf.access|*|read,approve'}"
org.osaaf.aaf|service||"{'org.osaaf.aaf|cache|*|clear'}"
org.osaaf|admin|OSAAF Admins|"{'org.osaaf.access|*|*'}"
mmanager@people.osaaf.org|org.onap.dmaap-mr.test.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap-mr.test|owner
mmanager@people.osaaf.org|org.onap.dmaap.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap|owner
mmanager@people.osaaf.org|org.onap.holmes.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes|owner
+mmanager@people.osaaf.org|org.onap.holmes-engine-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|owner
+mmanager@people.osaaf.org|org.onap.holmes-rule-mgmt.owner|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|owner
mmanager@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
mmanager@people.osaaf.org|org.onap.msb-eag.owner|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|owner
mmanager@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-001.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-001|owner
aaf_admin@people.osaaf.org|org.onap.dmaap.mr.topic-002.owner|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.topic-002|owner
aaf_admin@people.osaaf.org|org.onap.holmes.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes|admin
+aaf_admin@people.osaaf.org|org.onap.holmes-engine-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|admin
+aaf_admin@people.osaaf.org|org.onap.holmes-rule-mgmt.admin|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|admin
aaf_admin@people.osaaf.org|org.onap.msb-eag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-eag|admin
aaf_admin@people.osaaf.org|org.onap.msb-iag.admin|2020-11-26 12:31:54.000+0000|org.onap.msb-iag|admin
aaf_admin@people.osaaf.org|org.onap.music.admin|2020-11-26 12:31:54.000+0000|org.onap.music|admin
dcae@dcae.onap.org|org.onap.dmaap.mr.PM_MAPPER.publisher|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PM_MAPPER|publisher
dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_READY.pub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_READY|pub
dcae@dcae.onap.org|org.onap.dmaap.mr.PNF_REGISTRATION.sub|2020-11-26 12:31:54.000+0000|org.onap.dmaap.mr.PNF_REGISTRATION|sub
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|seeCerts
+holmes-engine-mgmt@holmes-engine-mgmt.onap.org|org.onap.holmes-engine-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-engine-mgmt|service
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.seeCerts|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|seeCerts
+holmes-rule-mgmt@holmes-rule-mgmt.onap.org|org.onap.holmes-rule-mgmt.service|2020-11-26 12:31:54.000+0000|org.onap.holmes-rule-mgmt|service
oof@oof.onap.org|org.onap.aai.resources_all|2020-11-26 12:31:54.000+0000|org.onap.aai|resources_all
oof@oof.onap.org|org.onap.aai.traversal_advanced|2020-11-26 12:31:54.000+0000|org.onap.aai|traversal_advanced
oof@oof.onap.org|org.onap.oof.admin|2020-11-26 12:31:54.000+0000|org.onap.oof|admin
small:
limits:
cpu: 400m
- memory: 40Mi
+ memory: 80Mi
requests:
- cpu: 10m
- memory: 25Mi
+ cpu: 40m
+ memory: 40Mi
large:
limits:
cpu: 400m
memory: 700Mi
requests:
- cpu: 10m
+ cpu: 40m
memory: 100Mi
unlimited: {}
policy|ONAP Policy Application|POLICY|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
pomba|ONAP Pomba Application|POMBA|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
holmes|ONAP Holmes Application|HOLMES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+holmes-engine-mgmt|ONAP Holmes Engine Management Application|HOLMES-ENGINE|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
+holmes-rule-mgmt|ONAP Holmes Rules Management Application|HOLMES-RULES|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
nbi|ONAP NBI Application|NBI|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
msb-eag|ONAP MSB EAG Application|MSB EAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
msb-iag|ONAP MSB IAG Application|MSB IAG|ONAP Application|314-123-1234|no_reply@people.osaaf.com|a|mmanager
org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\
org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration
-multi.tenancy.enabled=true
+multi.tenancy.enabled={{ .Values.config.keycloak.multiTenancy.enabled }}
keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth
-keycloak.realm=aai-resources
-keycloak.resource=aai-resources-app
+keycloak.realm={{ .Values.config.keycloak.realm }}
+keycloak.resource={{ .Values.config.keycloak.resource }}
keycloak.public-client=true
keycloak.principal-attribute=preferred_username
- name: LOCAL_GROUP_ID
value: {{ .Values.global.config.groupId | quote }}
- name: POST_JAVA_OPTS
- value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststoreAllPassword }}'
+ value: '-Djavax.net.ssl.trustStore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks -Djavax.net.ssl.trustStorePassword={{ .Values.certInitializer.truststorePassword }}'
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
# Active spring profiles for the resources microservice
profiles:
- active: production,dmaap,aaf-auth
+ active: production,dmaap,aaf-auth #,keycloak
# Notification event specific properties
notification:
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-resources
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-resources:1.8.2
# Configuration for the resources deployment
config:
+ # configure keycloak according to your environment.
+ # don't forget to add keycloak in active profiles above (global.config.profiles)
keycloak:
- host: localhost
+ host: keycloak.your.domain
port: 8180
+ # Specifies a set of users, credentials, roles, and groups
+ realm: aai-resources
+ # Used by any client application for enabling fine-grained authorization for their protected resources
+ resource: aai-resources-app
+ # If set to true, additional criteria will be added that match the data-owner property with the given role
+ # to the user in keycloak
+ multiTenancy:
+ enabled: true
# Specifies crud related operation timeouts and overrides
crud:
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
*/}}
oxm.schemaNodeDir=/opt/app/sparky/onap/oxm
-#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
+#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config
oxm.schemaServiceTranslatorList=config
# The end point for onap is https://<hostname>:<port>/onap/schema-service/v1/
oxm.schemaServiceBaseUrl=https://<schema-service/config>/aai/schema-service/v1/
-oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12
-oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore
-oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
-oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o
+oxm.schemaServiceKeystore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+oxm.schemaServiceTruststore=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+oxm.schemaServiceKeystorePassword=${KEYSTORE_PASSWORD}
+oxm.schemaServiceTruststorePassword=${TRUSTSTORE_PASSWORD}
resources.authType=SSL_BASIC
resources.basicAuthUserName=aai@aai.onap.org
resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek
-resources.trust-store=tomcat_keystore
+resources.trust-store={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+resources.trust-store-password=${TRUSTSTORE_PASSWORD}
+resources.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+resources.client-cert-password=${KEYSTORE_PASSWORD}
# limitations under the License.
server.port=8000
-server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12
-server.ssl.key-store-password=OBF:1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
+server.ssl.key-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+server.ssl.key-store-password=${KEYSTORE_PASSWORD}
server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
-server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks
-server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0
+server.ssl.trust-store=file:{{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+server.ssl.trust-store-password=${TRUSTSTORE_PASSWORD}
spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,aai-proxy
-portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
portal.cadiFileLocation={{.Values.config.cadiFileLocation}}
searchservice.hostname={{.Values.global.searchData.serviceName}}
searchservice.port=9509
-searchservice.client-cert=client-cert-onap.p12
-searchservice.client-cert-password=1xfz1qie1jf81b3s1ir91tag1h381cvr1kze1zli16kj1b301b4y16kb1zm01kzo1cw71gze1t9y1ivd1b461je21qiw1xf3
-searchservice.truststore=tomcat_keystore
+searchservice.client-cert={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+searchservice.client-cert-password=${KEYSTORE_PASSWORD}
+searchservice.truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+searchservice.truststore-password=${TRUSTSTORE_PASSWORD}
schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties
--- /dev/null
+<configuration scan="true" scanPeriod="3 seconds" debug="false">
+ <!--{{/*
+ # Copyright © 2018 AT&T
+ # Copyright © 2021 Orange
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+ */}}-->
+ <!--<jmxConfigurator /> -->
+ <!-- directory path for all other type logs -->
+
+ <property name="logDir" value="/var/log/onap" />
+
+ <!-- <ECOMP-component-name>::= "MSO" | "DCAE" | "ASDC " | "AAI" |"Policy"
+ | "SDNC" | "AC" -->
+ <property name="componentName" value="AAI-UI"></property>
+
+ <!-- default eelf log file names -->
+ <property name="generalLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+
+ <property name="errorLogPattern" value="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX}|%mdc{RequestId}|%thread|AAIUI|%mdc{PartnerName}|%logger|%.-5level|%msg%n" />
+ <property name="auditMetricPattern" value="%m%n" />
+
+ <property name="logDirectory" value="${logDir}/${componentName}" />
+
+
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+
+ <appender name="EELF" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELF" class="ch.qos.logback.classic.AsyncAppender">
+ <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELF" />
+ </appender>
+
+
+ <!-- EELF Audit Appender. This appender is used to record audit engine related
+ logging events. The audit logger and appender are specializations of the
+ EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n"</pattern> -->
+ <pattern>${auditMetricPattern}</pattern>
+ </encoder>
+ </appender>
+
+
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip
+</fileNamePattern>
+ <maxHistory>60</maxHistory>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${errorLogPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>256</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>false</includeCallerData>
+ </appender>
+
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf" level="info" additivity="false">
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+
+ <!-- Spring related loggers -->
+ <logger name="org.springframework" level="WARN" />
+ <logger name="org.springframework.beans" level="WARN" />
+ <logger name="org.springframework.web" level="WARN" />
+ <logger name="com.blog.spring.jms" level="WARN" />
+
+ <!-- Sparky loggers -->
+ <logger name="org.onap" level="INFO">
+ <appender-ref ref="STDOUT" />
+ </logger>
+
+ <!-- Other Loggers that may help troubleshoot -->
+ <logger name="net.sf" level="WARN" />
+ <logger name="org.apache.commons.httpclient" level="WARN" />
+ <logger name="org.apache.commons" level="WARN" />
+ <logger name="org.apache.coyote" level="WARN" />
+ <logger name="org.apache.jasper" level="WARN" />
+
+ <!-- Camel Related Loggers (including restlet/servlet/jaxrs/cxf logging.
+ May aid in troubleshooting) -->
+ <logger name="org.apache.camel" level="WARN" />
+ <logger name="org.apache.cxf" level="WARN" />
+ <logger name="org.apache.camel.processor.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.jaxrs.interceptor" level="WARN" />
+ <logger name="org.apache.cxf.service" level="WARN" />
+ <logger name="org.restlet" level="WARN" />
+ <logger name="org.apache.camel.component.restlet" level="WARN" />
+
+ <!-- logback internals logging -->
+ <logger name="ch.qos.logback.classic" level="WARN" />
+ <logger name="ch.qos.logback.core" level="WARN" />
+
+ <root>
+ <appender-ref ref="asyncEELF" />
+ <appender-ref ref="STDOUT" />
+ <!-- <appender-ref ref="asyncEELFDebug" /> -->
+ </root>
+
+</configuration>
\ No newline at end of file
ext_req_read_timeout=20000
#Add AAF namespace if the app is centralized
-auth_namespace={{.Values.config.aafNamespace}}
+auth_namespace={{ .Values.certInitializer.fqi_namespace }}
# AAF Environment Designation
#if you are running aaf service from a docker image you have to use aaf service IP and port number
-aaf_id={{.Values.config.aafUsername}}
+aaf_id={{ .Values.certInitializer.fqi }}
#Encrypt the password using AAF Jar
-aaf_password={{.Values.config.aafPassword}}
+aaf_password={{ .Values.certInitializer.aafDeployPass }}
# Sample CADI Properties, from CADI 1.4.2
#hostname=org.onap.aai.orr
csp_domain=PROD
# Add Absolute path to Keyfile
-cadi_keyfile={{.Values.config.cadiKeyFile}}
+cadi_keyfile={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+cadi_keystore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD}
+
+cadi_alias={{ .Values.certInitializer.fqi }}
# This is required to accept Certificate Authentication from Certman certificates.
# can be TEST, IST or PROD
cadi_loglevel=DEBUG
# Add Absolute path to truststore2018.jks
-cadi_truststore={{.Values.config.cadiTrustStore}}
+cadi_truststore={{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs
-cadi_truststore_password={{.Values.config.cadiTrustStorePassword}}
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
# how to turn on SSL Logging
#javax.net.debug=ssl
# limitations under the License.
*/}}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-prop
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/application/*").AsConfig . | indent 2 }}
---
apiVersion: v1
kind: ConfigMap
release: {{ include "common.release" . }}
name: {{ include "common.name" . }}
spec:
- initContainers:
+ initContainers: {{ include "common.certInitializer.initContainer" . | nindent 6 }}
+ - command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+ | xargs -0)
+ if [ -z "$KEYSTORE_PASSWORD" ]
+ then
+ echo " /!\ certificates retrieval failed"
+ exit 1
+ fi
+ echo "*** write them in portal part"
+ cd /config-input
+ for PFILE in `ls -1 .`
+ do
+ envsubst <${PFILE} >/config/${PFILE}
+ done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config-input
+ name: portal-config-input
+ - mountPath: /config
+ name: portal-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ name: {{ include "common.name" . }}-update-config
- command:
- /app/ready.py
args:
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-
- volumeMounts:
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ echo "*** retrieve Truststore and Keystore password"
+ export $(cat {{ .Values.certInitializer.credsPath }}/mycreds.prop \
+ | xargs -0)
+ echo "*** actual launch of AAI Sparky BE"
+ /opt/app/sparky/bin/start.sh
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12
- name: {{ include "common.fullname" . }}-auth-config
- subPath: client-cert-onap.p12
-
- mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties
- name: {{ include "common.fullname" . }}-auth-config
+ name: auth-config
subPath: csp-cookie-filter.properties
-
- - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12
- name: {{ include "common.fullname" . }}-auth-config
- subPath: org.onap.aai.p12
-
- - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks
- name: aai-common-aai-auth-mount
- subPath: truststoreONAPall.jks
-
- mountPath: /opt/app/sparky/config/portal/
- name: {{ include "common.fullname" . }}-portal-config
-
+ name: portal-config
- mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/
- name: {{ include "common.fullname" . }}-portal-config-props
-
+ name: portal-config-props
- mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
-
+ name: logs
- mountPath: /opt/app/sparky/config/application.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application.properties
-
- mountPath: /opt/app/sparky/config/application-resources.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-resources.properties
-
- mountPath: /opt/app/sparky/config/application-ssl.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-ssl.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-default.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-default.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-override.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-override.properties
-
- mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: application-oxm-schema-prod.properties
-
- mountPath: /opt/app/sparky/config/roles.config
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: roles.config
-
- mountPath: /opt/app/sparky/config/users.config
- name: {{ include "common.fullname" . }}-properties
+ name: config
subPath: users.config
-
+ - mountPath: /opt/app/sparky/config/logging/logback.xml
+ name: config
+ subPath: logback.xml
ports:
- containerPort: {{ .Values.service.internalPort }}
# disable liveness probe when breakpoints set in debugger
subPath: filebeat.yml
name: filebeat-conf
- mountPath: /var/log/onap
- name: {{ include "common.fullname" . }}-logs
+ name: logs
- mountPath: /usr/share/filebeat/data
name: aai-sparky-filebeat
resources:
{{ include "common.resources" . }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
-
- - name: {{ include "common.fullname" . }}-properties
- configMap:
- name: {{ include "common.fullname" . }}-prop
-
- - name: {{ include "common.fullname" . }}-config
+ - name: config
configMap:
name: {{ include "common.fullname" . }}
-
- - name: {{ include "common.fullname" . }}-portal-config
+ - name: portal-config
+ emptyDir:
+ medium: Memory
+ - name: portal-config-input
configMap:
name: {{ include "common.fullname" . }}-portal
-
- - name: {{ include "common.fullname" . }}-portal-config-props
+ - name: portal-config-props
configMap:
name: {{ include "common.fullname" . }}-portal-props
-
- - name: {{ include "common.fullname" . }}-auth-config
+ - name: auth-config
secret:
secretName: {{ include "common.fullname" . }}
-
- - name: aai-common-aai-auth-mount
- secret:
- secretName: aai-common-aai-auth
-
- name: filebeat-conf
configMap:
name: aai-filebeat
- - name: {{ include "common.fullname" . }}-logs
+ - name: logs
emptyDir: {}
- name: aai-sparky-filebeat
emptyDir: {}
searchData:
serviceName: aai-search-data
+
+#################################################################
+# Certificate configuration
+#################################################################
+certInitializer:
+ nameOverride: aai-sparky-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: "aai"
+ app_ns: "org.osaaf.aaf"
+ fqi_namespace: "org.onap.aai"
+ fqi: "aai@aai.onap.org"
+ public_fqdn: "aaf.osaaf.org"
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing passwords into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
+
# application image
image: onap/sparky-be:2.0.3
pullPolicy: Always
portalPassword: OBF:1t2v1vfv1unz1vgz1t3b
portalCookieName: UserId
portalAppRoles: ui_view
- aafUsername: aai@aai.onap.org
- aafNamespace: org.onap.aai
- aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz
- cadiKeyFile: /opt/app/sparky/config/portal/keyFile
- cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks
cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties
- cadiTrustStorePassword: changeit
cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor
# ONAP Cookie Processing - During initial development, the following flag, if true, will
/bin/bash /opt/app/aai-traversal/docker-entrypoint.sh
env:
- name: TRUSTORE_ALL_PASSWORD
- value: {{ .Values.certInitializer.truststoreAllPassword }}
+ value: {{ .Values.certInitializer.truststorePassword }}
- name: DISABLE_UPDATE_QUERY
value: {{ .Values.config.disableUpdateQuery | quote }}
- name: LOCAL_USER_ID
credsPath: /opt/app/osaaf/local
fqi_namespace: org.onap.aai-traversal
aaf_add_config: |
- echo "*** retrieving password for keystore and trustore"
- export $(/opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- if [ -z "$cadi_keystore_password_p12" ]
- then
- echo " /!\ certificates retrieval wasn't good"
- exit 1
- else
- echo "*** writing passwords into prop file"
- echo "KEYSTORE_PASSWORD=${cadi_keystore_password_p12}" > {{ .Values.credsPath }}/mycreds.prop
- echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> {{ .Values.credsPath }}/mycreds.prop
- echo "*** change ownership of certificates to targeted user"
- chown -R 1000 {{ .Values.credsPath }}
- fi
- truststoreAllPassword: changeit
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSTORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${TRUSTSTORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 {{ .Values.credsPath }}
# application image
image: onap/aai-traversal:1.8.0
cadi_latitude: "0.0"
credsPath: /opt/app/osaaf/local
aaf_add_config: |
- echo "*** retrieving passwords from AAF"
- /opt/app/aaf_config/bin/agent.sh local showpass \
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
- export $(grep '^c' {{ .Values.credsPath }}/mycreds.prop | xargs -0)
echo "*** transform AAF certs into pem files"
mkdir -p {{ .Values.credsPath }}/certs
keytool -exportcert -rfc -file {{ .Values.credsPath }}/certs/cacert.pem \
waiting_bundles=$(/opt/opendaylight/current/bin/client bundle:list | grep Waiting | wc -l)
run_level=$(/opt/opendaylight/current/bin/client system:start-level)
- if [ "$run_level" == "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
+ if [ "$run_level" = "Level 100" ] && [ "$waiting_bundles" -lt "1" ]
then
echo APPC is healthy.
else
+#!/bin/sh
+
{{/*
###
# ============LICENSE_START=======================================================
#set -x
*/}}
-function enable_odl_cluster(){
+enable_odl_cluster () {
if [ -z $APPC_REPLICAS ]; then
echo "APPC_REPLICAS is not configured in Env field"
exit
show databases like 'sdnctl';
END
)
- if [ "x${sdnc_db_exists}" == "x" ]
+ if [ "x${sdnc_db_exists}" = "x" ]
then
echo "Installing SDNC database"
${SDNC_HOME}/bin/installSdncDb.sh
show databases like 'appcctl';
END
)
- if [ "x${appc_db_exists}" == "x" ]
+ if [ "x${appc_db_exists}" = "x" ]
then
echo "Installing APPC database"
${APPC_HOME}/bin/installAppcDb.sh
+#!/bin/sh
+
{{/*
###
# ============LICENSE_START=======================================================
+#!/bin/sh
+
{{/*
###
# ============LICENSE_START=======================================================
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-blueprintsprocessor:1.0.3
+image: onap/ccsdk-blueprintsprocessor:1.1.2
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-commandexecutor:1.0.3
+image: onap/ccsdk-commandexecutor:1.1.2
pullPolicy: Always
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-py-executor:1.0.3
+image: onap/ccsdk-py-executor:1.1.2
pullPolicy: Always
# default number of instances
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-sdclistener:1.0.3
+image: onap/ccsdk-sdclistener:1.1.2
name: sdc-listener
pullPolicy: Always
{{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
# application image
-image: onap/ccsdk-cds-ui-server:1.0.3
+image: onap/ccsdk-cds-ui-server:1.1.2
pullPolicy: Always
# application configuration
ss="snapshots"
me=`basename $0`
-function find_target_table_name()
+find_target_table_name ()
{
dest_path=$1
keyspace_name=$2
printf $dest_table_name
}
-function print_usage()
+print_usage ()
{
echo "NAME"
echo " Script to restore Cassandra database from Nuvo/Cain snapshot"
done
# Validate inputs
-if [ "$base_db_dir" == "" ] || [ "$ss_dir" == "" ] || [ "$keyspace_name" == "" ]
+if [ "$base_db_dir" = "" ] || [ "$ss_dir" = "" ] || [ "$keyspace_name" = "" ]
then
echo ""
echo ">>>>>>>>>>Not all inputs provided, please check usage >>>>>>>>>>"
for f in $CERTS_DIR/*; do
export canonical_name_nob64=$(echo $f | sed 's/.*\/\([^\/]*\)/\1/')
export canonical_name_b64=$(echo $f | sed 's/.*\/\([^\/]*\)\(\.b64\)/\1/')
- if [ "$AAF_ENABLED" == "false" ] && [ "$canonical_name_b64" == "$ONAP_TRUSTSTORE" ]; then
+ if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_b64" = "$ONAP_TRUSTSTORE" ]; then
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ "$AAF_ENABLED" == "false" ] && [ "$canonical_name_nob64" == "$ONAP_TRUSTSTORE" ]; then
+ if [ "$AAF_ENABLED" = "false" ] && [ "$canonical_name_nob64" = "$ONAP_TRUSTSTORE" ]; then
# Dont use onap truststore when aaf is disabled
continue
fi
- if [ ${f: -3} == ".sh" ]; then
+ if [ ${f: -3} = ".sh" ]; then
continue
fi
- if [ ${f: -4} == ".b64" ]
+ if [ ${f: -4} = ".b64" ]
then
base64 -d $f > $WORK_DIR/`basename $f .b64`
else
done
# Prepare truststore output file
-if [ "$AAF_ENABLED" == "true" ]
+if [ "$AAF_ENABLED" = "true" ]
then
mv $WORK_DIR/$ONAP_TRUSTSTORE $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME
else
# Import Custom Certificates
for f in $WORK_DIR/*; do
- if [ ${f: -4} == ".pem" ]; then
+ if [ ${f: -4} = ".pem" ]; then
echo "importing certificate: $f"
keytool -import -file $f -alias `basename $f` -keystore $WORK_DIR/$TRUSTSTORE_OUTPUT_FILENAME -storepass $TRUSTSTORE_PASSWORD -noprompt
if [ $? != 0 ]; then
+#!/bin/sh
+
{{/*
# Copyright © 2021 Orange
#
# See the License for the specific language governing permissions and
# limitations under the License.
*/}}
-#!/bin/sh
-
echo "*** retrieving passwords for certificates"
export $(/opt/app/aaf_config/bin/agent.sh local showpass \
{{.Values.fqi}} {{ .Values.fqdn }} | grep '^c' | xargs -0)
- name: common
version: ~8.x-0
repository: 'file://../common'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: 'file://../cmpv2Config'
#
# To request a certificate following steps are to be done:
# - create an object 'certificates' in the values.yaml
-# - create a file templates/certificates.yaml and invoke the function "certManagerCertificate.certificate".
+# - create a file templates/certificate.yaml and invoke the function "certManagerCertificate.certificate".
#
# Here is an example of the certificate request for a component:
#
# passwordSecretRef:
# name: secret-name
# key: secret-key
+# create: true
#
# Fields 'name', 'secretName' and 'commonName' are mandatory and required to be defined.
# Other mandatory fields for the certificate definition do not have to be defined directly,
{{/*# General certifiacate attributes #*/}}
{{- $name := include "common.fullname" $dot -}}
{{- $certName := default (printf "%s-cert-%d" $name $i) $certificate.name -}}
-{{- $secretName := default (printf "%s-secret-%d" $name $i) $certificate.secretName -}}
+{{- $secretName := default (printf "%s-secret-%d" $name $i) (tpl (default "" $certificate.secretName) $ ) -}}
{{- $commonName := (required "'commonName' for Certificate is required." $certificate.commonName) -}}
{{- $renewBefore := default $subchartGlobal.certificate.default.renewBefore $certificate.renewBefore -}}
{{- $duration := default $subchartGlobal.certificate.default.duration $certificate.duration -}}
{{- if $certificate.issuer -}}
{{- $issuer = $certificate.issuer -}}
{{- end -}}
----
-{{- if $certificate.keystore }}
+{{/*# Secret #*/}}
+{{ if $certificate.keystore -}}
{{- $passwordSecretRef := $certificate.keystore.passwordSecretRef -}}
- {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote }}
+ {{- $password := include "common.createPassword" (dict "dot" $dot "uid" $certName) | quote -}}
+ {{- if $passwordSecretRef.create }}
apiVersion: v1
kind: Secret
metadata:
type: Opaque
stringData:
{{ $passwordSecretRef.key }}: {{ $password }}
-{{- end }}
+ {{- end }}
+{{ end -}}
---
apiVersion: cert-manager.io/v1
kind: Certificate
{{- if $duration }}
duration: {{ $duration }}
{{- end }}
+ {{- if $certificate.isCA }}
+ isCA: {{ $certificate.isCA }}
+ {{- end }}
+ {{- if $certificate.usages }}
+ usages:
+ {{- range $usage := $certificate.usages }}
+ - {{ $usage }}
+ {{- end }}
+ {{- end }}
subject:
organizations:
- {{ $subject.organization }}
{{- end }}
{{- end }}
issuerRef:
+ {{- if not (eq $issuer.kind "Issuer" ) }}
group: {{ $issuer.group }}
+ {{- end }}
kind: {{ $issuer.kind }}
name: {{ $issuer.name }}
{{- if $certificate.keystore }}
{{ $outputType }}:
create: true
passwordSecretRef:
- name: {{ $certificate.keystore.passwordSecretRef.name }}
+ name: {{ tpl (default "" $certificate.keystore.passwordSecretRef.name) $ }}
key: {{ $certificate.keystore.passwordSecretRef.key }}
{{- end }}
{{- end }}
{{- $certsLinkCommand = (printf "ln -s %s %s; %s" $sourcePath $destnationPath $certsLinkCommand) -}}
{{- end -}}
{{ $certsLinkCommand }}
-{{- end -}}
+{{- end -}}
\ No newline at end of file
- name: repositoryGenerator
version: ~8.x-0
repository: 'file://../repositoryGenerator'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: 'file://../cmpv2Config'
{{- define "common.certServiceClient.initContainer" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}
{{- $requestUrl := $subchartGlobal.platform.certServiceClient.envVariables.requestURL -}}
{{- $certPath := $subchartGlobal.platform.certServiceClient.envVariables.certPath -}}
{{- $requestTimeout := $subchartGlobal.platform.certServiceClient.envVariables.requestTimeout -}}
-{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.secret.mountPath -}}
-{{- $keystorePath := $subchartGlobal.platform.certServiceClient.envVariables.keystorePath -}}
-{{- $keystorePassword := $subchartGlobal.platform.certServiceClient.envVariables.keystorePassword -}}
-{{- $truststorePath := $subchartGlobal.platform.certServiceClient.envVariables.truststorePath -}}
-{{- $truststorePassword := $subchartGlobal.platform.certServiceClient.envVariables.truststorePassword -}}
+{{- $certificatesSecret:= $subchartGlobal.platform.certServiceClient.clientSecretName -}}
+{{- $certificatesSecretMountPath := $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath -}}
+{{- $keystorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.keystoreKeyRef ) -}}
+{{- $keystorePasswordSecret := $subchartGlobal.platform.certificates.keystorePasswordSecretName -}}
+{{- $keystorePasswordSecretKey := $subchartGlobal.platform.certificates.keystorePasswordSecretKey -}}
+{{- $truststorePath := (printf "%s%s" $subchartGlobal.platform.certServiceClient.certificatesSecretMountPath $subchartGlobal.platform.certificates.truststoreKeyRef ) -}}
+{{- $truststorePasswordSecret := $subchartGlobal.platform.certificates.truststorePasswordSecretName -}}
+{{- $truststorePasswordSecretKey := $subchartGlobal.platform.certificates.truststorePasswordSecretKey -}}
- name: certs-init-{{ $index }}
image: {{ include "repositoryGenerator.image.certserviceclient" $dot }}
imagePullPolicy: {{ $dot.Values.global.pullPolicy | default $dot.Values.pullPolicy }}
- name: KEYSTORE_PATH
value: {{ $keystorePath | quote }}
- name: KEYSTORE_PASSWORD
- value: {{ $keystorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $keystorePasswordSecret | quote}}
+ key: {{ $keystorePasswordSecretKey | quote}}
- name: TRUSTSTORE_PATH
value: {{ $truststorePath | quote }}
- name: TRUSTSTORE_PASSWORD
- value: {{ $truststorePassword | quote }}
+ valueFrom:
+ secretKeyRef:
+ name: {{ $truststorePasswordSecret | quote}}
+ key: {{ $truststorePasswordSecretKey | quote}}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
{{- define "common.certServiceClient.volumes" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
-{{- $certificatesSecretName := $subchartGlobal.platform.certServiceClient.secret.name -}}
+{{- $certificatesSecretName := $subchartGlobal.platform.certificates.clientSecretName -}}
- name: certservice-tls-volume
secret:
secretName: {{ $certificatesSecretName }}
{{- define "common.certServiceClient.volumeMounts" -}}
{{- $dot := default . .dot -}}
-{{- $initRoot := default $dot.Values.cmpv2Certificate .initRoot -}}
+{{- $initRoot := default $dot.Values.cmpv2Certificate.cmpv2Config .initRoot -}}
{{- $subchartGlobal := mergeOverwrite (deepCopy $initRoot.global) $dot.Values.global -}}
{{- if and $subchartGlobal.cmpv2Enabled (not $subchartGlobal.CMPv2CertManagerIntegration) -}}
{{- range $index, $certificate := $dot.Values.certificates -}}
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
-#################################################################
-# Global configuration default values that can be inherited by
-# all subcharts.
-#################################################################
-global:
- # Enabling CMPv2
- cmpv2Enabled: true
- CMPv2CertManagerIntegration: false
-
- certificate:
- default:
- subject:
- organization: "Linux-Foundation"
- country: "US"
- locality: "San-Francisco"
- province: "California"
- organizationalUnit: "ONAP"
-
- platform:
- certServiceClient:
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
- envVariables:
- certPath: "/var/custom-certs"
- # Client configuration related
- caName: "RA"
- requestURL: "https://oom-cert-service:8443/v1/certificate/"
- requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
- outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
# See the License for the specific language governing permissions and
# limitations under the License.
global:
+
+ # Enabling CMPv2
+ cmpv2Enabled: true
+ CMPv2CertManagerIntegration: false
+
+ certificate:
+ default:
+ subject:
+ organization: "Linux-Foundation"
+ country: "US"
+ locality: "San-Francisco"
+ province: "California"
+ organizationalUnit: "ONAP"
+
platform:
+ certificates:
+ clientSecretName: oom-cert-service-client-tls-secret
+ keystoreKeyRef: keystore.jks
+ truststoreKeyRef: truststore.jks
+ keystorePasswordSecretName: oom-cert-service-keystore-password
+ keystorePasswordSecretKey: password
+ truststorePasswordSecretName: oom-cert-service-truststore-password
+ truststorePasswordSecretKey: password
certServiceClient:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- secretName: oom-cert-service-client-tls-secret
+ certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
envVariables:
+ certPath: "/var/custom-certs"
# Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
+ caName: "RA"
# Client configuration related
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePassword: "secret"
- truststorePassword: "secret"
+ outputType: "P12"
certPostProcessor:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-post-processor:2.3.3
*/}}
{{- define "common.masterPassword" -}}
{{ if .Values.masterPasswordOverride }}
- {{- printf "%d" .Values.masterPasswordOverride -}}
+ {{- printf "%s" .Values.masterPasswordOverride -}}
{{ else if .Values.global.masterPassword }}
- {{- printf "%d" .Values.global.masterPassword -}}
+ {{- printf "%s" .Values.global.masterPassword -}}
{{ else if .Values.masterPassword }}
- {{- printf "%d" .Values.masterPassword -}}
+ {{- printf "%s" .Values.masterPassword -}}
{{ else if eq "testRelease" (include "common.release" .) }}
{{/* Special case for chart liniting. DON"T NAME YOUR PRODUCTION RELEASE testRelease */}}
{{- printf "testRelease" -}}
--- /dev/null
+{{/*
+# Copyright © 2021 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+{{/*
+ Generate comma separated list of kafka or zookeper nodes to reuse in message router charts.
+ How to use:
+
+ zookeeper servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
+ kafka servers list: {{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
+
+*/}}
+{{- define "common.kafkaNodes" -}}
+{{- $dot := .dot -}}
+{{- $replicaCount := .replicaCount -}}
+{{- $componentName := .componentName -}}
+{{- $port := .port -}}
+{{- $kafkaNodes := list -}}
+{{- range $i, $e := until (int $replicaCount) -}}
+{{- $kafkaNodes = print (include "common.release" $dot) "-" $componentName "-" $i "." $componentName "." (include "common.namespace" $dot) ".svc.cluster.local:" $port | append $kafkaNodes -}}
+{{- end -}}
+{{- $kafkaNodes | join "," -}}
+{{- end -}}
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-dgbuilder-image:1.0.2
+image: onap/ccsdk-dgbuilder-image:1.1.1
pullPolicy: Always
# flag to enable debugging - application support required
innodb_flush_log_at_trx_commit=2
# MYISAM REPLICATION SUPPORT #
wsrep_replicate_myisam=ON
+ binlog_format=row
+ default_storage_engine=InnoDB
+ innodb_autoinc_lock_mode=2
+ transaction-isolation=READ-COMMITTED
+ wsrep_causal_reads=1
+ wsrep_sync_wait=7
[mariadb]
plugin_load_add=auth_pam
# Debug Setup. Uses env variables
# DEBUG and DEBUG_PORT
# DEBUG=true/false | DEBUG_PORT=<Port valie must be integer>
-if [ "${DEBUG}" == "true" ]; then
- if [ "${DEBUG_PORT}" == "" ]; then
+if [ "${DEBUG}" = "true" ]; then
+ if [ "${DEBUG_PORT}" = "" ]; then
DEBUG_PORT=8000
fi
echo "Debug mode on"
# Application configuration defaults.
#################################################################
# application image
-image: onap/ccsdk-apps-ms-neng:1.0.2
+image: onap/ccsdk-apps-ms-neng:1.1.1
pullPolicy: IfNotPresent
# application configuration
#argument: yaml file
#calling syntax: parse_yaml <yaml_file_name>
-function parse_yaml {
+parse_yaml () {
local prefix=$2
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
sed -ne "s|^\($s\):|\1|" \
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
+#!/bin/sh
+
{{/*
# Copyright © 2019 Bell Canada
#
target_machine_notice_info
}
-if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
usage
-elif [[ $# -eq 1 ]] && [[ $1 == "--info" ]]; then
+elif [[ $# -eq 1 ]] && [[ $1 = "--info" ]]; then
target_machine_notice_info
else
deploy $@
generate_config_map $@
}
-if [[ $# -eq 1 ]] && [[ $1 == "-h" || $1 == "--help" ]]; then
+if [[ $# -eq 1 ]] && [[ $1 = "-h" || $1 = "--help" ]]; then
usage
elif [[ $# -eq 0 ]]; then
automatic_configuration
BASE_URL="https://nexus3.onap.org/repository/docker.release"
-if [ "$GERRIT_BRANCH" == "staging" ]; then
+if [ "$GERRIT_BRANCH" = "staging" ]; then
exit 0
fi
helm init --service-account tiller
kubectl -n kube-system rollout status deploy/tiller-deploy
echo "upgrade server side of helm in kubernetes"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm version
else
sudo helm version
fi
echo "sleep 30"
sleep 30
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm init --upgrade
else
sudo helm init --upgrade
echo "sleep 30"
sleep 30
echo "verify both versions are the same below"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm version
else
sudo helm version
fi
echo "start helm server"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm serve &
else
sudo helm serve &
echo "sleep 30"
sleep 30
echo "add local helm repo"
- if [ "$USERNAME" == "root" ]; then
+ if [ "$USERNAME" = "root" ]; then
helm repo add local http://127.0.0.1:8879
helm repo list
else
change-log: classpath:changelog/changelog-master.yaml
labels: ${LIQUIBASE_LABELS}
+security:
+ # comma-separated uri patterns which do not require authorization
+ permit-uri: /manage/health/**,/manage/info,/swagger-ui/**,/swagger-resources/**,/v3/api-docs
+ auth:
+ username: ${CPS_USERNAME}
+ password: ${CPS_PASSWORD}
+
# Actuator
management:
endpoints:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
- name: LIQUIBASE_LABELS
value: {{ .Values.config.liquibaseLabels }}
+ - name: CPS_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
+ - name: CPS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
volumeMounts:
- mountPath: /config-input
name: init-data-input
path: {{ .Values.readiness.path }}
initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
periodSeconds: {{ .Values.readiness.periodSeconds }}
- env:
- - name: CPS_USERNAME
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 12 }}
- - name: CPS_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 12 }}
resources: {{ include "common.resources" . | nindent 10 }}
{{- if .Values.nodeSelector }}
nodeSelector: {{ toYaml .Values.nodeSelector | nindent 12 }}
virtualhost:
baseurl: "simpledemo.onap.org"
-image: onap/cps-and-nf-proxy:1.0.0
+image: onap/cps-and-nf-proxy:1.0.1
containerPort: &svc_port 8080
service:
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
+image: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.8.0
pullPolicy: Always
# log directory where logging sidecar should look for log files
security.keys.trustStoreFile: /etc/ves-hv/ssl/trust.jks
security.keys.trustStorePasswordFile: /etc/ves-hv/ssl/trust.pass
streams_publishes:
+ ves-3gpp-fault-supervision:
+ type: kafka
+ aaf_credentials:
+ username: ${AAF_USER}
+ password: ${AAF_PASSWORD}
+ kafka_info:
+ bootstrap_servers: message-router-kafka:9092
+ topic_name: SEC_3GPP_FAULTSUPERVISION_OUTPUT
+ ves-3gpp-provisioning:
+ type: kafka
+ aaf_credentials:
+ username: ${AAF_USER}
+ password: ${AAF_PASSWORD}
+ kafka_info:
+ bootstrap_servers: message-router-kafka:9092
+ topic_name: SEC_3GPP_PROVISIONING_OUTPUT
+ ves-3gpp-heartbeat:
+ type: kafka
+ aaf_credentials:
+ username: ${AAF_USER}
+ password: ${AAF_PASSWORD}
+ kafka_info:
+ bootstrap_servers: message-router-kafka:9092
+ topic_name: SEC_3GPP_HEARTBEAT_OUTPUT
+ ves-3gpp-performance-assurance:
+ type: kafka
+ aaf_credentials:
+ username: ${AAF_USER}
+ password: ${AAF_PASSWORD}
+ kafka_info:
+ bootstrap_servers: message-router-kafka:9092
+ topic_name: SEC_3GPP_PERFORMANCEASSURANCE_OUTPUT
perf3gpp:
type: kafka
aaf_credentials:
collector.truststore.file.location: /opt/app/dcae-certificate/trust.jks
collector.truststore.passwordfile: /opt/app/dcae-certificate/trust.pass
collector.schema.checkflag: "1"
- collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2_ONAP.json\"}"
+ collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.2.1_ONAP.json\"}"
collector.externalSchema.checkflag: 1
collector.externalSchema.schemasLocation: "./etc/externalRepo/"
collector.externalSchema.mappingFileLocation: "./etc/externalRepo/schema-map.json"
+++ /dev/null
-{{/*
-#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ============LICENSE_END=========================================================
-*/}}
-
-{
-{{ if .Values.componentImages.holmes_engine }}
- "he_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_engine }}',
-{{ end }}
- "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
- "dcae_CL_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.DCAE_CL_OUTPUT",
- "ves_fault_publish_url": "http://{{ .Values.config.address.message_router }}.{{include "common.namespace" . }}:3904/events/unauthenticated.SEC_FAULT_OUTPUT",
- "pgaas_cluster_name" : "{{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}",
- "database_name":"holmes"
-}
- --container-name
- consul-server
- --container-name
- - msb-discovery
- - --container-name
- - kube2msb
- - --container-name
- dcae-config-binding-service
- --container-name
- dcae-db
#============LICENSE_START========================================================
#=================================================================================
-# Copyright (c) 2018-2020 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2018-2021 AT&T Intellectual Property. All rights reserved.
# Modifications Copyright © 2018 Amdocs, Bell Canada
# Copyright (c) 2021 J. F. Lucas. All rights reserved.
# ================================================================================
disableNfsProvisioner: true
# application image
-image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.3
+image: onap/org.onap.dcaegen2.deployments.k8s-bootstrap-container:3.0.4
default_k8s_location: central
# DCAE component images to be deployed via Cloudify Manager
# Use to override default setting in blueprints
componentImages:
- holmes_rules: onap/holmes/rule-management:1.2.9
- holmes_engine: onap/holmes/engine-management:1.2.9
tcagen2: onap/org.onap.dcaegen2.analytics.tca-gen2.dcae-analytics-tca-web:1.2.1
ves: onap/org.onap.dcaegen2.collectors.ves.vescollector:1.8.0
- snmptrap: onap/org.onap.dcaegen2.collectors.snmptrap:2.0.4
prh: onap/org.onap.dcaegen2.services.prh.prh-app-server:1.5.6
- hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.6.0
- datafile_collector: onap/org.onap.dcaegen2.collectors.datafile.datafile-app-server:1.5.4
+ hv_ves: onap/org.onap.dcaegen2.collectors.hv-ves.hv-collector-main:1.8.0
# Resource Limit flavor -By Default using small
flavor: small
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certServiceClient.image }}",
"request_url": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestURL }}",
"timeout": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.requestTimeout }}",
- "country": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Country }}",
- "organization": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Organization }}",
- "state": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2State }}",
- "organizational_unit": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2OrganizationalUnit }}",
- "location": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.cmpv2Location }}",
- "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certServiceClient.secretName }}",
- "keystore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.keystorePassword }}",
- "truststore_password": "{{ .Values.cmpv2Config.global.platform.certServiceClient.envVariables.truststorePassword }}"
+ "country": "{{ .Values.cmpv2Config.global.certificate.default.subject.country }}",
+ "organization": "{{ .Values.cmpv2Config.global.certificate.default.subject.organization }}",
+ "state": "{{ .Values.cmpv2Config.global.certificate.default.subject.province }}",
+ "organizational_unit": "{{ .Values.cmpv2Config.global.certificate.default.subject.organizationalUnit }}",
+ "location": "{{ .Values.cmpv2Config.global.certificate.default.subject.locality }}",
+ "cert_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName }}",
+ "keystore_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.keystoreKeyRef }}",
+ "truststore_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.truststoreKeyRef }}",
+ "keystore_password_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}",
+ "keystore_password_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretKey }}",
+ "truststore_password_secret_name": "{{ .Values.cmpv2Config.global.platform.certificates.truststorePasswordSecretName }}",
+ "truststore_password_secret_key": "{{ .Values.cmpv2Config.global.platform.certificates.truststorePasswordSecretKey }}"
},
"cert_post_processor": {
"image_tag": "{{ include "repositoryGenerator.repository" . }}/{{ .Values.cmpv2Config.global.platform.certPostProcessor.image }}"
# Application configuration defaults.
#################################################################
# application image
-image: onap/org.onap.dcaegen2.deployments.cm-container:4.4.2
+image: onap/org.onap.dcaegen2.deployments.cm-container:4.5.0
pullPolicy: Always
# name of shared ConfigMap with kubeconfig for multiple clusters
pullPolicy: Always
# application images
-image: onap/dmaap/dmaap-bc:2.0.4
+image: onap/dmaap/dmaap-bc:2.0.5
# application configuration
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-node:2.1.7
+image: onap/dmaap/datarouter-node:2.1.8
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/datarouter-prov:2.1.7
+image: onap/dmaap/datarouter-prov:2.1.8
pullPolicy: Always
# flag to enable debugging - application support required
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+++ /dev/null
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-
-cadi_keyfile=/etc/kafka/secrets/cert/org.onap.dmaap.mr.keyfile
-
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/etc/kafka/secrets/cert/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
\ No newline at end of file
{{- if .Values.global.aafEnabled }}
apiVersion: v1
kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/cadi.properties").AsConfig . | indent 2 }}
----
-apiVersion: v1
-kind: ConfigMap
metadata:
name: {{ include "common.fullname" . }}-jaas-configmap
namespace: {{ include "common.namespace" . }}
{{ tpl (.Files.Glob "resources/jaas/zk_client_jaas.conf").AsConfig . | indent 2 }}
---
{{- end }}
-
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
kind: ConfigMap
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $global.Values.replicaCount) }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
+ namespace: {{ include "common.namespace" $global }}
labels:
app: {{ $global.Values.service.name }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
*/}}
{{- $root := . -}}
-{{ range $i, $e := until (atoi (quote $root.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $root.Values.replicaCount) }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ $root.Values.service.name }}-{{ $i }}
- namespace: {{ $root.Release.Namespace }}
+ namespace: {{ include "common.namespace" $root }}
labels:
app: {{ $root.Values.service.name }}
chart: {{ $root.Chart.Name }}-{{ $root.Chart.Version | replace "+" "_" }}
image: {{ include "repositoryGenerator.image.envsubst" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-update-config
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
- |
export KAFKA_BROKER_ID=${HOSTNAME##*-} && \
{{- if .Values.global.aafEnabled }}
+ cp {{ .Values.certInitializer.credsPath }}/{{ .Values.certInitializer.final_cadi_files }} /etc/kafka/data/{{ .Values.certInitializer.final_cadi_files }} && \
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_SASL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_SASL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
{{ else }}
export KAFKA_ADVERTISED_LISTENERS=EXTERNAL_PLAINTEXT://$(HOST_IP):$(( $KAFKA_BROKER_ID + {{ .Values.service.baseNodePort }} )),INTERNAL_PLAINTEXT://:{{ .Values.service.internalPort }} && \
- containerPort: {{ .Values.jmx.port }}
name: jmx
{{- end }}
- {{ if eq .Values.liveness.enabled true }}
+ {{ if eq .Values.liveness.enabled true }}
livenessProbe:
tcpSocket:
port: {{ .Values.service.internalPort }}
apiVersion: v1
fieldPath: status.hostIP
- name: KAFKA_ZOOKEEPER_CONNECT
- value: {{ include "common.release" . }}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{ include "common.release" . }}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
+ value: "{{ include "common.kafkaNodes" (dict "dot" . "replicaCount" .Values.zookeeper.replicaCount "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}"
- name: KAFKA_CONFLUENT_SUPPORT_METRICS_ENABLE
value: "{{ .Values.kafka.enableSupport }}"
- - name: KAFKA_OPTS
- value: "{{ .Values.kafka.jaasOptions }}"
{{- if .Values.global.aafEnabled }}
- name: KAFKA_OPTS
value: "{{ .Values.kafka.jaasOptionsAaf }}"
{{- end }}
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /var/run/docker.sock
name: docker-socket
- {{- if .Values.global.aafEnabled }}
- - mountPath: /etc/kafka/data/cadi.properties
- subPath: cadi.properties
- name: cadi
- {{ end }}
- name: jaas-config
mountPath: /etc/kafka/secrets/jaas
- mountPath: /var/lib/kafka/data
tolerations:
{{ toYaml .Values.tolerations | indent 10 }}
{{- end }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: jaas
configMap:
name: {{ include "common.fullname" . }}-jaas-configmap
- {{- if .Values.prometheus.jmx.enabled }}
+ {{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
name: {{ include "common.fullname" . }}-prometheus-configmap
- {{- end }}
+ {{- end }}
{{ if not .Values.persistence.enabled }}
- name: kafka-data
emptyDir: {}
nodePortPrefix: 302
persistence: {}
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-mr-kafka-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-mr
+ fqi: dmaapmr@mr.dmaap.onap.org
+ public_fqdn: mr.dmaap.onap.org
+ cadi_longitude: "-122.26147"
+ cadi_latitude: "37.78187"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ fqi_namespace: org.onap.dmaap.mr
+ final_cadi_files: cadi.properties
+ aaf_add_config: |
+ echo "*** concat the three prop files"
+ cd {{ .Values.credsPath }}
+ cat {{ .Values.fqi_namespace }}.props > {{ .Values.final_cadi_files }}
+ cat {{ .Values.fqi_namespace }}.cred.props >> {{ .Values.final_cadi_files }}
+ cat {{ .Values.fqi_namespace }}.location.props >> {{ .Values.final_cadi_files }}
+ echo "*** configuration result:"
+ cat {{ .Values.final_cadi_files }}
+ chown -R 1000 .
+
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/kafka111:1.0.4
+image: onap/dmaap/kafka111:1.0.5
pullPolicy: Always
zookeeper:
name: message-router-zookeeper
port: 2181
+ replicaCount: 3
kafka:
heapOptions: -Xmx5G -Xms1G
{{- $global := . -}}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
{{- if eq "True" (include "common.needPV" .) -}}
-{{ range $i, $e := until (atoi (quote $global.Values.replicaCount) | default 3) }}
+{{ range $i, $e := until (int $global.Values.replicaCount) }}
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ include "common.release" $global }}-{{ $global.Values.service.name }}-{{ $i }}
- namespace: {{ $global.Release.Namespace }}
+ namespace: {{ include "common.namespace" $global }}
labels:
app: {{ $global.Values.service.name }}
chart: {{ $global.Chart.Name }}-{{ $global.Chart.Version | replace "+" "_" }}
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T
+# Modifications Copyright © 2021 Orange
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# a part of this chart's package and will not
# be published independently to a repo (at this point)
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
#config.zk.servers=172.18.1.1
#config.zk.servers={{.Values.zookeeper.name}}:{{.Values.zookeeper.port}}
*/}}
-config.zk.servers={{include "common.release" .}}-{{.Values.zookeeper.name}}-0.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-1.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}},{{include "common.release" .}}-{{.Values.zookeeper.name}}-2.{{.Values.zookeeper.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.zookeeper.port}}
-
+config.zk.servers={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-zookeeper" "replicaCount") "componentName" .Values.zookeeper.name "port" .Values.zookeeper.port ) }}
#config.zk.root=/fe3c/cambria/config
## if you want to change request.required.acks it can take this one value
#kafka.metadata.broker.list=localhost:9092,localhost:9093
#kafka.metadata.broker.list={{.Values.kafka.name}}:{{.Values.kafka.port}}
-kafka.metadata.broker.list={{include "common.release" .}}-{{.Values.kafka.name}}-0.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{include "common.release" .}}-{{.Values.kafka.name}}-1.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}},{{include "common.release" .}}-{{.Values.kafka.name}}-2.{{.Values.kafka.name}}.{{.Release.Namespace}}.svc.cluster.local:{{.Values.kafka.port}}
+kafka.metadata.broker.list={{ include "common.kafkaNodes" (dict "dot" . "replicaCount" (index .Values "message-router-kafka" "replicaCount") "componentName" .Values.kafka.name "port" .Values.kafka.port ) }}
+
##kafka.request.required.acks=-1
#kafka.client.zookeeper=${config.zk.servers}
consumer.timeout.ms=100
cambria.consumer.cache.zkBasePath=/fe3c/cambria/consumerCache
consumer.timeout=17
default.partitions=3
-default.replicas=3
+default.replicas={{ index .Values "message-router-kafka" "replicaCount" }}
##############################################################################
#100mb
maxcontentlength=10000
kafka.max.poll.interval.ms=300000
kafka.heartbeat.interval.ms=60000
kafka.session.timeout.ms=240000
-kafka.max.poll.records=1000
\ No newline at end of file
+kafka.max.poll.records=1000
+++ /dev/null
-aaf_locate_url=https://aaf-locate.{{ include "common.namespace" . }}:8095
-aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
-aaf_env=DEV
-aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
-
-cadi_truststore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.trust.jks
-cadi_truststore_password=enc:mN6GiIzFQxKGDzAXDOs7b4j8DdIX02QrZ9QOWNRpxV3rD6whPCfizSMZkJwxi_FJ
-
-cadi_keyfile=/appl/dmaapMR1/etc/org.onap.dmaap.mr.keyfile
-
-cadi_alias=dmaapmr@mr.dmaap.onap.org
-cadi_keystore=/appl/dmaapMR1/etc/org.onap.dmaap.mr.p12
-cadi_keystore_password=enc:_JJT2gAEkRzXla5xfDIHal8pIoIB5iIos3USvZQT6sL-l14LpI5fRFR_QIGUCh5W
-cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
-
-cadi_loglevel=INFO
-cadi_protocols=TLSv1.1,TLSv1.2
-cadi_latitude=37.78187
-cadi_longitude=-122.26147
\ No newline at end of file
--- /dev/null
+###############################################################################
+# ============LICENSE_START=======================================================
+# org.onap.dmaap
+# ================================================================================
+# Copyright (c) 2017-201 AT&T Intellectual Property. All rights reserved.
+# Copyright (c) 2021 Orange Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+#
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.
+#
+###############################################################################
+#This file is used for defining AJSC system properties for different configuration schemes and is necessary for the AJSC to run properly.
+#The sys-props.properties file is used for running locally. The template.sys-props.properties file will be used when deployed
+#to a SOA/CSI Cloud node. For more information,
+
+#AJSC System Properties. The following properties are required for ALL AJSC services. If you are adding System Properties for your
+#particular service, please add them AFTER all AJSC related System Properties.
+
+#For Cadi Authorization, use value="authentication-scheme-1
+CadiAuthN=authentication-scheme-1
+
+#For Basic Authorization, use value="authentication-scheme-1
+authN=authentication-scheme-2
+
+#Persistence used for AJSC meta-data storage. For most environments, "file" should be used.
+ajscPersistence=file
+
+# If using hawtio for local development, these properties will allow for faster server startup and usage for local development
+hawtio.authenticationEnabled=false
+hawtio.config.pullOnStartup=false
+
+#Removes the extraneous restlet console output
+org.restlet.engine.loggerFacadeClass=org.restlet.ext.slf4j.Slf4jLoggerFacade
+
+#server.host property to be enabled for local DME2 related testing
+#server.host=<Your network IP address>
+
+#Enable/disable SSL (values=true/false). This property also determines which protocol to use (https if true, http otherwise), to register services into GRM through DME2.
+enableSSL=false
+
+#Enable/disable csi logging (values=true/false). This can be disabled during local development
+csiEnable=false
+
+#Enable/disable CAET This can be disabled during local development
+isCAETEnable=true
+
+#Enable/disable EJB Container
+ENABLE_EJB=false
+
+#Enable/disable OSGI
+isOSGIEnable=false
+
+#Configure JMS Queue (WMQ/TIBCO)
+JMS_BROKER=WMQ
+
+#Generate/Skip api docs
+isApiDoc=false
+
+
+#WMQ connectivity
+JMS_WMQ_PROVIDER_URL=aftdsc://AFTUAT/34.07/-84.28
+JMS_WMQ_CONNECTION_FACTORY_NAME=aftdsc://AFTUAT/?service=CSILOG,version=1.0,bindingType=fusionBus,envContext=Q,Q30A=YES
+JMS_WMQ_INITIAL_CONNECTION_FACTORY_NAME=com.att.aft.jms.FusionCtxFactory
+JMS_WMQ_AUDIT_DESTINATION_NAME=queue:///CSILOGQL.M2E.DASHBOARD01.NOT.Q30A
+JMS_WMQ_PERF_DESTINATION_NAME=queue:///CSILOGQL.M2E.PERFORMANCE01.NOT.Q30A
+
+#CSI related variables for CSM framework
+csm.hostname=d1a-m2e-q112m2e1.edc.cingular.net
+
+#Enable/disable endpoint level logging (values=true/false). This can be disabled during local development
+endpointLogging=false
+
+#Enable/disable trail logging and trail logging summary
+enableTrailLogging=false
+enableTrailLoggingSummary=false
+
+#SOA_CLOUD_ENV is used to register your service with dme2 and can be turned off for local development (values=true/false).
+SOA_CLOUD_ENV=false
+
+#CONTINUE_ON_LISTENER_EXCEPTION will exit the application if there is a DME2 exception at the time of registration.
+CONTINUE_ON_LISTENER_EXCEPTION=false
+
+#Jetty Container ThreadCount Configuration Variables
+AJSC_JETTY_ThreadCount_MIN=1
+AJSC_JETTY_ThreadCount_MAX=200
+AJSC_JETTY_IDLETIME_MAX=3000
+
+#Camel Context level default threadPool Profile configuration
+CAMEL_POOL_SIZE=10
+CAMEL_MAX_POOL_SIZE=20
+CAMEL_KEEP_ALIVE_TIME=60
+CAMEL_MAX_QUEUE_SIZE=1000
+
+#File Monitor configurations
+ssf_filemonitor_polling_interval=5
+ssf_filemonitor_threadpool_size=10
+
+#GRM/DME2 System Properties
+AFT_DME2_CONN_IDLE_TIMEOUTMS=5000
+AJSC_ENV=SOACLOUD
+
+SOACLOUD_NAMESPACE=org.onap.dmaap.dev
+SOACLOUD_ENV_CONTEXT=TEST
+SOACLOUD_PROTOCOL=http
+SOACLOUD_ROUTE_OFFER=DEFAULT
+
+AFT_LATITUDE=23.4
+AFT_LONGITUDE=33.6
+AFT_ENVIRONMENT=AFTUAT
+
+#Restlet Component Default Properties
+RESTLET_COMPONENT_CONTROLLER_DAEMON=true
+RESTLET_COMPONENT_CONTROLLER_SLEEP_TIME_MS=100
+RESTLET_COMPONENT_INBOUND_BUFFER_SIZE=8192
+RESTLET_COMPONENT_MIN_THREADS=1
+RESTLET_COMPONENT_MAX_THREADS=10
+RESTLET_COMPONENT_LOW_THREADS=8
+RESTLET_COMPONENT_MAX_QUEUED=0
+RESTLET_COMPONENT_MAX_CONNECTIONS_PER_HOST=-1
+RESTLET_COMPONENT_MAX_TOTAL_CONNECTIONS=-1
+RESTLET_COMPONENT_OUTBOUND_BUFFER_SIZE=8192
+RESTLET_COMPONENT_PERSISTING_CONNECTIONS=true
+RESTLET_COMPONENT_PIPELINING_CONNECTIONS=false
+RESTLET_COMPONENT_THREAD_MAX_IDLE_TIME_MS=60000
+RESTLET_COMPONENT_USE_FORWARDED_HEADER=false
+RESTLET_COMPONENT_REUSE_ADDRESS=true
+
+#Externalized jar and properties file location. In CSI environments, there are a few libs that have been externalized to aid
+#in CSTEM maintenance of the versions of these libs. The most important to the AJSC is the DME2 lib. Not only is this lib necessary
+#for proper registration of your AJSC service on a node, but it is also necessary for running locally as well. Another framework
+#used in CSI envs is the CSM framework. These 2 framework libs are shown as "provided" dependencies within the pom.xml. These
+#dependencies will be copied into the target/commonLibs folder with the normal "mvn clean package" goal of the AJSC. They will
+#then be added to the classpath via AJSC_EXTERNAL_LIB_FOLDERS system property. Any files (mainly property files) that need
+#to be on the classpath should be added to the AJSC_EXTERNAL_PROPERTIES_FOLDERS system property. The default scenario when
+#testing your AJSC service locally will utilize the target/commonLibs directory for DME2 and CSM related artifacts and 2
+#default csm properties files will be used for local testing with anything CSM knorelated.
+#NOTE: we are using maven-replacer-plugin to replace "(doubleUnderscore)basedir(doubleUnderscore)" with ${basedir} within the
+#target directory for running locally. Multiple folder locations can be separated by the pipe ("|") character.
+#Please, NOTE: for running locally, we are setting this system property in the antBuild/build.xml "runLocal" target and in the
+#"runAjsc" profile within the pom.xml. This is to most effectively use maven variables (${basedir}, most specifically. Therefore,
+#when running locally, the following 2 properties should be set within the profile(s) themselves.
+#Example: target/commonLibs|target/otherLibs
+#AJSC_EXTERNAL_LIB_FOLDERS=__basedir__/target/commonLibs
+#AJSC_EXTERNAL_PROPERTIES_FOLDERS=__basedir__/ajsc-shared-config/etc
+#End of AJSC System Properties
+
+#Service System Properties. Please, place any Service related System Properties below.
+
+#msgrtr content length and error message
+#100mb
+maxcontentlength=10000
+msg_size_exceeds=Message size exceeds the default size.
+forceAAF=false
+cadi_prop_files={{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.properties
\ No newline at end of file
--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- {{/*
+ ============LICENSE_START=======================================================
+ org.onap.dmaap
+ ================================================================================
+ Copyright © 2017-2021 AT&T Intellectual Property. All rights reserved.
+ Copyright © 2021 Orange Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.
+*/}}
+-->
+
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<Configure id="ajsc-server" class="org.eclipse.jetty.server.Server">
+ <!-- DO NOT REMOVE!!!! This is setting up the AJSC Context -->
+ <New id="ajscContext" class="org.eclipse.jetty.webapp.WebAppContext">
+ <Set name="contextPath"><SystemProperty name="AJSC_CONTEXT_PATH" /></Set>
+ <Set name="extractWAR">true</Set>
+ <Set name="tempDirectory"><SystemProperty name="AJSC_TEMP_DIR" /></Set>
+ <Set name="war"><SystemProperty name="AJSC_WAR_PATH" /></Set>
+ <Set name="descriptor"><SystemProperty name="AJSC_HOME" />/etc/runner-web.xml</Set>
+ <Set name="overrideDescriptor"><SystemProperty name="AJSC_HOME" />/etc/ajsc-override-web.xml</Set>
+ <Set name="throwUnavailableOnStartupException">true</Set>
+ <Set name="extraClasspath"><SystemProperty name="AJSC_HOME" />/extJars/json-20131018.jar</Set>
+ <Set name="servletHandler">
+ <New class="org.eclipse.jetty.servlet.ServletHandler">
+ <Set name="startWithUnavailable">false</Set>
+ </New>
+ </Set>
+ </New>
+
+ <Set name="handler">
+ <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection">
+ <Set name="Handlers">
+ <Array type="org.eclipse.jetty.webapp.WebAppContext">
+ <Item>
+ <Ref refid="ajscContext" />
+ </Item>
+ </Array>
+ </Set>
+ </New>
+ </Set>
+
+ <Call name="addBean">
+ <Arg>
+ <New id="DeploymentManager" class="org.eclipse.jetty.deploy.DeploymentManager">
+ <Set name="contexts">
+ <Ref refid="Contexts" />
+ </Set>
+ <Call id="extAppHotDeployProvider" name="addAppProvider">
+ <Arg>
+ <New class="org.eclipse.jetty.deploy.providers.WebAppProvider">
+ <Set name="monitoredDirName"><SystemProperty name="AJSC_HOME" />/extApps</Set>
+ <Set name="scanInterval">10</Set>
+ <Set name="extractWars">true</Set>
+ </New>
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </Call>
+
+ <Call name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTP_PORT" default="8080" /></Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <!-- SSL Keystore configuration -->
+
+ <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+ <Set name="KeyStorePath">{{.Values.certInitializer.appMountPath}}/local/{{.Values.certInitializer.fqi_namespace}}.jks</Set>
+ <Set name="KeyStorePassword">${KEYSTORE_PASSWORD}</Set>
+ <Set name="KeyManagerPassword">${KEYSTORE_PASSWORD}</Set>
+ <Set name="WantClientAuth">true</Set>
+ </New>
+ <Call id="sslConnector" name="addConnector">
+ <Arg>
+ <New class="org.eclipse.jetty.server.ServerConnector">
+ <Arg name="server">
+ <Ref refid="ajsc-server" />
+ </Arg>
+ <Arg name="factories">
+ <Array type="org.eclipse.jetty.server.ConnectionFactory">
+ <Item>
+ <New class="org.eclipse.jetty.server.SslConnectionFactory">
+ <Arg name="next">http/1.1</Arg>
+ <Arg name="sslContextFactory">
+ <Ref refid="sslContextFactory" />
+ </Arg>
+ </New>
+ </Item>
+ <Item>
+ <New class="org.eclipse.jetty.server.HttpConnectionFactory">
+ <Arg name="config">
+ <New class="org.eclipse.jetty.server.HttpConfiguration">
+ <Call name="addCustomizer">
+ <Arg>
+ <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
+ </Arg>
+ </Call>
+ </New>
+ </Arg>
+ </New>
+ </Item>
+ </Array>
+ </Arg>
+ <Set name="port"><SystemProperty name="AJSC_HTTPS_PORT" default="0" /></Set>
+ <Set name="idleTimeout">30000</Set>
+ </New>
+ </Arg>
+ </Call>
+
+
+ <Get name="ThreadPool">
+ <Set name="minThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MIN" /></Set>
+ <Set name="maxThreads"><SystemProperty name="AJSC_JETTY_ThreadCount_MAX" /></Set>
+ <Set name="idleTimeout"><SystemProperty name="AJSC_JETTY_IDLETIME_MAX" /></Set>
+ <Set name="detailedDump">false</Set>
+ </Get>
+
+</Configure>
--- /dev/null
+aaf_locate_url=https://aaf-locate.onap:8095
+aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1
+aaf_env=DEV
+aaf_lur=org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm
+
+cadi_truststore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.trust.jks
+cadi_truststore_password=${TRUSTSTORE_PASSWORD}
+
+cadi_keyfile={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.keyfile
+
+cadi_alias={{ .Values.certInitializer.fqi }}
+cadi_keystore={{ .Values.certInitializer.appMountPath }}/local/{{ .Values.certInitializer.fqi_namespace }}.p12
+cadi_keystore_password=${KEYSTORE_PASSWORD_P12}
+cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US
+
+cadi_loglevel=INFO
+cadi_protocols=TLSv1.1,TLSv1.2
+cadi_latitude=37.78187
+cadi_longitude=-122.26147
--- /dev/null
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--{{/*
+ ============LICENSE_START=======================================================
+ org.onap.dmaap
+ ================================================================================
+ Copyright c 2017 AT&T Intellectual Property. All rights reserved.
+ Copyright c 2021 Orange Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+
+ ECOMP is a trademark and service mark of AT&T Intellectual Property.*/}}
+-->
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" metadata-complete="false" version="3.0">
+
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/spring-servlet.xml,
+ classpath:applicationContext.xml
+</param-value>
+ </context-param>
+
+ <context-param>
+ <param-name>spring.profiles.default</param-name>
+ <param-value>nooauth</param-value>
+ </context-param>
+
+ <listener>
+ <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+ </listener>
+
+ <servlet>
+ <servlet-name>ManagementServlet</servlet-name>
+ <servlet-class>ajsc.ManagementServlet</servlet-class>
+ </servlet>
+
+ <filter>
+ <filter-name>WriteableRequestFilter</filter-name>
+ <filter-class>com.att.ajsc.csi.writeablerequestfilter.WriteableRequestFilter</filter-class>
+ </filter>
+
+ <filter>
+ <filter-name>InterceptorFilter</filter-name>
+ <filter-class>ajsc.filters.InterceptorFilter</filter-class>
+ <init-param>
+ <param-name>preProcessor_interceptor_config_file</param-name>
+ <param-value>/etc/PreProcessorInterceptors.properties</param-value>
+ </init-param>
+ <init-param>
+ <param-name>postProcessor_interceptor_config_file</param-name>
+ <param-value>/etc/PostProcessorInterceptors.properties</param-value>
+ </init-param>
+
+ </filter>
+
+ <!-- Content length filter for Msgrtr -->
+ <filter>
+ <display-name>DMaaPAuthFilter</display-name>
+ <filter-name>DMaaPAuthFilter</filter-name>
+ <filter-class>org.onap.dmaap.util.DMaaPAuthFilter</filter-class>
+ <init-param>
+ <param-name>cadi_prop_files</param-name>
+ <param-value>{{.Values.certInitializer.appMountPath}}/local/cadi.properties</param-value>
+ </init-param>
+ </filter>
+
+ <!-- End Content length filter for Msgrtr -->
+ <servlet>
+ <servlet-name>RestletServlet</servlet-name>
+ <servlet-class>ajsc.restlet.RestletSpringServlet</servlet-class>
+ <init-param>
+ <param-name>org.restlet.component</param-name>
+ <param-value>restletComponent</param-value>
+ </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name>CamelServlet</servlet-name>
+ <servlet-class>ajsc.servlet.AjscCamelServlet</servlet-class>
+ </servlet>
+
+
+ <filter>
+ <filter-name>springSecurityFilterChain</filter-name>
+ <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+ </filter>
+
+ <servlet>
+ <servlet-name>spring</servlet-name>
+ <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+ <load-on-startup>1</load-on-startup>
+ </servlet>
+
+ <servlet-mapping>
+ <servlet-name>spring</servlet-name>
+ <url-pattern>/</url-pattern>
+ </servlet-mapping>
+
+</web-app>
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
+ name: {{ include "common.fullname" . }}-logback-xml-configmap
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/cadi.properties").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-logback-xml-configmap
+ name: {{ include "common.fullname" . }}-etc
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
release: {{ include "common.release" . }}
heritage: {{ .Release.Service }}
data:
-{{ tpl (.Files.Glob "resources/config/dmaap/logback.xml").AsConfig . | indent 2 }}
+{{ tpl (.Files.Glob "resources/config/etc/*").AsConfig . | indent 2 }}
---
-
apiVersion: v1
kind: ConfigMap
metadata:
data:
{{ tpl (.Files.Glob "resources/topics/*.json").AsConfig . | indent 2 }}
---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "common.fullname" . }}-sys-props
+ namespace: {{ include "common.namespace" . }}
+ labels:
+ app: {{ include "common.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ include "common.release" . }}
+ heritage: {{ .Release.Service }}
+data:
+{{ tpl (.Files.Glob "resources/config/dmaap/sys-props.properties").AsConfig . | indent 2 }}
+---
{{- if .Values.prometheus.jmx.enabled }}
apiVersion: v1
kind: ConfigMap
{{ tpl (.Files.Glob "resources/config/dmaap/jmx-mrservice-prometheus.yml").AsConfig . | indent 2 }}
---
{{ end }}
-
-
image: {{ include "repositoryGenerator.image.readiness" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
name: {{ include "common.name" . }}-readiness
+ {{ include "common.certInitializer.initContainer" . | indent 6 | trim }}
+ {{- if .Values.global.aafEnabled }}
+ - name: {{ include "common.name" . }}-update-config
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ export $(cat {{ .Values.certInitializer.appMountPath }}/local/mycreds.prop | xargs -0);
+ cd /config-input && for PFILE in `ls -1 .`; do envsubst <${PFILE} >/config/${PFILE}; done
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - mountPath: /config
+ name: jetty
+ - mountPath: /config-input
+ name: etc
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- end }}
containers:
{{- if .Values.prometheus.jmx.enabled }}
- name: prometheus-jmx-exporter
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ {{- if .Values.global.aafEnabled }}
+ command:
+ - sh
+ args:
+ - -c
+ - |
+ cp /jetty-config/ajsc-jetty.xml /appl/dmaapMR1/etc/
+ cp /jetty-config/cadi.properties {{ .Values.certInitializer.appMountPath }}/local/cadi.properties
+ /bin/sh /appl/startup.sh
+ {{- end }}
ports: {{ include "common.containerPorts" . | nindent 10 }}
{{- if eq .Values.liveness.enabled true }}
livenessProbe:
env:
- name: enableCadi
value: "{{ .Values.global.aafEnabled }}"
- volumeMounts:
+ volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
readOnly: true
- mountPath: /appl/dmaapMR1/bundleconfig/etc/logback.xml
subPath: logback.xml
name: logback
- - mountPath: /appl/dmaapMR1/etc/cadi.properties
- subPath: cadi.properties
- name: cadi
- mountPath: /appl/dmaapMR1/etc/keyfile
subPath: mykey
name: mykey
+ - mountPath: /appl/dmaapMR1/etc/runner-web.xml
+ subPath: runner-web.xml
+ name: etc
+ - mountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops/sys-props.properties
+ subPath: sys-props.properties
+ name: sys-props
+ - mountPath: /jetty-config
+ name: jetty
resources: {{ include "common.resources" . | nindent 12 }}
- volumes:
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 8 }}
- name: localtime
hostPath:
path: /etc/localtime
- name: appprops
configMap:
name: {{ include "common.fullname" . }}-msgrtrapi-prop-configmap
+ - name: etc
+ configMap:
+ name: {{ include "common.fullname" . }}-etc
- name: logback
configMap:
name: {{ include "common.fullname" . }}-logback-xml-configmap
- - name: cadi
- configMap:
- name: {{ include "common.fullname" . }}-cadi-prop-configmap
{{- if .Values.prometheus.jmx.enabled }}
- name: jmx-config
configMap:
- name: mykey
secret:
secretName: {{ include "common.fullname" . }}-secret
+ - name: sys-props
+ configMap:
+ name: {{ include "common.fullname" . }}-sys-props
+ - name: jetty
+ emptyDir: {}
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
global:
nodePortPrefix: 302
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: dmaap-mr-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: dmaap-mr
+ fqi: dmaapmr@mr.dmaap.onap.org
+ public_fqdn: mr.dmaap.onap.org
+ cadi_longitude: "-122.26147"
+ cadi_latitude: "37.78187"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ appMountPath: /appl/dmaapMR1/bundleconfig/etc/sysprops
+ fqi_namespace: org.onap.dmaap.mr
+ aaf_add_config: |
+ cd {{ .Values.credsPath }}
+ echo "*** change jks password into shell safe one"
+ export KEYSTORE_PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ keytool -storepasswd -new "${KEYSTORE_PASSWD}" \
+ -storepass "${cadi_keystore_password_jks}" \
+ -keystore {{ .Values.fqi_namespace }}.jks
+ echo "*** set key password as same password as jks keystore password"
+ keytool -keypasswd -new "${KEYSTORE_PASSWD}" \
+ -keystore {{ .Values.fqi_namespace }}.jks \
+ -keypass "${cadi_keystore_password_jks}" \
+ -storepass "${KEYSTORE_PASSWD}" -alias {{ .Values.fqi }}
+ echo "*** store the passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWD}" > mycreds.prop
+ echo "KEYSTORE_PASSWORD_P12=${cadi_keystore_password_p12}" >> mycreds.prop
+ echo "TRUSTSTORE_PASSWORD=${cadi_truststore_password}" >> mycreds.prop
+ echo "*** give ownership of files to the user"
+ chown -R 1000 .
+
#################################################################
# Application configuration defaults.
#################################################################
# application image
-image: onap/dmaap/dmaap-mr:1.1.18
+image: onap/dmaap/dmaap-mr:1.1.20
pullPolicy: Always
kafka:
for index in "${!SUBCHART_NAMES[@]}"; do
START=${SUBCHART_NAMES[index]}
END=${SUBCHART_NAMES[index+1]}
- if [[ $START == "global:" ]]; then
+ if [[ $START = "global:" ]]; then
echo "global:" > $GLOBAL_OVERRIDES
cat $COMPUTED_OVERRIDES | sed '/common:/,/consul:/d' \
| sed -n '/^'"$START"'/,/'log:'/p' | sed '1d;$d' >> $GLOBAL_OVERRIDES
n=${#flags[*]}
for (( i = 0; i < n; i++ )); do
PARAM=${flags[i]}
- if [[ $PARAM == "-f" || \
- $PARAM == "--values" || \
- $PARAM == "--set" || \
- $PARAM == "--set-string" || \
- $PARAM == "--version" ]]; then
+ if [[ $PARAM = "-f" || \
+ $PARAM = "--values" || \
+ $PARAM = "--set" || \
+ $PARAM = "--set-string" || \
+ $PARAM = "--version" ]]; then
# skip param and its value
i=$((i + 1))
else
FLAGS=${@:3}
CHART_REPO="$(cut -d'/' -f1 <<<"$CHART_URL")"
CHART_NAME="$(cut -d'/' -f2 <<<"$CHART_URL")"
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
CACHE_DIR=~/.local/share/helm/plugins/deploy/cache
else
CACHE_DIR=~/.helm/plugins/deploy/cache
SUBCHART_RELEASE="$(cut -d'-' -f2 <<<"$RELEASE")"
# update specified subchart without parent
RELEASE="$(cut -d'-' -f1 <<<"$RELEASE")"
- if [[ $SUBCHART_RELEASE == $RELEASE ]]; then
+ if [[ $SUBCHART_RELEASE = $RELEASE ]]; then
SUBCHART_RELEASE=
fi
helm upgrade -i $RELEASE $CHART_DIR $DEPLOY_FLAGS -f $COMPUTED_OVERRIDES \
> $LOG_FILE.log 2>&1
- if [[ $VERBOSE == "true" ]]; then
+ if [[ $VERBOSE = "true" ]]; then
cat $LOG_FILE
else
echo "release \"$RELEASE\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED == "true" ]]; then
+ if [[ $SET_LAST_APPLIED = "true" ]]; then
helm get manifest ${RELEASE} \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
fi
if [[ $SUBCHART_ENABLED -eq 1 ]]; then
- if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE == "$subchart" ]]; then
+ if [[ -z "$SUBCHART_RELEASE" || $SUBCHART_RELEASE = "$subchart" ]]; then
LOG_FILE=$LOG_DIR/"${RELEASE}-${subchart}".log
:> $LOG_FILE
$DEPLOY_FLAGS -f $GLOBAL_OVERRIDES -f $SUBCHART_OVERRIDES \
> $LOG_FILE 2>&1
- if [[ $VERBOSE == "true" ]]; then
+ if [[ $VERBOSE = "true" ]]; then
cat $LOG_FILE
else
echo "release \"${RELEASE}-${subchart}\" deployed"
fi
# Add annotation last-applied-configuration if set-last-applied flag is set
- if [[ $SET_LAST_APPLIED == "true" ]]; then
+ if [[ $SET_LAST_APPLIED = "true" ]]; then
helm get manifest "${RELEASE}-${subchart}" \
| kubectl apply set-last-applied --create-annotation -n onap -f - \
> $LOG_FILE.log 2>&1
fi
fi
- if [[ $DELAY == "true" ]]; then
+ if [[ $DELAY = "true" ]]; then
echo sleep 3m
sleep 3m
fi
array=($(echo "$ALL_HELM_RELEASES" | grep "${RELEASE}-${subchart}"))
n=${#array[*]}
for (( i = n-1; i >= 0; i-- )); do
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
helm del "${array[i]}"
else
helm del "${array[i]}" --purge
done
# report on success/failures of installs/upgrades
- if [[ $HELM_VER == "v3."* ]]; then
+ if [[ $HELM_VER = "v3."* ]]; then
helm ls --all-namespaces | grep -i FAILED | grep $RELEASE
else
helm ls | grep FAILED | grep $RELEASE
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2021 ZTE
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# limitations under the License.
apiVersion: v1
-description: ONAP multicloud Azure plugin
-name: multicloud-azure
+description: ONAP DCAE HOLMES
+name: holmes
version: 8.0.0
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES := dist resources templates charts docker
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+ROOT_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
+OUTPUT_DIR := $(ROOT_DIR)/../../dist
+PACKAGE_DIR := $(OUTPUT_DIR)/packages
+SECRET_DIR := $(OUTPUT_DIR)/secrets
+
+EXCLUDES :=
+HELM_BIN := helm
+HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.))))
+
+.PHONY: $(EXCLUDES) $(HELM_CHARTS)
+
+all: $(HELM_CHARTS)
+
+$(HELM_CHARTS):
+ @echo "\n[$@]"
+ @make package-$@
+
+make-%:
+ @if [ -f $*/Makefile ]; then make -C $*; fi
+
+dep-%: make-%
+ @if [ -f $*/requirements.yaml ]; then $(HELM_BIN) dep up $*; fi
+
+lint-%: dep-%
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) lint $*; fi
+
+package-%: lint-%
+ @mkdir -p $(PACKAGE_DIR)
+ @if [ -f $*/Chart.yaml ]; then $(HELM_BIN) package -d $(PACKAGE_DIR) $*; fi
+ @$(HELM_BIN) repo index $(PACKAGE_DIR)
+
+clean:
+ @rm -f */requirements.lock
+ @rm -f *tgz */charts/*tgz
+ @rm -rf $(PACKAGE_DIR)
+%:
+ @:
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: Holmes Engine Management
+name: holmes-engine-mgmt
+version: 8.0.0
-# Copyright © 2017 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{
+ "services_calls": {},
+ "streams_publishes": {
+ "dcae_cl_out": {
+ "dmaap_info": {
+ "topic_url": "http://message-router.onap:3904/events/unauthenticated.DCAE_CL_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ },
+ "streams_subscribes": {
+ "ves_fault": {
+ "dmaap_info": {
+ "topic_url": "http://message-router.onap:3904/events/unauthenticated.SEC_FAULT_OUTPUT"
+ },
+ "type": "message_router"
+ }
+ }
+}
--- /dev/null
+#
+# Copyright 2017 ZTE Corporation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+server:
+ type: simple
+ rootPath: '/api/holmes-engine-mgmt/v1/*'
+ applicationContextPath: /
+ adminContextPath: /admin
+ connector:
+ type: https
+ port: 9102
+ keyStorePath: /opt/onap/conf/holmes.keystore
+ keyStorePassword: holmes
+ validateCerts: false
+ validatePeers: false
+
+
+# Logging settings.
+logging:
+
+ # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
+ level: ALL
+
+ # Logger-specific levels.
+ loggers:
+
+ # Sets the level for 'com.example.app' to DEBUG.
+ org.onap.holmes.engine: ALL
+
+ appenders:
+ - type: console
+ threshold: ALL
+ timeZone: UTC
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ - type: file
+ threshold: ERROR
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/engine-d-error.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-error-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+ - type: file
+ threshold: DEBUG
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/engine-d-debug.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/engine-d-debug-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+
+
+database:
+ driverClass: org.postgresql.Driver
+ user: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ properties:
+ charSet: UTF-8
+ maxWaitForConnection: 1s
+ validationQuery: "/* MyService Health Check */ SELECT 1"
+ minSize: 8
+ maxSize: 100
+ checkConnectionWhileIdle: false
+ evictionInterval: 10s
+ minIdleTime: 1s
--- /dev/null
+--
+-- Copyright 2017 ZTE Corporation.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+\c postgres
+
+/******************CREATE NEW DATABASE AND USER***************************/
+CREATE DATABASE ${DB_NAME};
+
+CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN;
+
+\encoding UTF8;
+
+/******************DELETE OLD TABLE AND CREATE NEW***************************/
+\c ${DB_NAME};
+
+DROP TABLE IF EXISTS ALARM_INFO;
+
+CREATE TABLE ALARM_INFO (
+ EVENTID VARCHAR(150) NOT NULL,
+ EVENTNAME VARCHAR(150) NOT NULL,
+ ALARMISCLEARED SMALLINT NOT NULL,
+ ROOTFLAG SMALLINT NOT NULL,
+ STARTEPOCHMICROSEC BIGINT NOT NULL,
+ LASTEPOCHMICROSEC BIGINT NOT NULL,
+ SOURCEID VARCHAR(150) NOT NULL,
+ SOURCENAME VARCHAR(150) NOT NULL,
+ PRIMARY KEY (EVENTID)
+);
+
+CREATE TABLE IF NOT EXISTS ENGINE_ENTITY (
+ ID VARCHAR(150) NOT NULL,
+ IP VARCHAR(128) NOT NULL,
+ PORT SMALLINT NOT NULL,
+ LASTMODIFIED BIGINT NOT NULL,
+ PRIMARY KEY (ID)
+);
+
+GRANT ALL PRIVILEGES ON ALARM_INFO TO ${JDBC_USERNAME};
+GRANT ALL PRIVILEGES ON ENGINE_ENTITY TO ${JDBC_USERNAME};
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - holmes-engine-mgmt|/hemconfig/cfy.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /hemconfig
+ name: {{ include "common.fullname" . }}-config
+ - name: {{ include "common.name" . }}-env-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /hemconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done"
+ env:
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumeMounts:
+ - mountPath: /hemconfig
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-env-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ resources: {{ include "common.resources" . | nindent 10 }}
+ ports: {{ include "common.containerPorts" . | nindent 10 }}
+ volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-env-config
+ mountPath: /opt/hemconfig
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ scheme: {{ .Values.liveness.scheme }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ failureThreshold: 1
+ successThreshold: 1
+ timeoutSeconds: 1
+ env:
+ - name: CONSUL_HOST
+ value: consul-server.{{ include "common.namespace" . }}
+ - name: CONFIG_BINDING_SERVICE
+ value: config-binding-service
+ - name: msb_hostname
+ value: "msb-iag.onap"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ defaultMode: 422
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-env-config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
{{/*
#============LICENSE_START========================================================
-#=================================================================================
-# Copyright (c) 2017-2018 AT&T Intellectual Property. All rights reserved.
-# Modifications Copyright © 2018 Amdocs, Bell Canada
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
*/}}
-{
-{{ if .Values.componentImages.holmes_rules }}
- "hr_image" : '{{ include "repositoryGenerator.repository" . }}/{{ .Values.componentImages.holmes_rules }}',
-{{ end }}
-
- "msb_hostname": "{{ .Values.config.address.msb_iag }}.{{include "common.namespace" . }}",
- "pgaas_cluster_name" : "{{ .Values.postgres.service.name2 }}.{{include "common.namespace" . }}",
- "database_name":"holmes"
-}
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefixExt: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/holmes/engine-management:1.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: holmes-engine-mgmt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: holmes-engine-mgmt
+ fqi: holmes-engine-mgmt@holmes-engine-mgmt.onap.org
+ fqi_namespace: org.onap.holmes-engine-mgmt
+ public_fqdn: holmes-engine-mgmt.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- uid: pg-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}'
+ login: '{{ .Values.config.pgConfig.dbUser }}'
+ password: '{{ .Values.config.pgConfig.dbUserPassword }}'
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # Addresses of other ONAP entities
+ address:
+ consul:
+ host: consul-server
+ port: 8500
+ pgConfig:
+ dbName: defaultName
+ dbHost: defaultHost
+ dbPort: 1234
+ dbUser: admin
+ dbUserPassword: admin
+ # dbUserCredsExternalSecret
+
+service:
+ type: ClusterIP
+ name: holmes-engine-mgmt
+ ports:
+ - name: https-rest
+ port: &svc_port 9102
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ path: /api/holmes-engine-mgmt/v1/healthcheck
+ scheme: HTTPS
+ port: *svc_port
+ enabled: true
+
+readiness:
+ initialDelaySeconds: 30
+ periodSeconds: 30
+ path: /api/holmes-engine-mgmt/v1/healthcheck
+ scheme: HTTPS
+ port: *svc_port
+
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 500m
+ memory: 1Gi
+ requests:
+ cpu: 250m
+ memory: 500Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 2Gi
+ requests:
+ cpu: 250m
+ memory: 1Gi
+ unlimited: {}
--- /dev/null
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- /dev/null
+apiVersion: v1
+appVersion: "1.0"
+description: Holmes Rule Management
+name: holmes-rule-mgmt
+version: 8.0.0
--- /dev/null
+# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: certInitializer
+ version: ~8.x-0
+ repository: '@local'
--- /dev/null
+{
+ "holmes.default.rule.volte.scenario1": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b$$$package org.onap.holmes.droolsRule;\n\nimport org.onap.holmes.common.dmaap.DmaapService;\nimport org.onap.holmes.common.api.stat.VesAlarm;\nimport org.onap.holmes.common.aai.CorrelationUtil;\nimport org.onap.holmes.common.dmaap.entity.PolicyMsg;\nimport org.onap.holmes.common.dropwizard.ioc.utils.ServiceLocatorHolder;\nimport org.onap.holmes.common.utils.DroolsLog;\n \n\nrule \"Relation_analysis_Rule\"\nsalience 200\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0,\n $sourceId: sourceId, sourceId != null && !sourceId.equals(\"\"),\n\t\t\t$sourceName: sourceName, sourceName != null && !sourceName.equals(\"\"),\n\t\t\t$startEpochMicrosec: startEpochMicrosec,\n eventName in (\"Fault_MultiCloud_VMFailure\"),\n $eventId: eventId)\n $child : VesAlarm( eventId != $eventId, parentId == null,\n CorrelationUtil.getInstance().isTopologicallyRelated(sourceId, $sourceId, $sourceName),\n eventName in (\"Fault_MME_eNodeB out of service alarm\"),\n startEpochMicrosec < $startEpochMicrosec + 60000 && startEpochMicrosec > $startEpochMicrosec - 60000 )\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"Relation_analysis_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\t$child.setParentId($root.getEventId());\n\t\tupdate($child);\n\t\t\nend\n\nrule \"root_has_child_handle_Rule\"\nsalience 150\nno-loop true\n\twhen\n\t\t$root : VesAlarm(alarmIsCleared == 0, rootFlag == 0, $eventId: eventId)\n\t\t$child : VesAlarm(eventId != $eventId, parentId == $eventId)\n\tthen\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_has_child_handle_Rule: rootId=\" + $root.getEventId() + \", childId=\" + $child.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, $child, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_no_child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 0, rootFlag == 0,\n sourceId != null && !sourceId.equals(\"\"),\n\t\t\tsourceName != null && !sourceName.equals(\"\"),\n eventName in (\"Fault_MultiCloud_VMFailure\"))\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_no_child_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\t$root.setRootFlag(1);\n\t\tupdate($root);\nend\n\nrule \"root_cleared_handle_Rule\"\nsalience 100\nno-loop true\n when\n $root : VesAlarm(alarmIsCleared == 1, rootFlag == 1)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"root_cleared_handle_Rule: rootId=\" + $root.getEventId());\n\t\tDmaapService dmaapService = ServiceLocatorHolder.getLocator().getService(DmaapService.class);\n\t\tPolicyMsg policyMsg = dmaapService.getPolicyMsg($root, null, \"org.onap.holmes.droolsRule\");\n dmaapService.publishPolicyMsg(policyMsg, \"dcae_cl_out\");\n\t\tretract($root);\nend\n\nrule \"child_handle_Rule\"\nsalience 100\nno-loop true\n when\n $child : VesAlarm(alarmIsCleared == 1, rootFlag == 0)\n then\n\t\tDroolsLog.printInfo(\"===========================================================\");\n\t\tDroolsLog.printInfo(\"child_handle_Rule: childId=\" + $child.getEventId());\n\t\tretract($child);\nend",
+ "services_calls": {},
+ "streams_publishes": {},
+ "streams_subscribes": {}
+}
--- /dev/null
+--
+-- Copyright 2017 ZTE Corporation.
+--
+-- Licensed under the Apache License, Version 2.0 (the "License");
+-- you may not use this file except in compliance with the License.
+-- You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+\c postgres
+
+/******************CREATE NEW DATABASE AND USER***************************/
+CREATE DATABASE ${DB_NAME};
+
+CREATE ROLE ${JDBC_USERNAME} with PASSWORD '${JDBC_PASSWORD}' LOGIN;
+
+\encoding UTF8;
+
+/******************DELETE OLD TABLE AND CREATE NEW***************************/
+\c ${DB_NAME};
+
+CREATE TABLE IF NOT EXISTS APLUS_RULE (
+ RID VARCHAR(30) NOT NULL,
+ NAME VARCHAR(150) NOT NULL,
+ CTRLLOOP VARCHAR(150) NOT NULL,
+ DESCRIPTION VARCHAR(4000) NULL,
+ ENABLE SMALLINT NOT NULL,
+ TEMPLATEID BIGINT NOT NULL,
+ ENGINEID VARCHAR(20) NOT NULL,
+ ENGINETYPE VARCHAR(20) NOT NULL,
+ CREATOR VARCHAR(20) NOT NULL,
+ CREATETIME TIMESTAMP NOT NULL,
+ UPDATOR VARCHAR(20) NULL,
+ UPDATETIME TIMESTAMP NULL,
+ PARAMS VARCHAR(4000) NULL,
+ CONTENT VARCHAR(20000) NOT NULL,
+ VENDOR VARCHAR(100) NOT NULL,
+ ENGINEINSTANCE VARCHAR(100) NOT NULL,
+ PACKAGE VARCHAR(255) NULL,
+ PRIMARY KEY (RID),
+ UNIQUE (NAME)
+);
+
+CREATE INDEX IDX_APLUS_RULE_NAME ON APLUS_RULE (NAME);
+CREATE INDEX IDX_APLUS_RULE_CTRLLOOP ON APLUS_RULE (CTRLLOOP);
+CREATE INDEX IDX_APLUS_RULE_ENABLE ON APLUS_RULE (ENABLE);
+CREATE INDEX IDX_APLUS_RULE_TEMPLATEID ON APLUS_RULE (TEMPLATEID);
+CREATE INDEX IDX_APLUS_RULE_ENGINEID ON APLUS_RULE (ENGINEID);
+CREATE INDEX IDX_APLUS_RULE_ENGINETYPE ON APLUS_RULE (ENGINETYPE);
+
+GRANT ALL PRIVILEGES ON APLUS_RULE TO ${JDBC_USERNAME};
--- /dev/null
+apidescription: ZTE Holmes rule Management rest API
+
+# use the simple server factory if you only want to run on a single port
+#server:
+# type: simple
+# connector:
+# type: http
+# port: 12003
+
+server:
+ type: simple
+ rootPath: '/api/holmes-rule-mgmt/v1/*'
+ applicationContextPath: /
+ adminContextPath: /admin
+ connector:
+ type: https
+ port: 9101
+ keyStorePath: /opt/onap/conf/holmes.keystore
+ keyStorePassword: holmes
+ validateCerts: false
+ validatePeers: false
+
+# Logging settings.
+logging:
+
+ # The default level of all loggers. Can be OFF, ERROR, WARN, INFO, DEBUG, TRACE, or ALL.
+ level: ALL
+
+ # Logger-specific levels.
+ loggers:
+
+ # Sets the level for 'com.example.app' to DEBUG.
+ org.onap.holmes.rulemgt: ALL
+
+ appenders:
+ - type: console
+ threshold: ALL
+ timeZone: UTC
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ - type: file
+ threshold: ERROR
+ #logFormat: "%nopexception%logger\n|%date{yyyy-MM-dd'T'HH:mm:ss.SSSXXX,UTC}\n|%level\n|%message\n|%X{InvocationID}\n|%rootException\n|%marker\n|%thread\n|%n \r\n"
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-error.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-error-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+ - type: file
+ threshold: DEBUG
+ logFormat: "%d{yyyy-MM-dd HH:mm:ss SSS} %-5p [%c][%t] invocationID:{InvocationID} - %m%n"
+ currentLogFilename: /var/log/ONAP/holmes/rulemgt-relation-debug.log
+ archivedLogFilenamePattern: /var/log/ONAP/holmes/zip/rulemgt-relation-debug-%d{yyyy-MM-dd}.log.gz
+ archivedFileCount: 7
+
+#database
+database:
+ driverClass: org.postgresql.Driver
+ user: ${JDBC_USERNAME}
+ password: ${JDBC_PASSWORD}
+ url: jdbc:postgresql://${URL_JDBC}:${DB_PORT}/${DB_NAME}
+ properties:
+ charSet: UTF-8
+ maxWaitForConnection: 1s
+ validationQuery: "/* MyService Health Check */ SELECT 1"
+ minSize: 8
+ maxSize: 100
+ checkConnectionWhileIdle: false
+ evictionInterval: 10s
+ minIdleTime: 1s
--- /dev/null
+{{/*
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2019 AT&T
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ConfigMap
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+data: {{ tpl (.Files.Glob "resources/config/*").AsConfig . | nindent 2 }}
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+apiVersion: apps/v1
+kind: Deployment
+metadata: {{- include "common.resourceMetadata" . | nindent 2 }}
+spec:
+ replicas: 1
+ selector: {{- include "common.selectors" . | nindent 4 }}
+ template:
+ metadata: {{- include "common.templateMetadata" . | nindent 6 }}
+ spec:
+ initContainers: {{- include "common.certInitializer.initContainer" . | nindent 6 }}
+ - name: init-consul
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.consulLoaderImage }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ args:
+ - --key
+ - holmes-rule-mgmt|/hrmconfigs/cfy.json
+ resources: {}
+ volumeMounts:
+ - mountPath: /hrmconfigs
+ name: {{ include "common.fullname" . }}-config
+ - name: {{ include "common.name" . }}-env-config
+ image: {{ include "repositoryGenerator.image.envsubst" . }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ command:
+ - sh
+ args:
+ - -c
+ - "cd /hrmconfig && for PFILE in `find . -type f -not -name '*.json'`; do envsubst < ${PFILE} > /config/${PFILE##*/}; done"
+ env:
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumeMounts:
+ - mountPath: /hrmconfig
+ name: {{ include "common.fullname" . }}-config
+ - mountPath: /config
+ name: {{ include "common.fullname" . }}-env-config
+ containers:
+ - name: {{ include "common.name" . }}
+ image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
+ imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+ ports: {{ include "common.containerPorts" . | nindent 8 }}
+ volumeMounts: {{- include "common.certInitializer.volumeMount" . | nindent 8 }}
+ - name: {{ include "common.fullname" . }}-env-config
+ mountPath: /opt/hrmconfig
+ # disable liveness probe when breakpoints set in debugger
+ # so K8s doesn't restart unresponsive container
+ {{- if eq .Values.liveness.enabled true }}
+ livenessProbe:
+ httpGet:
+ path: {{ .Values.liveness.path }}
+ port: {{ .Values.liveness.port }}
+ scheme: {{ .Values.liveness.scheme }}
+ initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.liveness.periodSeconds }}
+ {{- end }}
+ readinessProbe:
+ httpGet:
+ path: {{ .Values.readiness.path }}
+ port: {{ .Values.readiness.port }}
+ scheme: {{ .Values.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readiness.periodSeconds }}
+ failureThreshold: 1
+ successThreshold: 1
+ timeoutSeconds: 1
+ env:
+ - name: CONSUL_HOST
+ value: consul-server.{{ include "common.namespace" . }}
+ - name: CONFIG_BINDING_SERVICE
+ value: config-binding-service
+ - name: msb_hostname
+ value: "msb-iag.onap"
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: status.podIP
+ - name: PGPASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: JDBC_USERNAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+ - name: JDBC_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+ - name: DB_NAME
+ value: {{ .Values.config.pgConfig.dbName }}
+ - name: URL_JDBC
+ value: {{ .Values.config.pgConfig.dbHost }}
+ - name: DB_PORT
+ value: "{{ .Values.config.pgConfig.dbPort }}"
+ volumes: {{ include "common.certInitializer.volumes" . | nindent 6 }}
+ - name: {{ include "common.fullname" . }}-config
+ configMap:
+ defaultMode: 422
+ name: {{ include "common.fullname" . }}
+ - name: {{ include "common.fullname" . }}-env-config
+ emptyDir:
+ medium: Memory
+ imagePullSecrets:
+ - name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+*/}}
+
+{{ include "common.service" . }}
--- /dev/null
+#============LICENSE_START========================================================
+# ================================================================================
+# Copyright (c) 2021 ZTE Corporation Intellectual Property. All rights reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+#################################################################
+# Global configuration.
+#################################################################
+global:
+ nodePortPrefixExt: 302
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+# application image
+image: onap/holmes/rule-management:1.3.3
+consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+#################################################################
+# AAF part
+#################################################################
+certInitializer:
+ nameOverride: holmes-rule-mgmt-cert-initializer
+ aafDeployFqi: deployer@people.osaaf.org
+ aafDeployPass: demo123456!
+ # aafDeployCredsExternalSecret: some secret
+ fqdn: holmes-rule-mgmt
+ fqi: holmes-rule-mgmt@holmes-rule-mgmt.onap.org
+ fqi_namespace: org.onap.holmes-rule-mgmt
+ public_fqdn: holmes-rule-mgmt.onap.org
+ cadi_longitude: "0.0"
+ cadi_latitude: "0.0"
+ app_ns: org.osaaf.aaf
+ credsPath: /opt/app/osaaf/local
+ aaf_add_config: |
+ echo "*** changing them into shell safe ones"
+ export KEYSTORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ export TRUSTSORE_PASSWORD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w64 | head -n1)
+ cd {{ .Values.credsPath }}
+ keytool -storepasswd -new "${KEYSTORE_PASSWORD}" \
+ -storepass "${cadi_keystore_password_p12}" \
+ -keystore {{ .Values.fqi_namespace }}.p12
+ keytool -storepasswd -new "${TRUSTSORE_PASSWORD}" \
+ -storepass "${cadi_truststore_password}" \
+ -keystore {{ .Values.fqi_namespace }}.trust.jks
+ echo "*** save the generated passwords"
+ echo "KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD}" > mycreds.prop
+ echo "TRUSTSORE_PASSWORD=${TRUSTSORE_PASSWORD}" >> mycreds.prop
+ echo "*** change ownership of certificates to targeted user"
+ chown -R 1000 .
+
+#################################################################
+# Secrets metaconfig
+#################################################################
+secrets:
+- uid: pg-user-creds
+ type: basicAuth
+ externalSecret: '{{ tpl (default "" .Values.config.pgConfig.dbUserCredsExternalSecret) . }}'
+ login: '{{ .Values.config.pgConfig.dbUser }}'
+ password: '{{ .Values.config.pgConfig.dbUserPassword }}'
+
+# application configuration
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+ # Addresses of other ONAP entities
+ address:
+ consul:
+ host: consul-server
+ port: 8500
+ pgConfig:
+ dbName: defaultName
+ dbHost: defaultHost
+ dbPort: 1234
+ dbUser: admin
+ dbUserPassword: admin
+ # dbUserCredsExternalSecret
+
+service:
+ type: NodePort
+ name: holmes-rule-mgmt
+ ports:
+ - name: https-rest
+ port: &svc_port 9101
+ nodePort: 92
+ - name: https-ui
+ port: 9104
+ nodePort: 93
+
+# probe configuration parameters
+liveness:
+ initialDelaySeconds: 10
+ port: *svc_port
+ periodSeconds: 10
+ path: /api/holmes-rule-mgmt/v1/healthcheck
+ enabled: true
+ scheme: HTTPS
+
+readiness:
+ initialDelaySeconds: 30
+ port: *svc_port
+ periodSeconds: 30
+ path: /api/holmes-rule-mgmt/v1/healthcheck
+ scheme: HTTPS
+
+# Segregation for Different environment (Small and Large)
+resources:
+ small:
+ limits:
+ cpu: 250m
+ memory: 256Mi
+ requests:
+ cpu: 250m
+ memory: 1024Mi
+ large:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 500m
+ memory: 2Gi
+ unlimited: {}
--- /dev/null
+# Copyright © 2018 Amdocs, Bell Canada , ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+dependencies:
+ - name: common
+ version: ~8.x-0
+ repository: '@local'
+ - name: repositoryGenerator
+ version: ~8.x-0
+ repository: '@local'
+ - name: postgres
+ version: ~8.x-0
+ repository: '@local'
+ - name: holmes-rule-mgmt
+ version: ~8.x-0
+ repository: 'file://components/holmes-rule-mgmt'
+ - name: holmes-engine-mgmt
+ version: ~8.x-0
+ repository: 'file://components/holmes-engine-mgmt'
--- /dev/null
+# Copyright © 2017 Amdocs, Bell Canada
+# Modifications Copyright © 2021 ZTE
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#################################################################
+# Global configuration defaults.
+#################################################################
+global:
+ nodePortPrefix: 302
+ consulLoaderImage: onap/org.onap.dcaegen2.deployments.consul-loader-container:1.0.0
+
+secrets:
+- uid: pg-root-pass
+ name: &pgRootPassSecretName '{{ include "common.release" . }}-holmes-pg-root-pass'
+ type: password
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "holmes-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+ password: '{{ .Values.postgres.config.pgRootPassword }}'
+- uid: pg-user-creds
+ name: &pgUserCredsSecretName '{{ include "common.release" . }}-holmes-pg-user-creds'
+ type: basicAuth
+ externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "holmes-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+ login: '{{ .Values.postgres.config.pgUserName }}'
+ password: '{{ .Values.postgres.config.pgUserPassword }}'
+ passwordPolicy: generate
+
+
+#################################################################
+# Application configuration defaults.
+#################################################################
+pullPolicy: IfNotPresent
+
+config:
+ logstashServiceName: log-ls
+ logstashPort: 5044
+
+# application configuration override for postgres
+postgres:
+ nameOverride: holmes-pg
+ service:
+ name: holmes-postgres
+ name2: &dbHost holmes-postgres-primary
+ name3: holmes-postgres-replica
+ container:
+ name:
+ primary: holmes-postgres-primary
+ replica: holmes-postgres-replica
+ config:
+ pgUserName: holmes
+ pgDatabase: &dbName holmes
+ pgUserExternalSecret: *pgUserCredsSecretName
+ pgRootPasswordExternalSecret: *pgRootPassSecretName
+ pgPort: &dbPort "5432"
+ persistence:
+ mountSubPath: holmes/data
+ mountInitPath: holmes
+
+holmes-engine-mgmt:
+ config:
+ pgConfig:
+ dbName: *dbName
+ dbHost: *dbHost
+ dbPort: *dbPort
+ dbUserCredsExternalSecret: *pgUserCredsSecretName
+
+holmes-rule-mgmt:
+ config:
+ pgConfig:
+ dbName: *dbName
+ dbHost: *dbHost
+ dbPort: *dbPort
+ dbUserCredsExternalSecret: *pgUserCredsSecretName
+
+# Resource Limit flavor -By Default using small
+flavor: small
+++ /dev/null
-{{/*
-# Copyright © 2018 AT&T, Amdocs, Bell Canada Intellectual Property. All rights reserved.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-version: 1
-disable_existing_loggers: False
-
-loggers:
- vio:
- handlers: [azure_handler]
- level: "DEBUG"
- propagate: False
-handlers:
- vio_handler:
- level: "DEBUG"
- class: "logging.handlers.RotatingFileHandler"
- filename: "/var/log/onap/multicloud/azure/azure.log"
- formatter: "mdcFormat"
- maxBytes: 52428800
- backupCount: 10
-formatters:
- standard:
- format: "%(asctime)s|||||%(name)s||%(thread)||%(funcName)s||%(levelname)s||%(message)s"
- mdcFormat:
- format: "%(asctime)s|||||%(name)s||%(thread)s||%(funcName)s||%(levelname)s||%(message)s||||%(mdc)s \t"
- mdcfmt: "{requestID} {invocationID} {serviceName} {serviceIP}"
- datefmt: "%Y-%m-%d %H:%M:%S"
- (): onaplogging.mdcformatter.MDCFormatter
+++ /dev/null
-# Copyright © 2018 Amdocs, AT&T, Bell Canada
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
- http://{{ . }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
- export NODE_PORT=$(kubectl get --namespace {{ include "common.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "common.name" . }})
- export NODE_IP=$(kubectl get nodes --namespace {{ include "common.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
- echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
- NOTE: It may take a few minutes for the LoadBalancer IP to be available.
- You can watch the status of by running 'kubectl get svc -w {{ include "common.name" . }}'
- export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.namespace" . }} {{ include "common.name" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
-{{- else if contains "ClusterIP" .Values.service.type }}
- export POD_NAME=$(kubectl get pods --namespace {{ include "common.namespace" . }} -l "app={{ include "common.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
- echo "Visit http://127.0.0.1:8080 to use your application"
- kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }}
-{{- end }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "common.fullname" . }}-log-configmap
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-data:
-{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }}
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: {{ include "common.fullname" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
-spec:
- replicas: {{ .Values.replicaCount }}
- selector:
- matchLabels:
- app: {{ include "common.name" . }}
- template:
- metadata:
- labels:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- name: {{ include "common.name" . }}
- annotations:
- sidecar.istio.io/inject: "{{.Values.istioSidecar}}"
- spec:
- containers:
- - env:
- - name: MSB_ADDR
- value: "{{ .Values.config.msbgateway }}"
- - name: MSB_PORT
- value: "{{ .Values.config.msbPort }}.{{ include "common.namespace" . }}"
- - name: AAI_ADDR
- value: aai.{{ include "common.namespace" . }}
- - name: AAI_PORT
- value: "{{ .Values.config.aai.port }}"
- - name: AAI_SCHEMA_VERSION
- value: "{{ .Values.config.aai.schemaVersion }}"
- - name: AAI_USERNAME
- value: "{{ .Values.config.aai.username }}"
- - name: AAI_PASSWORD
- value: "{{ .Values.config.aai.password }}"
- name: {{ include "common.name" . }}
- volumeMounts:
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /opt/multicloud_azure/multicloud_azure/pub/config/log.yml
- name: azure-logconfig
- subPath: log.yml
- resources:
-{{ toYaml (pluck .Values.flavor .Values.resources| first) | indent 12 }}
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- ports:
- - containerPort: {{ .Values.service.internalPort }}
- # disable liveness probe when breakpoints set in debugger
- # so K8s doesn't restart unresponsive container
- {{- if eq .Values.liveness.enabled true }}
- livenessProbe:
- httpGet:
- path: /api/multicloud-azure/v0/swagger.json
- port: {{ .Values.service.internalPort }}
- scheme: HTTP
- initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
- periodSeconds: {{ .Values.liveness.periodSeconds }}
- timeoutSeconds: {{ .Values.liveness.timeoutSeconds }}
- successThreshold: {{ .Values.liveness.successThreshold }}
- failureThreshold: {{ .Values.liveness.failureThreshold }}
- {{ end -}}
- # side car containers
- - image: {{ include "repositoryGenerator.image.logging" . }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- name: filebeat-onap
- volumeMounts:
- - mountPath: /usr/share/filebeat/filebeat.yml
- name: filebeat-conf
- subPath: filebeat.yml
- - mountPath: /var/log/onap
- name: azure-log
- - mountPath: /usr/share/filebeat/data
- name: azure-data-filebeat
- volumes:
- - name: azure-log
- emptyDir: {}
- - name: azure-data-filebeat
- emptyDir: {}
- - name: filebeat-conf
- configMap:
- name: multicloud-filebeat-configmap
- - name: azure-logconfig
- configMap:
- name: {{ include "common.fullname" . }}-log-configmap
- imagePullSecrets:
- - name: "{{ include "common.namespace" . }}-docker-registry-key"
- restartPolicy: Always
+++ /dev/null
-{{/*
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-# #
-# # Licensed under the Apache License, Version 2.0 (the "License");
-# # you may not use this file except in compliance with the License.
-# # You may obtain a copy of the License at
-# #
-# # http://www.apache.org/licenses/LICENSE-2.0
-# #
-# # Unless required by applicable law or agreed to in writing, software
-# # distributed under the License is distributed on an "AS IS" BASIS,
-# # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# # See the License for the specific language governing permissions and
-# # limitations under the License.
-*/}}
-
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "common.servicename" . }}
- namespace: {{ include "common.namespace" . }}
- labels:
- app: {{ include "common.name" . }}
- chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- release: {{ include "common.release" . }}
- heritage: {{ .Release.Service }}
- annotations:
- msb.onap.org/service-info: '[
- {
- "serviceName": "multicloud-azure",
- "version": "v0",
- "url": "/api/multicloud-azure/v0",
- "protocol": "REST",
- "port": "{{ .Values.service.externalPort }}",
- "visualRange": "1"
- }
- ]'
-spec:
- ports:
- {{if eq .Values.service.type "NodePort" -}}
- - name: {{ .Values.service.portName }}
- port: {{ .Values.service.externalPort }}
- nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }}
- {{- else -}}
- - port: {{ .Values.service.externalPort }}
- targetPort: {{ .Values.service.internalPort }}
- name: {{ .Values.service.portName }}
- {{- end}}
- selector:
- app: {{ include "common.name" . }}
- release: {{ include "common.release" . }}
- type: {{ .Values.service.type }}
+++ /dev/null
-# Copyright © 2018 Amdocs, Bell Canada
-# Modifications Copyright © 2018 AT&T
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-#################################################################
-# Global configuration defaults.
-#################################################################
-global:
- nodePortPrefix: 302
-
-#################################################################
-# Application configuration defaults.
-#################################################################
-# application image
-image: onap/multicloud/azure:1.2.4
-pullPolicy: Always
-
-#Istio sidecar injection policy
-istioSidecar: true
-
-# application configuration
-config:
- msbgateway: msb-iag
- msbPort: 80
- aai:
- port: 8443
- schemaVersion: v13
- username: AAI
- password: AAI
-
-# default number of instances
-replicaCount: 1
-
-nodeSelector: {}
-
-affinity: {}
-
-# probe configuration parameters
-liveness:
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 10
- successThreshold: 1
- failureThreshold: 5
- enabled: true
-
-service:
- type: ClusterIP
- portName: multicloud-azure
- externalPort: 9008
- internalPort: 9008
- nodePort: 61
-
-ingress:
- enabled: false
-
-# Resource Limit flavor -By Default using small
-flavor: small
-# Segregation for Different environment (Small and Large)
-resources:
- small:
- limits:
- cpu: 1
- memory: 4Gi
- requests:
- cpu: 10m
- memory: 1Gi
- large:
- limits:
- cpu: 2
- memory: 8Gi
- requests:
- cpu: 20m
- memory: 2Gi
# Application configuration defaults.
#################################################################
# application image
-image: onap/multicloud/k8s:0.8.0
+image: onap/multicloud/k8s:0.8.1
pullPolicy: Always
# flag to enable debugging - application support required
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
- - name: multicloud-azure
- version: ~8.x-0
- repository: 'file://components/multicloud-azure'
- condition: multicloud-azure.enabled
- name: multicloud-fcaps
version: ~8.x-0
repository: 'file://components/multicloud-fcaps'
},
"provider_plugin": "multicloud-vio"
},
- "azure": {
- "vim_type": "azure",
- "versions": {
- "1.0": {
- "version": "1.0",
- "extra_info_hint": "",
- "provider_plugin": "multicloud-azure"
- }
- },
- "provider_plugin": "multicloud-azure"
- },
"k8s": {
"vim_type": "k8s",
"versions": {
#Istio sidecar injection policy
istioSidecar: true
-multicloud-azure:
- enabled: true
multicloud-fcaps:
enabled: true
multicloud-k8s:
app_ns: org.osaaf.aaf
credsPath: /opt/app/osaaf/local
aaf_add_config: >
- /opt/app/aaf_config/bin/agent.sh;
- /opt/app/aaf_config/bin/agent.sh local showpass
- {{.Values.fqi}} {{ .Values.fqdn }} > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_keystore_password_p12=$cadi_keystore_password_p12" > {{ .Values.credsPath }}/mycreds.prop
+ echo "cadi_truststore_password=$cadi_truststore_password" >> {{ .Values.credsPath }}/mycreds.prop
aafConfig:
permission_user: 1000
version: ~8.x-0
repository: '@local'
condition: dcaemod.enabled
+ - name: holmes
+ version: ~8.x-0
+ repository: '@local'
+ condition: holmes.enabled
- name: dmaap
version: ~8.x-0
repository: '@local'
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
+holmes:
+ holmes-rule-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ holmes-engine-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
dmaap:
dmaap-bus-controller:
liveness:
initialDelaySeconds: 120
readiness:
initialDelaySeconds: 120
+holmes:
+ holmes-rule-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
+ holmes-engine-mgmt:
+ liveness:
+ initialDelaySeconds: 120
+ readiness:
+ initialDelaySeconds: 120
dmaap:
dmaap-bus-controller:
liveness:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: true
esr:
enabled: true
dcaegen2-services:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
esr:
enabled: true
dcaemod:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
esr:
enabled: true
dcaegen2-services:
enabled: true
+holmes:
+ enabled: true
dmaap:
enabled: true
log:
enabled: false
dcaegen2-services:
enabled: false
+holmes:
+ enabled: false
esr:
enabled: false
log:
cmpv2Enabled: true
CMPv2CertManagerIntegration: false
platform:
+ certificates:
+ clientSecretName: oom-cert-service-client-tls-secret
+ keystoreKeyRef: keystore.jks
+ truststoreKeyRef: truststore.jks
+ keystorePasswordSecretName: oom-cert-service-certificates-password
+ keystorePasswordSecretKey: password
+ truststorePasswordSecretName: oom-cert-service-certificates-password
+ truststorePasswordSecretKey: password
certServiceClient:
image: onap/org.onap.oom.platform.cert-service.oom-certservice-client:2.3.3
- secret:
- name: oom-cert-service-client-tls-secret
- mountPath: /etc/onap/oom/certservice/certs/
+ certificatesSecretMountPath: /etc/onap/oom/certservice/certs/
envVariables:
certPath: "/var/custom-certs"
# Certificate related
- cmpv2Organization: "Linux-Foundation"
- cmpv2OrganizationalUnit: "ONAP"
- cmpv2Location: "San-Francisco"
- cmpv2State: "California"
- cmpv2Country: "US"
- # Client configuration related
caName: "RA"
+ # Client configuration related
requestURL: "https://oom-cert-service:8443/v1/certificate/"
requestTimeout: "30000"
- keystorePath: "/etc/onap/oom/certservice/certs/certServiceClient-keystore.jks"
outputType: "P12"
- keystorePassword: "secret"
- truststorePath: "/etc/onap/oom/certservice/certs/truststore.jks"
- truststorePassword: "secret"
# Indicates offline deployment build
# Set to true if you are rendering helm charts for offline deployment
enabled: false
dcaemod:
enabled: false
+holmes:
+ enabled: false
dmaap:
enabled: false
esr:
# See the License for the specific language governing permissions and
# limitations under the License.
-->
-<included>
+<configuration>
<jmxConfigurator />
<!-- Example evaluator filter applied against console appender -->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
</logger>
<!-- logback jms appenders & loggers definition ends here -->
- <root level="DEBUG">
+ <root level="INFO">
<appender-ref ref="DEBUG" />
<appender-ref ref="STDOUT" />
</root>
-</included>
+</configuration>
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
- name: AAF_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
+ - name: VM_ARGS
+ value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-optimizer:2.3.2
+image: onap/optf-cmso-optimizer:2.3.4
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.2
+ image: onap/optf-cmso-dbinit:2.3.4
# flag to enable debugging - application support required
debugEnabled: false
# See the License for the specific language governing permissions and
# limitations under the License.
-->
-<included>
+<configuration>
<jmxConfigurator />
<!-- Example evaluator filter applied against console appender -->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
</logger>
<!-- logback jms appenders & loggers definition ends here -->
- <root level="DEBUG">
+ <root level="INFO">
<appender-ref ref="DEBUG" />
<appender-ref ref="STDOUT" />
</root>
-</included>
+</configuration>
- mountPath: /usr/share/filebeat/data
name: {{ include "common.fullname" . }}-filebeat
resources:
-{{ include "common.resources" . }}
- - name: mso-simulator
- image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.robotimage }}
- imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
- volumeMounts:
- - name: {{ include "common.fullname" . }}-config
- mountPath: /share/etc/config
- ports:
- - containerPort: 5000
- resources:
{{ include "common.resources" . }}
- name: {{ include "common.name" . }}
image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "login") | indent 10}}
- name: AAF_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cmso-aaf-creds" "key" "password") | indent 10}}
+ - name: VM_ARGS
+ value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-service:2.3.2
-robotimage: onap/optf-cmso-robot:2.3.2
+image: onap/optf-cmso-service:2.3.4
pullPolicy: Always
#init container image
dbinit:
- image: onap/optf-cmso-dbinit:2.3.2
+ image: onap/optf-cmso-dbinit:2.3.4
# flag to enable debugging - application support required
debugEnabled: false
# See the License for the specific language governing permissions and
# limitations under the License.
-->
-<included>
+<configuration>
<jmxConfigurator />
<!-- Example evaluator filter applied against console appender -->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
</logger>
<!-- logback jms appenders & loggers definition ends here -->
- <root level="DEBUG">
+ <root level="INFO">
<appender-ref ref="DEBUG" />
<appender-ref ref="STDOUT" />
</root>
-</included>
+</configuration>
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: proprietary-auth
+ - name: VM_ARGS
+ value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-ticketmgt:2.3.2
+image: onap/optf-cmso-ticketmgt:2.3.4
pullPolicy: Always
# See the License for the specific language governing permissions and
# limitations under the License.
-->
-<included>
+<configuration>
<jmxConfigurator />
<!-- Example evaluator filter applied against console appender -->
<property name="p_tim" value="%d{"yyyy-MM-dd'T'HH:mm:ss.SSSXXX", UTC}"/>
</logger>
<!-- logback jms appenders & loggers definition ends here -->
- <root level="DEBUG">
+ <root level="INFO">
<appender-ref ref="DEBUG" />
<appender-ref ref="STDOUT" />
</root>
-</included>
+</configuration>
value: {{ .Values.global.truststorePassword }}
- name: AUTHENTICATION
value: {{ .Values.global.authentication }}
+ - name: VM_ARGS
+ value: "-Dcom.att.eelf.logging.file=logback.xml -Dcom.att.eelf.logging.path=/share/etc/config"
command:
- /bin/sh
args:
enabled: true
# application image
-image: onap/optf-cmso-topology:2.3.2
+image: onap/optf-cmso-topology:2.3.4
pullPolicy: Always
+#!/bin/bash
+
{{/*
# Copyright © 2017 Amdocs, Bell Canada
# Modifications Copyright © 2018 AT&T,VMware
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
-
*/}}
-#!/bin/bash
+
{{/*
# Controller is a process that reads from Music Q
# It uses no ports (TCP or HTTP). The PROB will check
certEndpoint: v1/certificate
caName: RA
certSecretRef:
- name: cmpv2-issuer-secret
- certRef: certServiceServer-cert.pem
- keyRef: certServiceServer-key.pem
- cacertRef: truststore.pem
+ name: oom-cert-service-server-tls-secret
+ certRef: tls.crt
+ keyRef: tls.key
+ cacertRef: ca.crt
+++ /dev/null
-CERTS_DIR = resources
-CURRENT_DIR := ${CURDIR}
-DOCKER_CONTAINER = generate-certs
-DOCKER_EXEC = docker exec ${DOCKER_CONTAINER}
-
-all: start_docker \
- clear_all \
- root_generate_keys \
- root_create_certificate \
- root_self_sign_certificate \
- client_generate_keys \
- client_generate_csr \
- client_sign_certificate_by_root \
- client_import_root_certificate \
- client_convert_certificate_to_jks \
- server_generate_keys \
- server_generate_csr \
- server_sign_certificate_by_root \
- server_import_root_certificate \
- server_convert_certificate_to_jks \
- server_convert_certificate_to_p12 \
- convert_truststore_to_p12 \
- convert_truststore_to_pem \
- server_export_certificate_to_pem \
- server_export_key_to_pem \
- clear_unused_files \
- stop_docker
-
-.PHONY: all
-
-# Starts docker container for generating certificates - deletes first, if already running
-start_docker:
- @make stop_docker
- $(eval REPOSITORY := $(shell cat ./values.yaml | grep -i "^[ \t]*repository" -m1 | xargs | cut -d ' ' -f2))
- $(eval JAVA_IMAGE := $(shell cat ./values.yaml | grep -i "^[ \t]*certificateGenerationImage" -m1 | xargs | cut -d ' ' -f2))
- $(eval FULL_JAVA_IMAGE := $(REPOSITORY)/$(JAVA_IMAGE))
- $(eval USERNAME :=$(shell id -u))
- $(eval GROUP :=$(shell id -g))
- docker run --rm --name ${DOCKER_CONTAINER} --user "$(USERNAME):$(GROUP)" --mount type=bind,source=${CURRENT_DIR}/${CERTS_DIR},target=/certs -w /certs --entrypoint "sh" -td $(FULL_JAVA_IMAGE)
-
-# Stops docker container for generating certificates. 'true' is used to return 0 status code, if container is already deleted
-stop_docker:
- docker rm ${DOCKER_CONTAINER} -f 1>/dev/null || true
-
-#Clear all files related to certificates
-clear_all:
- @make clear_existing_certificates
- @make clear_unused_files
-
-#Clear certificates
-clear_existing_certificates:
- @echo "Clear certificates"
- ${DOCKER_EXEC} rm -f certServiceClient-keystore.jks certServiceServer-keystore.jks root.crt truststore.jks certServiceServer-keystore.p12 truststore.pem certServiceServer-cert.pem certServiceServer-key.pem
- @echo "#####done#####"
-
-#Generate root private and public keys
-root_generate_keys:
- @echo "Generate root private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias root -keyalg RSA -keysize 4096 -validity 3650 -keystore root-keystore.jks \
- -dname "CN=root.com, OU=Root Org, O=Root Company, L=Wroclaw, ST=Dolny Slask, C=PL" -keypass secret \
- -storepass secret -ext BasicConstraints:critical="ca:true"
- @echo "#####done#####"
-
-#Export public key as certificate
-root_create_certificate:
- @echo "(Export public key as certificate)"
- ${DOCKER_EXEC} keytool -exportcert -alias root -keystore root-keystore.jks -storepass secret -file root.crt -rfc
- @echo "#####done#####"
-
-#Self-signed root (import root certificate into truststore)
-root_self_sign_certificate:
- @echo "(Self-signed root (import root certificate into truststore))"
- ${DOCKER_EXEC} keytool -importcert -alias root -keystore truststore.jks -file root.crt -storepass secret -noprompt
- @echo "#####done#####"
-
-#Generate certService's client private and public keys
-client_generate_keys:
- @echo "Generate certService's client private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias certServiceClient -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceClient-keystore.jks -storetype JKS \
- -dname "CN=certServiceClient.com,OU=certServiceClient company,O=certServiceClient org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret
- @echo "####done####"
-
-#Generate certificate signing request for certService's client
-client_generate_csr:
- @echo "Generate certificate signing request for certService's client"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -file certServiceClient.csr
- @echo "####done####"
-
-#Sign certService's client certificate by root CA
-client_sign_certificate_by_root:
- @echo "Sign certService's client certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceClient.csr \
- -outfile certServiceClientByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth"
- @echo "####done####"
-
-#Import root certificate into client
-client_import_root_certificate:
- @echo "Import root certificate into intermediate"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceClientByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService's client
-client_convert_certificate_to_jks:
- @echo "Import signed certificate into certService's client"
- ${DOCKER_EXEC} keytool -importcert -file certServiceClientByRoot.crt -destkeystore certServiceClient-keystore.jks -alias certServiceClient -storepass secret -noprompt
- @echo "####done####"
-
-#Generate certService private and public keys
-server_generate_keys:
- @echo "Generate certService private and public keys"
- ${DOCKER_EXEC} keytool -genkeypair -v -alias oom-cert-service -keyalg RSA -keysize 2048 -validity 365 \
- -keystore certServiceServer-keystore.jks -storetype JKS \
- -dname "CN=oom-cert-service,OU=certServiceServer company,O=certServiceServer org,L=Wroclaw,ST=Dolny Slask,C=PL" \
- -keypass secret -storepass secret -ext BasicConstraints:critical="ca:false"
- @echo "####done####"
-
-#Generate certificate signing request for certService
-server_generate_csr:
- @echo "Generate certificate signing request for certService"
- ${DOCKER_EXEC} keytool -certreq -keystore certServiceServer-keystore.jks -alias oom-cert-service -storepass secret -file certServiceServer.csr
- @echo "####done####"
-
-#Sign certService certificate by root CA
-server_sign_certificate_by_root:
- @echo "Sign certService certificate by root CA"
- ${DOCKER_EXEC} keytool -gencert -v -keystore root-keystore.jks -storepass secret -alias root -infile certServiceServer.csr \
- -outfile certServiceServerByRoot.crt -rfc -ext bc=0 -ext ExtendedkeyUsage="serverAuth,clientAuth" \
- -ext SubjectAlternativeName:="DNS:oom-cert-service,DNS:localhost"
- @echo "####done####"
-
-#Import root certificate into server
-server_import_root_certificate:
- @echo "Import root certificate into intermediate(server)"
- ${DOCKER_EXEC} sh -c "cat root.crt >> certServiceServerByRoot.crt"
- @echo "####done####"
-
-#Import signed certificate into certService
-server_convert_certificate_to_jks:
- @echo "Import signed certificate into certService"
- ${DOCKER_EXEC} keytool -importcert -file certServiceServerByRoot.crt -destkeystore certServiceServer-keystore.jks -alias oom-cert-service \
- -storepass secret -noprompt
- @echo "####done####"
-
-#Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)
-server_convert_certificate_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore certServiceServer-keystore.jks -srcstorepass secret \
- -destkeystore certServiceServer-keystore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.jks) to PCKS12 format(.p12)
-convert_truststore_to_p12:
- @echo "Convert certServiceServer-keystore(.jks) to PCKS12 format(.p12)"
- ${DOCKER_EXEC} keytool -importkeystore -srckeystore truststore.jks -srcstorepass secret \
- -destkeystore truststore.p12 -deststoretype PKCS12 -deststorepass secret
- @echo "#####done#####"
-
-#Convert truststore(.p12) to PEM format(.pem)
-convert_truststore_to_pem:
- @echo "Convert certServiceServer-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -nodes -in truststore.p12 -out truststore.pem -passin pass:secret
- @echo "#####done#####"
-
-#Export certificates from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_certificate_to_pem:
- @echo "Export certificates from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nokeys -out certServiceServer-cert.pem
- @echo "#####done#####"
-
-#Export keys from certServiceServer-keystore(.p12) to PEM format(.pem)
-server_export_key_to_pem:
- @echo "Export keys from certServiceClient-keystore(.p12) to PEM format(.pem)"
- ${DOCKER_EXEC} openssl pkcs12 -in certServiceServer-keystore.p12 -passin 'pass:secret' -nodes -nocerts -out certServiceServer-key.pem
- @echo "#####done#####"
-
-
-#Clear unused certificates
-clear_unused_files:
- @echo "Clear unused certificates"
- ${DOCKER_EXEC} rm -f certServiceClientByRoot.crt certServiceClient.csr root-keystore.jks certServiceServerByRoot.crt certServiceServer.csr truststore.p12
- @echo "#####done#####"
- name: repositoryGenerator
version: ~8.x-0
repository: '@local'
+ - name: certManagerCertificate
+ version: ~8.x-0
+ repository: '@local'
+ - name: cmpv2Config
+ version: ~8.x-0
+ repository: '@local'
\ No newline at end of file
--- /dev/null
+{{/*
+# Copyright © 2020-2021 Nokia
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "certManagerCertificate.certificate" . }}
- name: ROOT_CERT
value: "{{ .Values.tls.server.volume.mountPath }}/{{ .Values.envs.truststore.crtName }}"
- name: KEYSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
- name: TRUSTSTORE_PASSWORD
- {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 14 }}
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "certificates-password" "key" "password") | indent 14 }}
livenessProbe:
exec:
command:
--- /dev/null
+{{/*
+ # Copyright © 2021, Nokia
+ #
+ # Licensed under the Apache License, Version 2.0 (the "License");
+ # you may not use this file except in compliance with the License.
+ # You may obtain a copy of the License at
+ #
+ # http://www.apache.org/licenses/LICENSE-2.0
+ #
+ # Unless required by applicable law or agreed to in writing, software
+ # distributed under the License is distributed on an "AS IS" BASIS,
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ # See the License for the specific language governing permissions and
+ # limitations under the License.
+*/}}
+
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.selfsigning.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ selfSigned: {}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+ name: {{ .Values.tls.issuer.ca.name }}
+ namespace: {{ include "common.namespace" . }}
+spec:
+ ca:
+ secretName: {{ .Values.tls.issuer.ca.secret.name }}
\ No newline at end of file
{{ (.Files.Glob "resources/default/cmpServers.json").AsSecrets }}
{{ end }}
---
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.global.certService.certServiceClient.secret.name | default .Values.tls.client.secret.defaultName }}
-type: Opaque
-data:
- certServiceClient-keystore.jks:
- {{ (.Files.Glob "resources/certServiceClient-keystore.jks").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.tls.server.secret.name }}
-type: Opaque
-data:
- certServiceServer-keystore.jks:
- {{ (.Files.Glob "resources/certServiceServer-keystore.jks").AsSecrets }}
- certServiceServer-keystore.p12:
- {{ (.Files.Glob "resources/certServiceServer-keystore.p12").AsSecrets }}
- truststore.jks:
- {{ (.Files.Glob "resources/truststore.jks").AsSecrets }}
- root.crt:
- {{ (.Files.Glob "resources/root.crt").AsSecrets }}
----
-apiVersion: v1
-kind: Secret
-metadata:
- name: {{ .Values.tls.provider.secret.name }}
-type: Opaque
-data:
- certServiceServer-key.pem:
- {{ (.Files.Glob "resources/certServiceServer-key.pem").AsSecrets }}
- certServiceServer-cert.pem:
- {{ (.Files.Glob "resources/certServiceServer-cert.pem").AsSecrets }}
- truststore.pem:
- {{ (.Files.Glob "resources/truststore.pem").AsSecrets }}
+
{{ end -}}
mountPath: /etc/onap/oom/certservice
tls:
+ issuer:
+ selfsigning:
+ name: &selfSigningIssuer cmpv2-selfsigning-issuer
+ ca:
+ name: &caIssuer cmpv2-ca-issuer
+ secret:
+ name: &caKeyPairSecret cmpv2-ca-key-pair
server:
secret:
- name: oom-cert-service-server-tls-secret
+ name: &serverSecret oom-cert-service-server-tls-secret
volume:
name: oom-cert-service-server-tls-volume
mountPath: /etc/onap/oom/certservice/certs/
client:
secret:
defaultName: oom-cert-service-client-tls-secret
- provider:
- secret:
- name: cmpv2-issuer-secret
envs:
keystore:
- jksName: certServiceServer-keystore.jks
- p12Name: certServiceServer-keystore.p12
- pemName: certServiceServer-keystore.pem
+ jksName: keystore.jks
+ p12Name: keystore.p12
+ pemName: tls.crt
truststore:
jksName: truststore.jks
- crtName: root.crt
- pemName: truststore.pem
+ crtName: ca.crt
+ pemName: tls.crt
httpsPort: 8443
# External secrets with credentials can be provided to override default credentials defined below,
# by uncommenting and filling appropriate *ExternalSecret value
credentials:
tls:
- keystorePassword: secret
- truststorePassword: secret
- #keystorePasswordExternalSecret:
- #truststorePasswordExternalSecret:
+ certificatesPassword: secret
+ #certificatesPasswordExternalSecret:
# Below cmp values contain credentials for EJBCA test instance and are relevant only if global addTestingComponents flag is enabled
cmp:
# Used only if cmpv2 testing is enabled
# rv: unused
secrets:
- - uid: keystore-password
- name: '{{ include "common.release" . }}-keystore-password'
- type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.keystorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.keystorePassword }}'
- passwordPolicy: required
- - uid: truststore-password
- name: '{{ include "common.release" . }}-truststore-password'
+ - uid: certificates-password
+ name: &certificatesPasswordSecretName '{{ .Values.cmpv2Config.global.platform.certificates.keystorePasswordSecretName }}'
type: password
- externalSecret: '{{ tpl (default "" .Values.credentials.tls.truststorePasswordExternalSecret) . }}'
- password: '{{ .Values.credentials.tls.truststorePassword }}'
+ externalSecret: '{{ tpl (default "" .Values.credentials.tls.certificatesPasswordExternalSecret) . }}'
+ password: '{{ .Values.credentials.tls.certificatesPassword }}'
passwordPolicy: required
# Below values are relevant only if global addTestingComponents flag is enabled
- uid: ejbca-server-client-iak
type: password
externalSecret: '{{ tpl (default "" .Values.credentials.cmp.raRvExternalSecret) . }}'
password: '{{ .Values.credentials.cmp.ra.rv }}'
+
+# Certificates definitions
+certificates:
+ - name: selfsigned-cert
+ secretName: *caKeyPairSecret
+ isCA: true
+ commonName: root.com
+ subject:
+ organization: Root Company
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: Root Org
+ issuer:
+ name: *selfSigningIssuer
+ kind: Issuer
+ - name: cert-service-server-cert
+ secretName: *serverSecret
+ commonName: oom-cert-service
+ dnsNames:
+ - oom-cert-service
+ - localhost
+ subject:
+ organization: certServiceServer org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceServer company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ - p12
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer
+ - name: cert-service-client-cert
+ secretName: '{{ .Values.cmpv2Config.global.platform.certificates.clientSecretName | default .Values.tls.client.secret.defaultName }}'
+ commonName: certServiceClient.com
+ subject:
+ organization: certServiceClient org
+ country: PL
+ locality: Wroclaw
+ province: Dolny Slask
+ organizationalUnit: certServiceClient company
+ usages:
+ - server auth
+ - client auth
+ keystore:
+ outputType:
+ - jks
+ passwordSecretRef:
+ name: *certificatesPasswordSecretName
+ key: password
+ issuer:
+ name: *caIssuer
+ kind: Issuer
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<appender-ref ref="AsyncStdOut" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<appender-ref ref="AsyncStdOut" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<appender-ref ref="AsyncTransactionStdOut" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<!--
============LICENSE_START=======================================================
Copyright (C) 2020 Bell Canada. All rights reserved.
+ Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved.
================================================================================
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
<encoder>
- <Pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</Pattern>
+ <Pattern>[%d{yyyy-MM-dd'T'HH:mm:ss.SSS+00:00, UTC}|%level|%logger{0}|%thread] %msg%n</Pattern>
</encoder>
</appender>
<appender-ref ref="AsyncStdOut" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
+#!/bin/sh -x
+
# Copyright © 2018 Amdocs, Bell Canada, AT&T
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/sh -x
SQL_DEST_DIR=${SQL_DEST_DIR:-/tmp/sql}
DB_PORT=${DB_PORT:-3306}
#
# Execute tags built to support the hands-on demo
#
-function usage
+usage ()
{
echo "Usage: demo-k8s.sh <namespace> <command> [<parameters>] [execscript]"
echo " "
# Check if execscript flag is used and drop it from input arguments
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
set -- "${@:1:$#-1}"
execscript=true
fi
+#!/bin/bash
+
# Copyright © 2018 Amdocs, Bell Canada
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
-
#
# Run the testsuite for the passed tag. Valid tags are listed in usage help
# Please clean up logs when you are done...
#
-if [ "$1" == "" ] || [ "$2" == "" ]; then
+if [ "$1" = "" ] || [ "$2" = "" ]; then
echo "Usage: ete-k8s.sh [namespace] [tag] [execscript]"
echo ""
echo " List of test case tags (filename for intent: tag)"
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
+#!/bin/bash
+
# Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
-
#
# Run the health-check testsuites for the tags discovered by helm list
# Please clean up logs when you are done...
#
-if [ "$1" == "" ] ; then
+if [ "$1" = "" ] ; then
echo "Usage: eteHelm-k8s.sh [namespace] [execscript]"
echo " list projects via helm list and runs health-check with those tags except dev and dev-consul"
echo " [execscript] - optional parameter to execute user custom scripts located in scripts/helmscript directory"
ETEHOME=/var/opt/ONAP
-if [[ "${!#}" == "execscript" ]]; then
+if [[ "${!#}" = "execscript" ]]; then
for script in $(ls -1 "$DIR/$SCRIPTDIR"); do
[ -f "$DIR/$SCRIPTDIR/$script" ] && [ -x "$DIR/$SCRIPTDIR/$script" ] && source "$DIR/$SCRIPTDIR/$script"
done
FOLDER=
POLL=0
-function check_required_parameter() {
+check_required_parameter () {
# arg1 = parameter
# arg2 = parameter name
if [ -z "$1" ]; then
fi
}
-function check_optional_paramater() {
+check_optional_paramater () {
# arg1 = parameter
# arg2 = parameter name
if [ -z $1 ]; then
GLOBAL_INJECTED_SO_OPENSTACK_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-openstack-adapter") }}'
GLOBAL_INJECTED_SO_REQDB_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-request-db-adapter") }}'
GLOBAL_INJECTED_SO_SDNC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-sdnc-adapter") }}'
-GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vfc-adapter") }}'
-GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-vnfm-adapter") }}'
+GLOBAL_INJECTED_SO_VFC_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-etsi-sol005-adapter") }}'
+GLOBAL_INJECTED_SO_VNFM_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-etsi-sol003-adapter") }}'
GLOBAL_INJECTED_SO_NSSMF_IP_ADDR = '{{include "robot.ingress.svchost" (dict "root" . "hostname" "so-nssmf-adapter") }}'
GLOBAL_INJECTED_UBUNTU_1404_IMAGE = '{{ .Values.ubuntu14Image }}'
GLOBAL_INJECTED_UBUNTU_1604_IMAGE = '{{ .Values.ubuntu16Image }}'
GLOBAL_SO_OPENSTACK_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-openstack-adapter" "port" 8087) }}'
GLOBAL_SO_REQDB_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-request-db-adapter" "port" 8083) }}'
GLOBAL_SO_SDNC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-sdnc-adapter" "port" 8086) }}'
-GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vfc-adapter" "port" 8084) }}'
-GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-vnfm-adapter" "port" 9092) }}'
+GLOBAL_SO_VFC_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-etsi-sol005-adapter" "port" 8084) }}'
+GLOBAL_SO_VNFM_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-etsi-sol003-adapter" "port" 9092) }}'
GLOBAL_SO_NSSMF_SERVER_PORT = '{{include "robot.ingress.port" (dict "root" . "hostname" "so-nssmf-adapter" "port" 8088) }}'
GLOBAL_SO_USERNAME = '{{ .Values.soUsername }}'
GLOBAL_SO_CATDB_USERNAME = '{{ .Values.soCatdbUsername }}'
GLOBAL_CCSDK_CDS_PASSWORD = 'ccsdkapps'
GLOBAL_CCSDK_CDS_AUTHENTICATION = [GLOBAL_CCSDK_CDS_USERNAME, GLOBAL_CCSDK_CDS_PASSWORD]
GLOBAL_CDS_AUTH = "Y2NzZGthcHBzOmNjc2RrYXBwcw=="
-
+#!/bin/bash
+
# Copyright © 2019 Nokia
#
# Licensed under the Apache License, Version 2.0 (the "License");
# See the License for the specific language governing permissions and
# limitations under the License.
-#!/bin/bash
-
#
# Generate HV-VES SSL related certs.
# Copy the stuff to HV-VES and Robot pods.
-# SPDX-License-Identifier: Apache-2.0
-
#!/bin/bash
+# SPDX-License-Identifier: Apache-2.0
+
#
# Create root certificate CA (Certificate Authority) and its private key.
# Create the package certificate issued by CA
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-backend-all-plugins:1.8.4
-backendInitImage: onap/sdc-backend-init:1.8.4
+image: onap/sdc-backend-all-plugins:1.8.5
+backendInitImage: onap/sdc-backend-init:1.8.5
pullPolicy: Always
#################################################################
# application image
repository: nexus3.onap.org:10001
-image: onap/sdc-cassandra:1.8.4
-cassandraInitImage: onap/sdc-cassandra-init:1.8.4
+image: onap/sdc-cassandra:1.8.5
+cassandraInitImage: onap/sdc-cassandra-init:1.8.5
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-frontend:1.8.4
+image: onap/sdc-frontend:1.8.5
pullPolicy: Always
config:
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdc-onboard-backend:1.8.4
-onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.4
+image: onap/sdc-onboard-backend:1.8.5
+onboardingInitImage: onap/sdc-onboard-cassandra-init:1.8.5
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-dmaap-listener-image:2.0.5
+image: onap/sdnc-dmaap-listener-image:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ansible-server-image:2.0.5
+image: onap/sdnc-ansible-server-image:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
*/}}
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
*/}}
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
# should PROM start as passive?
state=$( bin/sdnc.cluster )
-if [ "$state" == "standby" ]; then
+if [ "$state" = "standby" ]; then
echo "Starting PROM in passive mode"
passive="-p"
fi
-{{/*
-#/bin/sh
+#!/bin/sh
+{{/*
# Copyright © 2018 Amdocs
#
# Licensed under the Apache License, Version 2.0 (the "License");
enableDebugLogging=true
debugLog(){
- if [ "$enableDebugLogging" == true ]; then
+ if [ "$enableDebugLogging" = true ]; then
if [ $# -eq 0 ]; then
echo "" >> $LOGFILE
else
- name: TILEURL
value: {{ .Values.config.topologyserver.tileserverUrl }}
{{ end }}
-
+ - name: ENABLE_OAUTH
+ value: "{{ .Values.config.oauth.enabled | default "false" }}"
+ - name: ENABLE_ODLUX_RBAC
+ value: "{{ .Values.config.oauth.odluxRbac.enabled | default "false" }}"
volumeMounts: {{ include "common.certInitializer.volumeMount" . | nindent 10 }}
- mountPath: /etc/localtime
name: localtime
# Application configuration defaults.
#################################################################
# application image
-image: "onap/sdnc-web-image:2.0.5"
+image: "onap/sdnc-web-image:2.1.5"
pullPolicy: Always
config:
sslCertDir: "/opt/app/osaaf/local/certs"
sslCertiticate: "cert.pem"
sslCertKey: "key.pem"
+ oauth:
+ enabled: false
+ odluxRbac:
+ enabled: false
transportpce:
enabled: false
transportpceUrl: http://transportpce.transportpce:8181
# Application configuration defaults.
#################################################################
# application image
-image: onap/sdnc-ueb-listener-image:2.0.5
+image: onap/sdnc-ueb-listener-image:2.1.5
pullPolicy: Always
# flag to enable debugging - application support required
--- /dev/null
+{
+ "tokenSecret": "${OAUTH_TOKEN_SECRET}",
+ "tokenIssuer": {{ .Values.config.sdnr.oauth.tokenIssuer | quote }},
+ "publicUrl": {{ .Values.config.sdnr.oauth.publicUrl | quote }},
+ "redirectUri": "{{ .Values.config.sdnr.oauth.redirectUri | quote | default "null" }}",
+ "supportOdlUsers": "{{ .Values.config.sdnr.oauth.supportOdlUsers | default "true" }}",
+ "providers": {{ .Values.config.sdnr.oauth.providers | toJson }}
+}
\ No newline at end of file
# limitations under the License.
*/}}
-function usage()
+usage ()
{
echo usage: switchVoting.sh primary\|secondary
exit 1
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 10 }}
- name: AAI_CLIENT_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 10 }}
+ - name: AAI_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 10 }}
+ - name: ANSIBLE_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 10 }}
+ - name: SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 10 }}
+ - name: SO_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 10 }}
+ - name: NENG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 10 }}
+ - name: NENG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 10 }}
+ - name: CDS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 10 }}
+ - name: CDS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 10 }}
+ - name: HONEYCOMB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 10 }}
+ - name: HONEYCOMB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 10 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 10 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 10 }}
+ - name: DMAAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 10 }}
+ - name: DMAAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 10 }}
+ - name: DMAAP_AUTHKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 10 }}
- name: MODELSERVICE_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "modeling-user-creds" "key" "login") | indent 10 }}
- name: MODELSERVICE_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 10 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 10 }}
- name: ODL_ADMIN_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 10 }}
- name: ODL_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 10 }}
{{ if and .Values.config.sdnr.dmaapProxy.enabled .Values.config.sdnr.dmaapProxy.usepwd }}
- name: DMAAP_HTTP_PROXY_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "login") | indent 10 }}
- name: DMAAP_HTTP_PROXY_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-proxy-creds" "key" "password") | indent 10 }}
{{- end }}
+ {{ if .Values.config.sdnr.oauth.enabled }}
+ - name: OAUTH_TOKEN_SECRET
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "oauth-token-secret" "key" "password") | indent 10 }}
+ - name: KEYCLOAK_SECRET
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keycloak-secret" "key" "password") | indent 10 }}
+
+ - name: ENABLE_ODLUX_RBAC
+ value: "{{ .Values.config.sdnr.oauth.odluxRbac.enabled | default "true" }}"
+ {{ end }}
volumeMounts:
{{ if or .Values.dgbuilder.enabled .Values.config.sdnr.enabled -}}
- --container-name
- {{ include "common.mariadbService" . }}
+ - --job-name
+ - {{ include "common.fullname" . }}-dbinit-job
{{ end -}}
{{ if .Values.config.sdnr.enabled -}}
- --container-name
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-root-password" "key" "password") | indent 12 }}
- name: ODL_ADMIN_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
+ - name: ODL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "login") | indent 12 }}
- name: ODL_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
+ - name: ODL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "odl-creds" "key" "password") | indent 12 }}
- name: SDNC_DB_USER
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
- name: SDNC_DB_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "login") | indent 12 }}
+ - name: MYSQL_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-secret" "key" "password") | indent 12 }}
+ - name: MYSQL_DATABASE
+ value: "{{ .Values.config.dbSdnctlDatabase }}"
- name: SDNC_CONFIG_DIR
value: "{{ .Values.config.configDir }}"
+ - name: AAI_CLIENT_NAME
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "login") | indent 12 }}
+ - name: AAI_CLIENT_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-user-creds" "key" "password") | indent 12 }}
+ - name: AAI_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "aai-truststore-password" "key" "password") | indent 12 }}
+ - name: ANSIBLE_TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "ansible-truststore-password" "key" "password") | indent 12 }}
+ - name: SO_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "login") | indent 12 }}
+ - name: SO_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "so-user-creds" "key" "password") | indent 12 }}
+ - name: NENG_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "login") | indent 12 }}
+ - name: NENG_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "neng-user-creds" "key" "password") | indent 12 }}
+ - name: CDS_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "login") | indent 12 }}
+ - name: CDS_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "cds-user-creds" "key" "password") | indent 12 }}
+ - name: HONEYCOMB_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "login") | indent 12 }}
+ - name: HONEYCOMB_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "honeycomb-user-creds" "key" "password") | indent 12 }}
+ - name: TRUSTSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "truststore-password" "key" "password") | indent 12 }}
+ - name: KEYSTORE_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "keystore-password" "key" "password") | indent 12 }}
+ - name: DMAAP_USER
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "login") | indent 12 }}
+ - name: DMAAP_PASSWORD
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-user-creds" "key" "password") | indent 12 }}
+ - name: DMAAP_AUTHKEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "dmaap-authkey" "key" "password") | indent 12 }}
- name: ENABLE_ODL_CLUSTER
value: "{{ .Values.config.enableClustering }}"
- name: MY_ODL_CLUSTER
- name: ODL_CERT_DIR
value: {{ (mustFirst (.Values.certificates)).mountPath }}
{{- end }}
-
+ - name: ENABLE_OAUTH
+ value: "{{ .Values.config.sdnr.oauth.enabled | default "false" }}"
volumeMounts:
{{ include "common.certInitializer.volumeMount" . | indent 10 }}
{{ include "common.certServiceClient.volumeMounts" . | indent 10 }}
- mountPath: {{ .Values.config.odl.etcDir }}/org.opendaylight.daexim.cfg
name: properties
subPath: org.opendaylight.daexim.cfg
+ {{- if .Values.config.sdnr.oauth.enabled }}
+ - mountPath: {{ .Values.config.odl.etcDir }}/oauth-provider.config.json
+ name: properties
+ subPath: oauth-provider.config.json
+ {{ end }}
resources:
{{ include "common.resources" . | indent 12 }}
{{- if .Values.nodeSelector }}
externalSecret: '{{ .Values.config.netboxApikeyExternalSecret }}'
password: '{{ .Values.config.netboxApikey }}'
passwordPolicy: required
+ - uid: aai-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.aaiTruststoreExternalSecret }}'
+ password: '{{ .Values.config.aaiTruststorePassword }}'
+ passwordPolicy: required
+ - uid: ansible-truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.ansibleTruststoreExternalSecret }}'
+ password: '{{ .Values.config.ansibleTruststorePassword }}'
+ passwordPolicy: required
+ - uid: truststore-password
+ type: password
+ externalSecret: '{{ .Values.config.truststoreExternalSecret }}'
+ password: '{{ .Values.config.truststorePassword }}'
+ passwordPolicy: required
+ - uid: keystore-password
+ type: password
+ externalSecret: '{{ .Values.config.keystoreExternalSecret }}'
+ password: '{{ .Values.config.keystorePassword }}'
+ passwordPolicy: required
+ - uid: dmaap-authkey
+ type: password
+ externalSecret: '{{ .Values.config.dmaapAuthKeyExternalSecret }}'
+ password: '{{ .Values.config.dmaapAuthKey }}'
+ passwordPolicy: required
- uid: aai-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.aaiCredsExternalSecret}}'
login: '{{ .Values.config.aaiUser }}'
password: '{{ .Values.config.aaiPassword }}'
passwordPolicy: required
+ - uid: so-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.soCredsExternalSecret}}'
+ login: '{{ .Values.config.soUser }}'
+ password: '{{ .Values.config.soPassword }}'
+ passwordPolicy: required
+ - uid: neng-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.nengCredsExternalSecret}}'
+ login: '{{ .Values.config.nengUser }}'
+ password: '{{ .Values.config.nengPassword }}'
+ passwordPolicy: required
+ - uid: cds-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.cdsCredsExternalSecret}}'
+ login: '{{ .Values.config.cdsUser }}'
+ password: '{{ .Values.config.cdsPassword }}'
+ passwordPolicy: required
+ - uid: honeycomb-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.honeycombCredsExternalSecret}}'
+ login: '{{ .Values.config.honeycombUser }}'
+ password: '{{ .Values.config.honeycombPassword }}'
+ passwordPolicy: required
+ - uid: dmaap-user-creds
+ type: basicAuth
+ externalSecret: '{{ .Values.config.dmaapCredsExternalSecret}}'
+ login: '{{ .Values.config.dmaapUser }}'
+ password: '{{ .Values.config.dmaapPassword }}'
+ passwordPolicy: required
- uid: modeling-user-creds
type: basicAuth
externalSecret: '{{ .Values.config.modelingCredsExternalSecret}}'
login: '{{ .Values.config.scaleoutUser }}'
password: '{{ .Values.config.scaleoutPassword }}'
passwordPolicy: required
+ - uid: oauth-token-secret
+ type: password
+ externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.tokenExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
+ password: '{{ .Values.config.sdnr.oauth.tokenSecret }}'
+ passwordPolicy: required
+ - uid: keycloak-secret
+ type: password
+ externalSecret: '{{ ternary (tpl (default "" .Values.config.sdnr.oauth.providersSecrets.keycloakExternalSecret) .) "oauth-disabled" .Values.config.sdnr.oauth.enabled }}'
+ password: '{{ .Values.config.sdnr.oauth.providersSecrets.keycloak }}'
+ passwordPolicy: required
+
#################################################################
# Certificates
#################################################################
outputType:
- jks
passwordSecretRef:
+ create: true
name: sdnc-cmpv2-keystore-password
key: password
issuer:
# application images
pullPolicy: Always
-image: onap/sdnc-image:2.0.5
+image: onap/sdnc-image:2.1.5
# flag to enable debugging - application support required
debugEnabled: false
# odlCredsExternalSecret: some secret
netboxApikey: onceuponatimeiplayedwithnetbox20180814
# netboxApikeyExternalSecret: some secret
+ aaiTruststorePassword: changeit
+ # aaiTruststoreExternalSecret: some secret
+ ansibleTruststorePassword: changeit
+ # ansibleTruststoreExternalSecret: some secret
+ truststorePassword: adminadmin
+ # truststoreExternalSecret: some secret
+ keystorePassword: adminadmin
+ # keystoreExternalSecret: some secret
aaiUser: sdnc@sdnc.onap.org
aaiPassword: demo123456!
# aaiCredsExternalSecret: some secret
+ soUser: sdncaBpmn
+ soPassword: password1$
+ # soCredsExternalSecret: some secret
+ nengUser: ccsdkapps
+ nengPassword: ccsdkapps
+ # nengCredsExternalSecret: some secret
+ cdsUser: ccsdkapps
+ cdsPassword: ccsdkapps
+ # cdsCredsExternalSecret: some secret
+ honeycombUser: admin
+ honeycombPassword: admin
+ # honeycombCredsExternalSecret: some secret
+ dmaapUser: admin
+ dmaapPassword: admin
+ dmaapAuthKey: "fs20cKwalJ6ry4kX:7Hqm6BDZK47IKxGRkOPFk33qMYs="
+ # dmaapCredsExternalSecret: some secret
+ # dmaapAuthKeyExternalSecret: some secret
modelingUser: ccsdkapps
modelingPassword: ccsdkapps
# modelingCredsExternalSecret: some secret
sdnrdbTrustAllCerts: true
mountpointRegistrarEnabled: false
mountpointStateProviderEnabled: false
+ #
# enable and set dmaap-proxy for mountpointRegistrar
dmaapProxy:
enabled: false
user: addUserHere
password: addPasswordHere
url: addProxyUrlHere
-
-
-
-
+ oauth:
+ enabled: false
+ tokenIssuer: ONAP SDNC
+ tokenSecret: secret
+ supportOdlusers: true
+ redirectUri: null
+ publicUrl: none
+ odluxRbac:
+ enabled: true
+ # example definition for a oauth provider
+ providersSecrets:
+ keycloak: d8d7ed52-0691-4353-9ac6-5383e72e9c46
+ providers:
+ - id: keycloak
+ type: KEYCLOAK
+ host: http://keycloak:8080
+ clientId: odlux.app
+ secret: ${KEYCLOAK_SECRET}
+ scope: openid
+ title: ONAP Keycloak Provider
+ roleMapping:
+ mykeycloak: admin
# dependency / sub-chart configuration
certInitializer:
# @author: gareth.roper@ericsson.com
apiVersion: v1
description: A Helm chart for ONAP Service Orchestration Monitoring
-name: so-monitoring
+name: so-admin-cockpit
version: 8.0.0
security:
usercredentials:
-
- username: ${SO_MONITORING_USERNAME}
- password: ${SO_MONITORING_PASSWORD}
+ username: ${SO_COCKPIT_USERNAME}
+ password: ${SO_COCKPIT_PASSWORD}
role: GUI-Client
APP: {{ index .Values.app }}
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
apiVersion: v1
kind: ConfigMap
metadata:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app
namespace: {{ include "common.namespace" . }}
labels:
app: {{ include "common.name" . }}
args:
- -c
- |
- export SO_MONITORING_PASSWORD=`htpasswd -bnBC 10 "" $SO_MON_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
+ export SO_COCKPIT_PASSWORD=`htpasswd -bnBC 10 "" $SO_COCKPIT_PASS | tr -d ':\n' | sed 's/\$2y/\$2a/'`
{{- if .Values.global.aafEnabled }}
export $(grep '^c' {{ .Values.soHelpers.certInitializer.credsPath }}/org.onap.so.cred.props | xargs -0)
export $(cat {{ .Values.soHelpers.certInitializer.credsPath }}/mycreds.prop | xargs -0)
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
- - name: SO_MONITORING_USERNAME
+ - name: SO_COCKPIT_USERNAME
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "login") | indent 10 }}
- - name: SO_MON_PASS
+ - name: SO_COCKPIT_PASS
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "app-user-creds" "key" "password") | indent 10 }}
envFrom:
- configMapRef:
- name: {{ include "common.fullname" . }}-configmap
+ name: {{ include "common.fullname" . }}
imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
volumeMounts: {{ include "so.certificate.volumeMount" . | nindent 8 }}
- name: logs
emptyDir: {}
- name: config
configMap:
- name: {{ include "common.fullname" . }}-app-configmap
+ name: {{ include "common.fullname" . }}-app
imagePullSecrets:
- name: "{{ include "common.namespace" . }}-docker-registry-key"
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
# Copyright (C) 2018 Ericsson. All rights reserved.
# Copyright (C) 2020 Huawei
# Modifications Copyright © 2020 Nokia
+# Modifications Copyright © 2021 Orange
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
passwordPolicy: required
- uid: app-user-creds
type: basicAuth
- externalSecret: '{{ tpl (default "" .Values.server.monitoring.soMonitoringCredsExternalSecret) . }}'
- login: '{{ .Values.server.monitoring.username }}'
- password: '{{ .Values.server.monitoring.password }}'
+ externalSecret: '{{ tpl (default "" .Values.server.cockpit.soMonitoringCredsExternalSecret) . }}'
+ login: '{{ .Values.server.cockpit.username }}'
+ password: '{{ .Values.server.cockpit.password }}'
#secretsFilePaths: |
# - 'my file 1'
# Application configuration defaults.
#################################################################
repository: nexus3.onap.org:10001
-image: onap/so/so-monitoring:1.7.11
+image: onap/so/so-admin-cockpit:1.8.2
pullPolicy: Always
db:
minReadySeconds: 10
containerPort: &containerPort 9091
logPath: app/logs/
-app: so-monitoring
+app: so-admin-cockpit
#################################################################
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-monitoring-cert-init
+ nameOverride: so-cockpit-cert-init
certInitializer:
- nameOverride: so-monitoring-cert-init
+ nameOverride: so-cockpit-cert-init
credsPath: /opt/app/osaaf/local
cadi:
apiEnforcement: org.onap.so.monitoringPerm
containerPort: *containerPort
server:
- monitoring:
+ cockpit:
username: demo
# password: demo123456!
# soMonitoringCredsExternalSecret: some secret
nodePort: 24
internalPort: *containerPort
externalPort: *containerPort
- portName: so-monitor-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
ingress:
enabled: false
service:
- - baseaddr: "somonitoring"
- name: "so-monitoring"
+ - baseaddr: "soadmincockpit"
+ name: "so-admin-cockpit"
port: 9091
config:
ssl: "none"
endpoint: http://so-openstack-adapter.{{ include "common.namespace" . }}:8087/services/VnfAsync
vfc:
rest:
- endpoint: http://so-vfc-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter
+ endpoint: http://so-etsi-sol005-adapter.{{ include "common.namespace" . }}:8084/services/v1/vfcadapter
workflow:
message:
endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/mso/WorkflowMessage
so:
vnfm:
adapter:
- url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1/
- auth: {{ .Values.so.vnfm.adapter.auth }}
+ url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ auth: {{ .Values.so.sol003.adapter.auth }}
org:
onap:
so:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/bpmn-infra:1.7.11
+image: onap/so/bpmn-infra:1.8.1
pullPolicy: Always
db:
oof:
auth: test:testpwd
so:
- vnfm:
+ sol003:
adapter:
auth: Basic dm5mbTpwYXNzd29yZDEk
sniro:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/catalog-db-adapter:1.7.11
+image: onap/so/catalog-db-adapter:1.8.1
pullPolicy: Always
db:
max-threads: 50
mso:
site-name: localSite
- logPath: ./logs/cnf
+ logPath: ./logs/cnf-adapter
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
#Actuator
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/mso-cnf-adapter:1.7.11
+image: onap/so/so-cnf-adapter:1.8.3
pullPolicy: Always
readinessCheck:
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8090
-logPath: ./logs/cnf/
+logPath: ./logs/cnf-adapter/
app: cnf-adapter
service:
type: ClusterIP
so:
adapters:
sol003-adapter:
- url: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
+ url: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092/so/vnfm-adapter/v1
auth: {{ .Values.so.sol003.adapter.auth }}
etsi-catalog-manager:
base:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-etsi-nfvo-ns-lcm:1.7.11
+image: onap/so/so-etsi-nfvo-ns-lcm:1.8.2
pullPolicy: Always
aai:
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
-description: ONAP SO VNFM Adapter
-name: so-vnfm-adapter
+description: ONAP SO ETSI SOL003 Adapter
+name: so-etsi-sol003-adapter
version: 8.0.0
mso:
key: {{ .Values.mso.key }}
site-name: localSite
- logPath: ./logs/vnfm-adapter
+ logPath: ./logs/etsi-sol003-adapter
config:
cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
key: {{ .Values.sdc.key }}
endpoint: https://sdc-be.{{ include "common.namespace" . }}:8443
vnfmadapter:
- endpoint: http://so-vnfm-adapter.{{ include "common.namespace" . }}:9092
+ endpoint: http://so-etsi-sol003-adapter.{{ include "common.namespace" . }}:9092
etsi-catalog-manager:
vnfpkgm:
{{- if .Values.global.msbEnabled }}
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/vnfm-adapter:1.7.11
+image: onap/so/so-etsi-sol003-adapter:1.8.2
pullPolicy: Always
aaf:
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 9092
-logPath: ./logs/vnfm-adapter/
-app: vnfm-adapter
+logPath: ./logs/etsi-sol003-adapter/
+app: etsi-sol003-adapter
service:
type: NodePort
internalPort: *containerPort
externalPort: *containerPort
nodePort: "06"
- portName: so-vnfm-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-vnfm-cert-init
+ nameOverride: so-etsi-sol003-cert-init
certInitializer:
- nameOverride: so-vnfm-cert-init
+ nameOverride: so-etsi-sol003-cert-init
credsPath: /opt/app/osaaf/local
cadi:
apiEnforcement: org.onap.so.vnfmAdapterPerm
ingress:
enabled: false
service:
- - baseaddr: "sovnfmadapter"
- name: "so-vnfm-adapter"
+ - baseaddr: "soetsisol003adapter"
+ name: "so-etsi-sol003-adapter"
port: 9092
config:
ssl: "redirect"
apiVersion: v1
appVersion: "1.0"
description: A Helm chart for Kubernetes
-name: so-vfc-adapter
+name: so-etsi-sol005-adapter
version: 8.0.0
max-threads: 50
mso:
site-name: localSite
- logPath: ./logs/vfc
+ logPath: ./logs/etsi-sol005-adapter
config:
cadi: {{ include "so.cadi.keys" . | nindent 8}}
msb-ip: msb-iag
--- /dev/null
+{{/*
+# Copyright © 2020 Samsung Electronics
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+{{ include "common.secretFast" . }}
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/vfc-adapter:1.7.11
+image: onap/so/so-etsi-sol005-adapter:1.8.3
pullPolicy: Always
db:
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8084
-logPath: ./logs/vfc/
-app: vfc-adapter
+logPath: ./logs/etsi-sol005-adapter/
+app: etsi-sol005-adapter
service:
type: ClusterIP
internalPort: *containerPort
externalPort: *containerPort
- portName: so-vfc-port
+ portName: http
updateStrategy:
type: RollingUpdate
maxUnavailable: 1
# soHelpers part
#################################################################
soHelpers:
- nameOverride: so-vfc-cert-init
+ nameOverride: so-etsi-sol005-cert-init
certInitializer:
- nameOverride: so-vfc-cert-init
+ nameOverride: so-etsi-sol005-cert-init
credsPath: /opt/app/osaaf/local
cadi:
apiEnforcement: org.onap.so.vfcAdapterPerm
# ============LICENSE_START==========================================
# ===================================================================
# Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+#
# ===================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
cd /docker-entrypoint-initdb.d/db-sql-scripts
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.10.0.sql || exit 1
-mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.10.0.sql || exit 1
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_engine_7.14.0.sql || exit 1
+mysql -uroot -p$MYSQL_ROOT_PASSWORD -f < mariadb_identity_7.14.0.sql || exit 1
echo "Created camundabpmn database . . ." 1>>/tmp/mariadb-camundabpmn.log 2>&1
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
insert into ACT_GE_PROPERTY
values ('startup.lock', '0', 1);
+insert into ACT_GE_PROPERTY
+values ('telemetry.lock', '0', 1);
+
+insert into ACT_GE_PROPERTY
+values ('installationId.lock', '0', 1);
+
create table ACT_GE_BYTEARRAY (
ID_ varchar(64),
REV_ integer,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+create table ACT_GE_SCHEMA_LOG (
+ ID_ varchar(64),
+ TIMESTAMP_ datetime(3),
+ VERSION_ varchar(255),
+ primary key (ID_)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
+
+insert into ACT_GE_SCHEMA_LOG
+values ('0', CURRENT_TIMESTAMP, '7.14.0');
+
create table ACT_RE_DEPLOYMENT (
ID_ varchar(64),
NAME_ varchar(255),
- DEPLOY_TIME_ timestamp(3),
+ DEPLOY_TIME_ datetime(3),
SOURCE_ varchar(255),
TENANT_ID_ varchar(64),
primary key (ID_)
ID_ varchar(64) NOT NULL,
REV_ integer,
TYPE_ varchar(255) NOT NULL,
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
LOCK_OWNER_ varchar(255),
EXCLUSIVE_ boolean,
EXECUTION_ID_ varchar(64),
RETRIES_ integer,
EXCEPTION_STACK_ID_ varchar(64),
EXCEPTION_MSG_ varchar(4000),
- DUEDATE_ timestamp(3) NULL,
+ FAILED_ACT_ID_ varchar(255),
+ DUEDATE_ datetime(3) NULL,
REPEAT_ varchar(255),
+ REPEAT_OFFSET_ bigint DEFAULT 0,
HANDLER_TYPE_ varchar(255),
HANDLER_CFG_ varchar(4000),
DEPLOYMENT_ID_ varchar(64),
SUSPENSION_STATE_ integer,
JOB_PRIORITY_ bigint,
TENANT_ID_ varchar(64),
+ DEPLOYMENT_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
ASSIGNEE_ varchar(255),
DELEGATION_ varchar(64),
PRIORITY_ integer,
- CREATE_TIME_ timestamp(3),
+ CREATE_TIME_ datetime(3),
DUE_DATE_ datetime(3),
FOLLOW_UP_DATE_ datetime(3),
SUSPENSION_STATE_ integer,
NAME_ varchar(255) not null,
EXECUTION_ID_ varchar(64),
PROC_INST_ID_ varchar(64),
+ PROC_DEF_ID_ varchar(64),
CASE_EXECUTION_ID_ varchar(64),
CASE_INST_ID_ varchar(64),
TASK_ID_ varchar(64),
+ BATCH_ID_ varchar(64),
BYTEARRAY_ID_ varchar(64),
DOUBLE_ double,
LONG_ bigint,
PROC_INST_ID_ varchar(64),
ACTIVITY_ID_ varchar(255),
CONFIGURATION_ varchar(255),
- CREATED_ timestamp(3) not null,
+ CREATED_ datetime(3) not null,
TENANT_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
create table ACT_RU_INCIDENT (
ID_ varchar(64) not null,
REV_ integer not null,
- INCIDENT_TIMESTAMP_ timestamp(3) not null,
+ INCIDENT_TIMESTAMP_ datetime(3) not null,
INCIDENT_MSG_ varchar(4000),
INCIDENT_TYPE_ varchar(255) not null,
EXECUTION_ID_ varchar(64),
ACTIVITY_ID_ varchar(255),
+ FAILED_ACTIVITY_ID_ varchar(255),
PROC_INST_ID_ varchar(64),
PROC_DEF_ID_ varchar(64),
CAUSE_INCIDENT_ID_ varchar(64),
RESOURCE_TYPE_ integer not null,
RESOURCE_ID_ varchar(255),
PERMS_ integer,
+ REMOVAL_TIME_ datetime(3),
+ ROOT_PROC_INST_ID_ varchar(64),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
NAME_ varchar(64) not null,
REPORTER_ varchar(255),
VALUE_ bigint,
- TIMESTAMP_ timestamp(3),
+ TIMESTAMP_ datetime(3),
MILLISECONDS_ bigint DEFAULT 0,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
RETRIES_ integer,
ERROR_MSG_ varchar(4000),
ERROR_DETAILS_ID_ varchar(64),
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
SUSPENSION_STATE_ integer,
EXECUTION_ID_ varchar(64),
PROC_INST_ID_ varchar(64),
create index ACT_IDX_EXEC_TENANT_ID on ACT_RU_EXECUTION(TENANT_ID_);
create index ACT_IDX_TASK_CREATE on ACT_RU_TASK(CREATE_TIME_);
create index ACT_IDX_TASK_ASSIGNEE on ACT_RU_TASK(ASSIGNEE_);
+create index ACT_IDX_TASK_OWNER on ACT_RU_TASK(OWNER_);
create index ACT_IDX_TASK_TENANT_ID on ACT_RU_TASK(TENANT_ID_);
create index ACT_IDX_IDENT_LNK_USER on ACT_RU_IDENTITYLINK(USER_ID_);
create index ACT_IDX_IDENT_LNK_GROUP on ACT_RU_IDENTITYLINK(GROUP_ID_);
create index ACT_IDX_EVENT_SUBSCR_CONFIG_ on ACT_RU_EVENT_SUBSCR(CONFIGURATION_);
create index ACT_IDX_EVENT_SUBSCR_TENANT_ID on ACT_RU_EVENT_SUBSCR(TENANT_ID_);
+
create index ACT_IDX_VARIABLE_TASK_ID on ACT_RU_VARIABLE(TASK_ID_);
create index ACT_IDX_VARIABLE_TENANT_ID on ACT_RU_VARIABLE(TENANT_ID_);
+create index ACT_IDX_VARIABLE_TASK_NAME_TYPE on ACT_RU_VARIABLE(TASK_ID_, NAME_, TYPE_);
+
create index ACT_IDX_ATHRZ_PROCEDEF on ACT_RU_IDENTITYLINK(PROC_DEF_ID_);
create index ACT_IDX_INC_CONFIGURATION on ACT_RU_INCIDENT(CONFIGURATION_);
create index ACT_IDX_INC_TENANT_ID on ACT_RU_INCIDENT(TENANT_ID_);
foreign key (BATCH_JOB_DEF_ID_)
references ACT_RU_JOBDEF (ID_);
+create index ACT_IDX_BATCH_ID ON ACT_RU_VARIABLE(BATCH_ID_);
+alter table ACT_RU_VARIABLE
+ add constraint ACT_FK_VAR_BATCH
+ foreign key (BATCH_ID_)
+ references ACT_RU_BATCH (ID_);
+
-- indexes for deadlock problems - https://app.camunda.com/jira/browse/CAM-2567 --
create index ACT_IDX_INC_CAUSEINCID on ACT_RU_INCIDENT(CAUSE_INCIDENT_ID_);
create index ACT_IDX_INC_EXID on ACT_RU_INCIDENT(EXECUTION_ID_);
create index ACT_IDX_PROCDEF_DEPLOYMENT_ID ON ACT_RE_PROCDEF(DEPLOYMENT_ID_);
create index ACT_IDX_PROCDEF_TENANT_ID ON ACT_RE_PROCDEF(TENANT_ID_);
create index ACT_IDX_PROCDEF_VER_TAG ON ACT_RE_PROCDEF(VERSION_TAG_);
+
+-- indices for history cleanup: https://jira.camunda.com/browse/CAM-11616
+create index ACT_IDX_AUTH_ROOT_PI on ACT_RU_AUTHORIZATION(ROOT_PROC_INST_ID_);
+create index ACT_IDX_AUTH_RM_TIME on ACT_RU_AUTHORIZATION(REMOVAL_TIME_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_CASE_DEF_TENANT_ID on ACT_RE_CASE_DEF(TENANT_ID_);
create index ACT_IDX_CASE_EXEC_TENANT_ID on ACT_RU_CASE_EXECUTION(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_DEC_DEF_REQ_ID on ACT_RE_DECISION_DEF(DEC_REQ_ID_);
create index ACT_IDX_DEC_REQ_DEF_TENANT_ID on ACT_RE_DECISION_REQ_DEF(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
CALL_CASE_INST_ID_ varchar(64),
ACT_NAME_ varchar(255),
ACT_TYPE_ varchar(255) not null,
- ASSIGNEE_ varchar(64),
+ ASSIGNEE_ varchar(255),
START_TIME_ datetime(3) not null,
END_TIME_ datetime(3),
DURATION_ bigint,
TENANT_ID_ varchar(64),
OPERATION_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
+ INITIAL_ boolean,
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
NEW_VALUE_ varchar(4000),
TENANT_ID_ varchar(64),
REMOVAL_TIME_ datetime(3),
+ CATEGORY_ varchar(64),
+ EXTERNAL_TASK_ID_ varchar(64),
+ ANNOTATION_ varchar(4000),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
INCIDENT_MSG_ varchar(4000),
INCIDENT_TYPE_ varchar(255) not null,
ACTIVITY_ID_ varchar(255),
+ FAILED_ACTIVITY_ID_ varchar(255),
CAUSE_INCIDENT_ID_ varchar(64),
ROOT_CAUSE_INCIDENT_ID_ varchar(64),
CONFIGURATION_ varchar(255),
+ HISTORY_CONFIGURATION_ varchar(255),
INCIDENT_STATE_ integer,
TENANT_ID_ varchar(64),
JOB_DEF_ID_ varchar(64),
create table ACT_HI_JOB_LOG (
ID_ varchar(64) not null,
- TIMESTAMP_ timestamp(3) not null,
+ TIMESTAMP_ datetime(3) not null,
JOB_ID_ varchar(64) not null,
- JOB_DUEDATE_ timestamp(3) NULL,
+ JOB_DUEDATE_ datetime(3) NULL,
JOB_RETRIES_ integer,
JOB_PRIORITY_ bigint NOT NULL DEFAULT 0,
JOB_EXCEPTION_MSG_ varchar(4000),
JOB_DEF_TYPE_ varchar(255),
JOB_DEF_CONFIGURATION_ varchar(255),
ACT_ID_ varchar(255),
+ FAILED_ACT_ID_ varchar(255),
ROOT_PROC_INST_ID_ varchar(64),
EXECUTION_ID_ varchar(64),
PROCESS_INSTANCE_ID_ varchar(64),
DEPLOYMENT_ID_ varchar(64),
SEQUENCE_COUNTER_ bigint,
TENANT_ID_ varchar(64),
+ HOSTNAME_ varchar(255),
REMOVAL_TIME_ datetime(3),
primary key (ID_)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_bin;
create index ACT_IDX_HI_PRO_INST_RM_TIME on ACT_HI_PROCINST(REMOVAL_TIME_);
create index ACT_IDX_HI_ACTINST_ROOT_PI on ACT_HI_ACTINST(ROOT_PROC_INST_ID_);
-create index ACT_IDX_HI_ACT_INST_START on ACT_HI_ACTINST(START_TIME_);
+create index ACT_IDX_HI_ACT_INST_START_END on ACT_HI_ACTINST(START_TIME_, END_TIME_);
create index ACT_IDX_HI_ACT_INST_END on ACT_HI_ACTINST(END_TIME_);
create index ACT_IDX_HI_ACT_INST_PROCINST on ACT_HI_ACTINST(PROC_INST_ID_, ACT_ID_);
create index ACT_IDX_HI_ACT_INST_COMP on ACT_HI_ACTINST(EXECUTION_ID_, ACT_ID_, END_TIME_, ID_);
create index ACT_IDX_HI_DETAIL_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_);
create index ACT_IDX_HI_DETAIL_RM_TIME on ACT_HI_DETAIL(REMOVAL_TIME_);
create index ACT_IDX_HI_DETAIL_TASK_BYTEAR on ACT_HI_DETAIL(BYTEARRAY_ID_, TASK_ID_);
+create index ACT_IDX_HI_DETAIL_VAR_INST_ID on ACT_HI_DETAIL(VAR_INST_ID_);
create index ACT_IDX_HI_IDENT_LNK_ROOT_PI on ACT_HI_IDENTITYLINK(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_IDENT_LNK_USER on ACT_HI_IDENTITYLINK(USER_ID_);
create index ACT_IDX_HI_IDENT_LNK_PROC_DEF_KEY on ACT_HI_IDENTITYLINK(PROC_DEF_KEY_);
create index ACT_IDX_HI_IDENT_LINK_TASK on ACT_HI_IDENTITYLINK(TASK_ID_);
create index ACT_IDX_HI_IDENT_LINK_RM_TIME on ACT_HI_IDENTITYLINK(REMOVAL_TIME_);
+create index ACT_IDX_HI_IDENT_LNK_TIMESTAMP on ACT_HI_IDENTITYLINK(TIMESTAMP_);
create index ACT_IDX_HI_VARINST_ROOT_PI on ACT_HI_VARINST(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_PROCVAR_PROC_INST on ACT_HI_VARINST(PROC_INST_ID_);
create index ACT_IDX_HI_VAR_INST_PROC_DEF_KEY on ACT_HI_VARINST(PROC_DEF_KEY_);
create index ACT_IDX_HI_VARINST_BYTEAR on ACT_HI_VARINST(BYTEARRAY_ID_);
create index ACT_IDX_HI_VARINST_RM_TIME on ACT_HI_VARINST(REMOVAL_TIME_);
+create index ACT_IDX_HI_VAR_PI_NAME_TYPE on ACT_HI_VARINST(PROC_INST_ID_, NAME_, VAR_TYPE_);
create index ACT_IDX_HI_INCIDENT_TENANT_ID on ACT_HI_INCIDENT(TENANT_ID_);
create index ACT_IDX_HI_INCIDENT_PROC_DEF_KEY on ACT_HI_INCIDENT(PROC_DEF_KEY_);
create index ACT_IDX_HI_INCIDENT_ROOT_PI on ACT_HI_INCIDENT(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_INCIDENT_PROCINST on ACT_HI_INCIDENT(PROC_INST_ID_);
create index ACT_IDX_HI_INCIDENT_RM_TIME on ACT_HI_INCIDENT(REMOVAL_TIME_);
+create index ACT_IDX_HI_INCIDENT_CREATE_TIME on ACT_HI_INCIDENT(CREATE_TIME_);
+create index ACT_IDX_HI_INCIDENT_END_TIME on ACT_HI_INCIDENT(END_TIME_);
create index ACT_IDX_HI_JOB_LOG_ROOT_PI on ACT_HI_JOB_LOG(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_JOB_LOG_PROCINST on ACT_HI_JOB_LOG(PROCESS_INSTANCE_ID_);
create index ACT_IDX_HI_JOB_LOG_PROC_DEF_KEY on ACT_HI_JOB_LOG(PROCESS_DEF_KEY_);
create index ACT_IDX_HI_JOB_LOG_EX_STACK on ACT_HI_JOB_LOG(JOB_EXCEPTION_STACK_ID_);
create index ACT_IDX_HI_JOB_LOG_RM_TIME on ACT_HI_JOB_LOG(REMOVAL_TIME_);
+create index ACT_IDX_HI_JOB_LOG_JOB_CONF on ACT_HI_JOB_LOG(JOB_DEF_CONFIGURATION_);
create index ACT_HI_BAT_RM_TIME on ACT_HI_BATCH(REMOVAL_TIME_);
create index ACT_IDX_HI_OP_LOG_TASK on ACT_HI_OP_LOG(TASK_ID_);
create index ACT_IDX_HI_OP_LOG_RM_TIME on ACT_HI_OP_LOG(REMOVAL_TIME_);
create index ACT_IDX_HI_OP_LOG_TIMESTAMP on ACT_HI_OP_LOG(TIMESTAMP_);
+create index ACT_IDX_HI_OP_LOG_USER_ID on ACT_HI_OP_LOG(USER_ID_);
+create index ACT_IDX_HI_OP_LOG_OP_TYPE on ACT_HI_OP_LOG(OPERATION_TYPE_);
+create index ACT_IDX_HI_OP_LOG_ENTITY_TYPE on ACT_HI_OP_LOG(ENTITY_TYPE_);
create index ACT_IDX_HI_COMMENT_TASK on ACT_HI_COMMENT(TASK_ID_);
create index ACT_IDX_HI_COMMENT_ROOT_PI on ACT_HI_COMMENT(ROOT_PROC_INST_ID_);
create index ACT_IDX_HI_ATTACHMENT_TASK on ACT_HI_ATTACHMENT(TASK_ID_);
create index ACT_IDX_HI_ATTACHMENT_RM_TIME on ACT_HI_ATTACHMENT(REMOVAL_TIME_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
create index ACT_IDX_HI_CAS_A_I_CASEINST on ACT_HI_CASEACTINST(CASE_INST_ID_, CASE_ACT_ID_);
create index ACT_IDX_HI_CAS_A_I_TENANT_ID on ACT_HI_CASEACTINST(TENANT_ID_);
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
--
--- Copyright © 2012 - 2018 camunda services GmbH and various authors (info@camunda.com)
---
--- Licensed under the Apache License, Version 2.0 (the "License");
--- you may not use this file except in compliance with the License.
+-- Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+-- under one or more contributor license agreements. See the NOTICE file
+-- distributed with this work for additional information regarding copyright
+-- ownership. Camunda licenses this file to you under the Apache License,
+-- Version 2.0; you may not use this file except in compliance with the License.
-- You may obtain a copy of the License at
--
-- http://www.apache.org/licenses/LICENSE-2.0
EMAIL_ varchar(255),
PWD_ varchar(255),
SALT_ varchar(255),
- LOCK_EXP_TIME_ timestamp(3) NULL,
+ LOCK_EXP_TIME_ datetime(3) NULL,
ATTEMPTS_ integer,
PICTURE_ID_ varchar(64),
primary key (ID_)
mso:
site-name: localSite
- logPath: ./logs/nssmf
+ logPath: ./logs/nssmf-adapter
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
adapters:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/nssmf-adapter:1.7.11
+image: onap/so/so-nssmf-adapter:1.8.3
pullPolicy: Always
db:
replicaCount: 1
minReadySeconds: 10
containerPort: &containerPort 8088
-logPath: ./logs/nssmf/
+logPath: ./logs/nssmf-adapter/
app: nssmf-adapter
service:
type: ClusterIP
mso:
site-name: localSite
- logPath: ./logs/oof
+ logPath: ./logs/oof-adapter
msb-ip: msb-iag.{{ include "common.namespace" . }}
msb-port: 80
msoKey: ${MSO_KEY}
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/so-oof-adapter:1.7.11
+image: onap/so/so-oof-adapter:1.8.3
pullPolicy: Always
mso:
containerPort: &containerPort 8090
minReadySeconds: 10
containerPort: *containerPort
-logPath: ./logs/oof/
+logPath: ./logs/oof-adapter/
app: so-oof-adapter
service:
type: ClusterIP
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/openstack-adapter:1.7.11
+image: onap/so/openstack-adapter:1.8.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/request-db-adapter:1.7.11
+image: onap/so/request-db-adapter:1.8.1
pullPolicy: Always
db:
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdc-controller:1.7.11
+image: onap/so/sdc-controller:1.8.1
pullPolicy: Always
db:
server:
port: {{ index .Values.containerPort }}
mso:
+ msoKey: ${MSO_KEY}
+ auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" "${AAF_AUTH}" "value2" "${MSO_AUTH}" )}}
async:
core-pool-size: 50
max-pool-size: 50
db:
auth: {{ include "so.helpers.profileProperty" (dict "condition" .Values.global.security.aaf.enabled "value1" .Values.global.aaf.auth.header "value2" .Values.mso.adapters.requestDb.auth )}}
site-name: onapheat
+ #needs to be confirmed TODO
+ workflow:
+ endpoint: http://so-bpmn-infra.{{ include "common.namespace" . }}:8081/sobpmnengine
org:
onap:
so:
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "login") | indent 10 }}
- name: DB_ADMIN_PASSWORD
{{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "db-admin-creds" "key" "password") | indent 10 }}
+ - name: MSO_KEY
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-key" "key" "password") | indent 10 }}
+ - name: MSO_AUTH
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-mso-auth" "key" "password") | indent 10 }}
+ - name: AAF_AUTH
+ {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "sdnc-adapter-aaf-auth" "key" "password") | indent 10 }}
{{ include "so.certificates.env" . | indent 8 | trim }}
envFrom:
- configMapRef:
aaf:
auth:
header: Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1Ngo=
+ encrypted: 3EDC974C5CD7FE54C47C7490AF4D3B474CDD7D0FFA35A7ACDE3E209631E45F428976EAC0858874F17390A13149E63C90281DD8D20456
+ #encryptedSecret: some secret
mariadbGalera:
serviceName: mariadb-galera
servicePort: '3306'
login: '{{ .Values.db.adminName }}'
password: '{{ .Values.db.adminPassword }}'
passwordPolicy: required
-
+ - uid: sdnc-adapter-mso-key
+ name: '{{ include "common.release" . }}-so-sdnc-mso-key'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.msoKeySecret) . }}'
+ password: '{{ .Values.mso.msoKey }}'
+ - uid: sdnc-adapter-aaf-auth
+ name: '{{ include "common.release" . }}-so-sdnc-aaf-auth'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.global.aaf.auth.encryptedSecret) . }}'
+ password: '{{ .Values.global.aaf.auth.encrypted }}'
+ - uid: sdnc-adapter-mso-auth
+ name: '{{ include "common.release" . }}-so-sdnc-mso-auth'
+ type: password
+ externalSecret: '{{ tpl (default "" .Values.mso.authSecret) . }}'
+ password: '{{ .Values.mso.auth }}'
#secretsFilePaths: |
# - 'my file 1'
# - '{{ include "templateThatGeneratesFileName" . }}'
#################################################################
# Application configuration defaults.
#################################################################
-image: onap/so/sdnc-adapter:1.7.11
+image: onap/so/sdnc-adapter:1.8.1
pullPolicy: Always
org:
network:
encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
mso:
+ msoKey: 07a7159d3bf51a0e53be7a8f89699be7
+ #msoKeySecret: some secret
+ auth: BEA8637716A7EB617DF472BA6552D22F68C1CB17B0D094D77DDA562F4ADAAC4457CAB848E1A4
+ #authSecret: some secret
adapters:
requestDb:
auth: Basic YnBlbDpwYXNzd29yZDEk
- name: soHelpers
version: ~8.x-0
repository: 'file://components/soHelpers'
+ - name: so-admin-cockpit
+ version: ~8.x-0
+ repository: 'file://components/so-admin-cockpit'
+ condition: so-admin-cockpit.enabled
- name: so-appc-orchestrator
version: ~8.x-0
repository: 'file://components/so-appc-orchestrator'
version: ~8.x-0
repository: 'file://components/so-etsi-nfvo-ns-lcm'
condition: so-etsi-nfvo-ns-lcm.enabled
+ - name: so-etsi-sol003-adapter
+ version: ~8.x-0
+ repository: 'file://components/so-etsi-sol003-adapter'
+ condition: so-etsi-sol003-adapter.enabled
- name: so-mariadb
version: ~8.x-0
repository: 'file://components/so-mariadb'
- - name: so-monitoring
- version: ~8.x-0
- repository: 'file://components/so-monitoring'
- condition: so-monitoring.enabled
- name: so-nssmf-adapter
version: ~8.x-0
repository: 'file://components/so-nssmf-adapter'
version: ~8.x-0
repository: 'file://components/so-ve-vnfm-adapter'
condition: so-ve-vnfm-adapter.enabled
- - name: so-vfc-adapter
- version: ~8.x-0
- repository: 'file://components/so-vfc-adapter'
- condition: so-vfc-adapter.enabled
- - name: so-vnfm-adapter
+ - name: so-etsi-sol005-adapter
version: ~8.x-0
- repository: 'file://components/so-vnfm-adapter'
- condition: so-vnfm-adapter.enabled
+ repository: 'file://components/so-etsi-sol005-adapter'
+ condition: so-etsi-sol005-adapter.enabled
userName: so_user
adminName: so_admin
-image: onap/so/api-handler-infra:1.7.11
+image: onap/so/api-handler-infra:1.8.1
server:
aaf:
userCredsExternalSecret: *dbUserCredsSecretName
adminCredsExternalSecret: *dbAdminCredsSecretName
-so-monitoring:
+so-admin-cockpit:
enabled: true
db:
<<: *dbSecrets
enabled: true
db:
<<: *dbSecrets
+ mso:
+ msoKeySecret: *mso-key
so-ve-vnfm-adapter:
enabled: false
-so-vfc-adapter:
+so-etsi-sol005-adapter:
enabled: true
db:
<<: *dbSecrets
-so-vnfm-adapter:
+so-etsi-sol003-adapter:
enabled: true
# application image
repository: nexus3.onap.org:10001
-image: onap/usecase-ui-server:3.0.7
+image: onap/usecase-ui-server:4.0.1
pullPolicy: Always
# application configuration
flavor: small
# application image
-image: onap/usecase-ui:3.0.6
+image: onap/usecase-ui:4.0.1
pullPolicy: Always
# application configuration
[testenv:docs]
deps = -rdocs/requirements-docs.txt
commands =
- sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
+ sphinx-build -q -W -b html -n -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/html
[testenv:docs-linkcheck]
deps = -rdocs/requirements-docs.txt
-commands = sphinx-build -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
+commands = sphinx-build -q -W -b linkcheck -d {envtmpdir}/doctrees ./docs/ {toxinidir}/docs/_build/linkcheck
[testenv:spelling]
#basepython = python3
commands =
gitlint
+[testenv:checkbashisms]
+deps =
+whitelist_externals = sh
+ find
+ checkbashisms
+commands =
+ sh -c 'which checkbashisms>/dev/null || sudo yum install devscripts-minimal || sudo apt-get install devscripts \
+ || (echo "checkbashisms command not found - please install it (e.g. sudo apt-get install devscripts | \
+ yum install devscripts-minimal )" >&2 && exit 1)'
+ find . -not -path '*/\.*' -name *.sh -exec checkbashisms -f \{\} +
+
[testenv:autopep8]
deps = autopep8
commands =
Code Review / oom.git / commitdiff