ChrisC [Wed, 19 Feb 2020 08:45:54 +0000 (09:45 +0100)]
HTTPS/AAF auto cert gen for Portal SDK
integrate portal-sdk with AAF agent init container.
add pv to store init-container certs generated at startup.
add aafEnabled flag to switch on/off aaf integration.
modify tomcat startup to load p12 and enable HTTPS based on flag.
Issue-ID: PORTAL-261
Signed-off-by: ChrisC <christophe.closset@intl.att.com>
Change-Id: Ia2b05b8661bf9e0c03a60467212e80d1c9d02bac
Sebastien Premont-Tendland [Mon, 17 Feb 2020 16:32:15 +0000 (11:32 -0500)]
Cluster Distributed lock service integration with OOM.
Disabled by default. In order to enable cluster replicaCount
should be higher than 2 and useScriptCompileCache is set to false.
We need to disable script compile cache otherwise there is
issue with updating CBA when running multiple replicas of
blueprint processor.
Issue-ID: CCSDK-2011
Signed-off-by: Sebastien Premont-Tendland <sebastien.premont@bell.ca>
Change-Id: I6f6071556eb499832f9a765ba4c27100497c6e88
Mike Elliott [Tue, 18 Feb 2020 17:26:35 +0000 (17:26 +0000)]
Merge "Fix yamllint error in info file"
Aric Gardner [Mon, 17 Feb 2020 16:38:46 +0000 (11:38 -0500)]
Fix yamllint error in info file
Each changes item needs its own list
this can be seen in the changed code
Also, remove other repositories.
Each repository in ONAP requires its own info file
and so we cannot include multiple repos in a single
info file
Issue-ID: CIMAN-33
Signed-off-by: Aric Gardner <agardner@linuxfoundation.org>
Change-Id: Id23288f9a5bddd3f0a1f52d56d072ef90b8a8f9b
Krzysztof Opasiak [Tue, 18 Feb 2020 14:20:35 +0000 (14:20 +0000)]
Merge "[SO] Enable use of Keystone v3"
James Forsyth [Tue, 18 Feb 2020 13:54:22 +0000 (13:54 +0000)]
Update git submodules
* Update kubernetes/aai from branch 'master'
to
23f076495d36081f34a367067918d15fcc5ada8d
- Merge "Add ingress controler support to AAI"
- Add ingress controler support to AAI
Issue-ID: OOM-2171
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Change-Id: I9afdae36aa9afd1f80f88b5bb3a15935f9335a93
Krzysztof Opasiak [Tue, 18 Feb 2020 12:38:57 +0000 (12:38 +0000)]
Merge "[SDC] Change default access mode for cert PVC"
Sylvain Desbureaux [Tue, 18 Feb 2020 08:20:05 +0000 (08:20 +0000)]
Merge "Removed use of vfc-redis from etsicatalog component"
Krzysztof Opasiak [Mon, 17 Feb 2020 13:03:18 +0000 (13:03 +0000)]
Merge "[DMaaP MR] Remove "lost+found" in kafka PVC"
Krzysztof Opasiak [Mon, 17 Feb 2020 13:00:40 +0000 (13:00 +0000)]
Merge "DNS test server for ingress controller"
Krzysztof Opasiak [Mon, 17 Feb 2020 12:58:44 +0000 (12:58 +0000)]
Merge "[COMMON] fix primary PVC for postgres template"
Lucjan Bryndza [Thu, 6 Feb 2020 14:20:24 +0000 (15:20 +0100)]
DNS test server for ingress controller
Testing ingress controller based on virtual hosts
requires a lot of entries in the /etc/hosts.
The better way is to create DNS server for testing purposes.
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: OOM-2289
Change-Id: I2ab104c7391e9634972931ac7e79bec5711d2b39
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Sylvain Desbureaux [Mon, 17 Feb 2020 07:47:56 +0000 (07:47 +0000)]
Merge "[VID] Don't hardcode mariadb-galera password"
Krzysztof Opasiak [Sat, 8 Feb 2020 00:04:48 +0000 (01:04 +0100)]
[VID] Don't hardcode mariadb-galera password
Let's use common secret template to generate user credentials for VID
DB and depend on mariadb-galera to generate secure enough root
password.
Issue-ID: OOM-2293
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ib474e202e9e35e6b2959d29648f542a89c87a4e5
Morgan Richomme [Fri, 14 Feb 2020 13:15:28 +0000 (13:15 +0000)]
Merge "[AAF] Loosen the limits for some AAF Components"
Sylvain Desbureaux [Fri, 14 Feb 2020 12:48:09 +0000 (13:48 +0100)]
Add new committer to INFO.yaml
Updating to include Krzysztof Opasiak as new commiter.
Issue-ID: OOM-1980
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ied757ed38935d87134286e474e67978e849e1fd2
Sylvain Desbureaux [Fri, 14 Feb 2020 12:43:28 +0000 (13:43 +0100)]
[COMMON] fix primary PVC for postgres template
The last line of the template rewrites PVC storage class and thus the
behavior is not the expected one.
This patch removes the faulty (and unecessary) line.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Ia0e2f6fbd7d40bbf0de719bbf35f0f0424e1a076
Sylvain Desbureaux [Thu, 13 Feb 2020 10:08:06 +0000 (11:08 +0100)]
[SO] Enable use of Keystone v3
SO can handle keystone v3 but override file must be capable to handle
this.
If openStackKeystoneVersion is set to "KEYSTONE_V3" in
so-catalog-db-adapter config part, SO will be able to use keystone v3
for OpenStack
Issue-ID: OOM-2221
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I14db318d25842a08ef380f6edb708e26dae050ad
Sylvain Desbureaux [Thu, 13 Feb 2020 08:09:18 +0000 (08:09 +0000)]
Merge "Fix external secret name in mariadb-init"
Sylvain Desbureaux [Wed, 12 Feb 2020 16:41:18 +0000 (17:41 +0100)]
[AAF] Loosen the limits for some AAF Components
aaf-locate anf aaf-cm limits may have been a bit too stringent.
giving some space to these components
Issue-ID: OOM-2230
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Id295f3e42bd7220144e5990322e9e6043e087e0e
Sylvain Desbureaux [Thu, 13 Feb 2020 07:31:29 +0000 (07:31 +0000)]
Merge "Fix the wrong MSB_PROTO env value"
Krzysztof Opasiak [Sat, 8 Feb 2020 00:07:21 +0000 (01:07 +0100)]
Fix external secret name in mariadb-init
mariadb-init chart should play nicely with mariadb-galera as it
simplifies migration to common mariadb instance.
Unfortunately after adding the support for common secret template I
didn't pay enough attention to consistent naming convention and
mariadb-galera and mariadb-init chart ended up being incompatible. To
fix that let's just rename the mariadb-init chart config option to
match exactly the one used in mariadb-galera chart.
Issue-ID: OOM-2248
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I621804821292e2bd0b5b1dd3f010629d1cb5471f
Sylvain Desbureaux [Thu, 13 Feb 2020 07:28:23 +0000 (07:28 +0000)]
Merge "Fix multicloud logging issue"
jimmy [Wed, 12 Feb 2020 19:24:04 +0000 (14:24 -0500)]
Update git submodules
* Update kubernetes/aai from branch 'master'
to
764cd8514707c1630dbfa6792b8d15953d5b9a59
- Use v1.6.4 of resources
Issue-ID: AAI-2796
Change-Id: I865ce2259fe7112c60ca9ab6ab6a6222b20f0527
Signed-off-by: Jimmy Forsyth <jf2512@att.com>
Jack Lucas [Mon, 23 Sep 2019 13:02:31 +0000 (09:02 -0400)]
Pick up new tls init container
Remove unneeded dashboard inputs file
Prepend release name to filebeat configmap name
Issue-ID: DCAEGEN2-917
Issue-ID: DCAEGEN2-1923
Issue-ID: DCAEGEN2-1805
Signed-off-by: Jack Lucas <jflucas@research.att.com>
Change-Id: I53ef20046d7e16c4e0a2defd41c846d91af4ec09
Morgan Richomme [Wed, 12 Feb 2020 13:22:47 +0000 (13:22 +0000)]
Merge "Make use msb iag with https"
Sylvain Desbureaux [Wed, 12 Feb 2020 08:52:35 +0000 (08:52 +0000)]
Merge "Enable underscore in headers in nginx config"
yangyan [Thu, 6 Feb 2020 02:27:01 +0000 (10:27 +0800)]
Make use msb iag with https
Change-Id: I8602f2cbe425a061470e62d2a6fc490904f42256
Issue-ID: VFC-1601
Signed-off-by: yangyan <yangyanyj@chinamobile.com>
Sylvain Desbureaux [Wed, 12 Feb 2020 07:34:22 +0000 (07:34 +0000)]
Merge "These OOM changes are related AAF Integration"
Sylvain Desbureaux [Wed, 12 Feb 2020 07:32:03 +0000 (07:32 +0000)]
Merge "Sync up the properties file with current CDS version."
Morgan Richomme [Mon, 10 Feb 2020 21:06:33 +0000 (21:06 +0000)]
Merge "[APPC] Fix APPC health check failure"
mrichomme [Mon, 10 Feb 2020 16:08:49 +0000 (17:08 +0100)]
Update git submodules
* Update kubernetes/robot from branch 'master'
to
591bfdea4f1d833abee3c7e60f084da546d9082a
- Create INFO.yaml for testsuite/oom
same contributors than testsuite
Issue-ID: INT-1386
Signed-off-by: mrichomme <morgan.richomme@orange.com>
Change-Id: I37465c46dd5b025cf284157df4a12b140eb9d487
Krzysztof Opasiak [Mon, 10 Feb 2020 15:39:35 +0000 (16:39 +0100)]
[APPC] Fix APPC health check failure
In commit:
e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
startOdl.sh script has been updated to take the root password from the
environment variable. Unfortunately there was a typo in variable name
which resulted in using empty string instead of password.
Issue-ID: APPC-1830
Fixes:
e74ed5cd24d ("[APPC] Don't hardcode mariadb root password")
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I537e3e24ee4bbbc20d5ebc07dddd9f0d3cbe26d8
Sylvain Desbureaux [Mon, 10 Feb 2020 07:51:59 +0000 (07:51 +0000)]
Merge "Bump dmaap-dr image versions"
efiacor [Fri, 7 Feb 2020 19:02:15 +0000 (19:02 +0000)]
Bump dmaap-dr image versions
# Also, need to add ready check for aaf-cm
Change-Id: I757f56f5eaa79c1cbecec43aeb99f2701afd7fae
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1195
Krzysztof Opasiak [Fri, 7 Feb 2020 14:49:54 +0000 (15:49 +0100)]
[NBI] Don't hardcode mariadb-galera password
Let's use common secret template to generate user credentials for NBI
DB and depend on mariadb-galera to generate secure enough root
password.
BTW.
Don't be surprised for now mariadb-galera has a hardcoded root
password but as soon as we move all charts that use it to common
secret template it will be auto generated.
Issue-ID: OOM-2291
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I5d16f6c26aa63a46db98ba3dab3a76267b4049f1
Krzysztof Opasiak [Thu, 6 Feb 2020 16:04:05 +0000 (17:04 +0100)]
[COMMON] Remove pgpool
It seems that pgpool is never thus there is no need to spend
time moving it to common secret template
Issue-ID: OOM-2250
Change-Id: I237f9e01cec80bd47ff47c7eb4db282471cfad07
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Tue, 4 Feb 2020 20:16:50 +0000 (21:16 +0100)]
[COMMON] Use common secret template in postgres
Use common secret template for storing DB credentials
Issue-ID: OOM-2250
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ic640bba21a368cf3dd7d3a712abd13907b86a217
Sylvain Desbureaux [Fri, 7 Feb 2020 16:00:59 +0000 (16:00 +0000)]
Merge "[COMMON] Share deployment configuration in Postgres"
Sylvain Desbureaux [Fri, 7 Feb 2020 16:00:12 +0000 (16:00 +0000)]
Merge "[OOF] fix secret names for mariadb-galera"
Sylvain Desbureaux [Fri, 7 Feb 2020 15:54:48 +0000 (15:54 +0000)]
Merge "update DMaaP MR docker image version to 1.1.17"
Krzysztof Opasiak [Fri, 7 Feb 2020 14:07:04 +0000 (15:07 +0100)]
Update git submodules
* Update kubernetes/robot from branch 'master'
to
df719f4a3e63cff0d5d832945f0b8ba18230635c
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Change-Id: I3384bf30c663764339b0b41527ca4eb7168f0d49
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Ramesh Parthasarathy [Wed, 5 Feb 2020 17:02:28 +0000 (17:02 +0000)]
These OOM changes are related AAF Integration
Here we have the ability to optionally disable AAF integration.
A global variable global.security.aaf.enabled=true
will turn on AAF security. with global.security.aaf.enabled=false
it will use spring.security to ensure backward compatibilty. updated
based on review comments
Issue-ID: SO-2452
Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Change-Id: Ia83622ad681cfd122ee906ccd1654b10b5e31fe4
Krzysztof Opasiak [Tue, 4 Feb 2020 15:07:20 +0000 (16:07 +0100)]
[COMMON] Share deployment configuration in Postgres
When I did diff between deployment-primary and deployment-replica it
turned out that this is pretty much the same file apart from primary
and replica words.
To avoid making the same changes in both files, let's just introduce a
template that can be included with parameter.
Issue-ID: OOM-2246
Change-Id: Ia13b993b9f23008d6be6b3d0e8b745446048de4e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Thu, 6 Feb 2020 22:29:30 +0000 (23:29 +0100)]
[OOF] fix secret names for mariadb-galera
It looks like AAF issues masked my real mistakes of letting
some of oof services failing because of bad secret names.
Let's fix that quickly by just setting them to the corrent names
temporarly as later oof will be ported to use common secret template
anyway.
Issue-ID: OOM-2053
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I9de1804dbd5399df25a3ef98354f41d39d073bf7
Marek Szwalkiewicz [Thu, 6 Feb 2020 08:49:08 +0000 (08:49 +0000)]
Sync up the properties file with current CDS version.
File application.properties needs to be synced from time to time between oom charts and
original CDS code.
Issue-ID: CCSDK-1922
Change-Id: Id2a62ce92e8708b7352ca2d21b248b0887fcb5c8
Signed-off-by: Marek Szwalkiewicz <marek.szwalkiewicz@external.t-mobile.pl>
Borislav Glozman [Thu, 6 Feb 2020 08:46:04 +0000 (08:46 +0000)]
Merge "[COMMON] Create templates for services and PV"
efiacor [Wed, 5 Feb 2020 20:42:47 +0000 (20:42 +0000)]
Removing pass_enc_key from DMaaP prov props
# Also adding AAF ready check for dr-node
Change-Id: I7e6fc29a7f5607cc168f9fd61642a40a9185c55b
Signed-off-by: efiacor <fiachra.corcoran@est.tech>
Issue-ID: DMAAP-1367
Bin Yang [Wed, 5 Feb 2020 14:31:12 +0000 (22:31 +0800)]
Fix the wrong MSB_PROTO env value
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I128421b36def6e974cde12093717cfe9e78b5b5f
Sylvain Desbureaux [Wed, 5 Feb 2020 10:56:41 +0000 (11:56 +0100)]
[DMaaP MR] Remove "lost+found" in kafka PVC
When using a storage class, kafka data is set on top of a partition and
then 'lost+found' ext4 folder, which is automatically created, is seen
as a topic but with bad naming.
So we remove this folder in the init script.
Issue-ID: OOM-1227
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: I397e3d1f29fce9f6c77423ffa4375daffbd2a256
eHanan [Tue, 29 Oct 2019 13:51:29 +0000 (13:51 +0000)]
Fix multicloud logging issue
Change-Id: Icd3631e329b7834c716fd9299007e1644d139822
Issue-ID: OOM-2130
Signed-off-by: eHanan <eoin.hanan@est.tech>
Morgan Richomme [Wed, 5 Feb 2020 07:31:50 +0000 (07:31 +0000)]
Merge "Enable multicloud openstack https endpoints"
hongyuzhao [Tue, 4 Feb 2020 09:54:35 +0000 (17:54 +0800)]
Removed use of vfc-redis from etsicatalog component
Change-Id: Ie00783e0e55136aa40a8c3cf266ebc486240e308
Issue-ID: MODELING-307
Signed-off-by: hongyuzhao <zhao.hongyu@zte.com.cn>
Sylvain Desbureaux [Tue, 4 Feb 2020 16:30:02 +0000 (16:30 +0000)]
Merge "Fix problem with wrong volume mount names"
Bin Yang [Mon, 3 Feb 2020 17:03:14 +0000 (01:03 +0800)]
Enable multicloud openstack https endpoints
Make use of msb iag with https as well
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Change-Id: I79c988e2ac13f1c11be8ca5ac9ccd44c21418cb4
Lucjan Bryndza [Tue, 4 Feb 2020 15:11:04 +0000 (16:11 +0100)]
Enable underscore in headers in nginx config
Signed-off-by: Lucjan Bryndza <l.bryndza@samsung.com>
Issue-ID: PORTAL-806
Change-Id: I9bd2cc1f01a13d198d705affe3cc56be96dd5ce0
Sylvain Desbureaux [Thu, 12 Dec 2019 13:35:01 +0000 (14:35 +0100)]
[COMMON] Create templates for services and PV
Proposition of common templates to make service declaration and PV
declaration consistent accross OOM.
Propositions of templates for sub parties of resource definitions
such as metadatas, selector and containerPorts.
I've also made an example with cassandra.
Change-Id: I8b8aa8eb61dafba75e89add1979114a0eefce243
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Krzysztof Opasiak [Mon, 3 Feb 2020 20:04:22 +0000 (21:04 +0100)]
Update git submodules
* Update kubernetes/aai from branch 'master'
to
1c9c9bba658057f6147276fba4f84e7db9117e70
- [ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I450057f5b4a10842f09665ecccc58e4ed727cd89
Morgan Richomme [Mon, 3 Feb 2020 16:50:13 +0000 (16:50 +0000)]
Merge "Revert "Make cassandra service mesh compliant""
Borislav Glozman [Mon, 3 Feb 2020 13:50:34 +0000 (13:50 +0000)]
Merge "Expose multicloud endpoints in https"
Sylvain Desbureaux [Mon, 3 Feb 2020 13:39:00 +0000 (13:39 +0000)]
Revert "Make cassandra service mesh compliant"
This reverts commit
239bb3e18494584587ee1a6eb482f022b9e32d44.
Reason for revert: mandatory template functions not merged yet
Issue-ID: OOM-2252
Change-Id: I80444a7103e12aea4568f03ded08e348bba927fb
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Bin Yang [Thu, 23 Jan 2020 02:46:07 +0000 (02:46 +0000)]
Expose multicloud endpoints in https
Make use of msb iag with https as well
Change-Id: I46320cb7a3012320091b8b802ed8531285b78b45
Issue-ID: MULTICLOUD-978
Signed-off-by: Bin Yang <bin.yang@windriver.com>
Borislav Glozman [Sun, 2 Feb 2020 13:33:15 +0000 (13:33 +0000)]
Merge "Update PRH version to 1.5.0"
Borislav Glozman [Sun, 2 Feb 2020 13:32:41 +0000 (13:32 +0000)]
Merge "Add override flag to the ingress template"
Borislav Glozman [Sun, 2 Feb 2020 13:31:03 +0000 (13:31 +0000)]
Merge "redis config optimization"
Borislav Glozman [Sun, 2 Feb 2020 13:30:36 +0000 (13:30 +0000)]
Merge "Update ves collector image"
Borislav Glozman [Sun, 2 Feb 2020 13:29:30 +0000 (13:29 +0000)]
Merge "[Modeling] Use common secret template for mariadb root password"
Sylvain Desbureaux [Wed, 18 Dec 2019 12:15:57 +0000 (13:15 +0100)]
[COMMON] Make cassandra service mesh compliant
When service mesh is enabled, cassandra needs to listen to `127.0.0.1`
instead of POD_IP but must broadcast using POD_IP.
Change-Id: If96acd56a092a893f524a69ee83406c9cb70b3e7
Issue-ID: OOM-2252
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Borislav Glozman [Sun, 2 Feb 2020 13:26:36 +0000 (13:26 +0000)]
Merge "[Modeling] Move mariadb-galera to etsicatalog"
Borislav Glozman [Sun, 2 Feb 2020 13:23:12 +0000 (13:23 +0000)]
Merge "[APPC] Don't hardcode mariadb root password"
Borislav Glozman [Sun, 2 Feb 2020 13:21:57 +0000 (13:21 +0000)]
Merge "[COMMON] Don't create dummy mysql DB by default in a shared instance"
Borislav Glozman [Sun, 2 Feb 2020 13:20:30 +0000 (13:20 +0000)]
Merge "[COMMON] Allow to lint chart without master password"
Borislav Glozman [Sun, 2 Feb 2020 13:18:41 +0000 (13:18 +0000)]
Merge "[COMMON] Make network-name-gen use common secrets template"
Borislav Glozman [Sun, 2 Feb 2020 13:18:28 +0000 (13:18 +0000)]
Merge "[COMMON] Provide convenience templates for mariadb secrets"
Borislav Glozman [Sun, 2 Feb 2020 13:15:51 +0000 (13:15 +0000)]
Merge "[COMMON] Expose common.secret.genName template"
Borislav Glozman [Sun, 2 Feb 2020 13:15:34 +0000 (13:15 +0000)]
Merge "[COMMON] Allow to generate fullname based on passed chart name"
Borislav Glozman [Sun, 2 Feb 2020 13:11:09 +0000 (13:11 +0000)]
Merge "[COMMON] Allow to search secret by uid even if name is Overridden"
Borislav Glozman [Sun, 2 Feb 2020 13:08:38 +0000 (13:08 +0000)]
Merge "[COMMON] Use common secret template in mariadb-init"
Borislav Glozman [Sun, 2 Feb 2020 13:08:20 +0000 (13:08 +0000)]
Merge "Add ONAP core deployment type override"
Borislav Glozman [Sun, 2 Feb 2020 13:02:59 +0000 (13:02 +0000)]
Merge "release 1.7.0 APPC in Frankfurt"
Krzysztof Opasiak [Fri, 31 Jan 2020 22:28:25 +0000 (23:28 +0100)]
[Modeling] Use common secret template for mariadb root password
Remove hardcoded root password from the modeling chart.
Because of huge number of issues in modeling docker image
(see onap-discuss for details) I don't want to touch it.
That's why I just made an awful hack to concatenate DB
username and password before the entrypoint script.
Please keep in mind that this eliminates only hardcoded
root password but there is plenty of other credentials that
are boiled into container image (DB, SDC, VCF-REDIS(!) etc).
Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Id85a03ec7f55885b606179d10e8b6528c6cb6947
Krzysztof Opasiak [Fri, 31 Jan 2020 13:26:54 +0000 (14:26 +0100)]
[Modeling] Move mariadb-galera to etsicatalog
etsicatalog is the only component inside modeling which use this DB
thus there is no point to keep it outside of this component.
Passwords and other bad stuff is left intentionally as this is just a
first patch for this transition.
Issue-ID: OOM-2286
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I4f592b736a86c7acf9ee43b0f6e136e5f1506847
Krzysztof Opasiak [Thu, 23 Jan 2020 10:49:25 +0000 (11:49 +0100)]
[APPC] Don't hardcode mariadb root password
You should never ever assume that secretpassword is a production
ready password for your mariadb-galera instance. Instead let's
just share a secret with our instance of mariadb-galera.
Issue-ID: OOM-2275
Change-Id: I25486ad81a2ec428dbbd379ab3529c84f55acc4b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Thu, 23 Jan 2020 00:03:41 +0000 (01:03 +0100)]
[COMMON] Don't create dummy mysql DB by default in a shared instance
When deploying a shared mariadb-galera instance using common chart
a dummy database is created based on the default values n the chart.
This is obviously unnecessary and creates an obviousl security issue.
That's why let's make sure that when we deploy a shared mariadb
instance no dummy databases are created.
Issue-ID: OOM-2053
Change-Id: I1130cb8eb555b15a2d8b365102d69e32259233eb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Wed, 22 Jan 2020 23:55:46 +0000 (00:55 +0100)]
[COMMON] Allow to lint chart without master password
When you type make in kubernetes directory all charts are linted.
If one of them try to generate password whole linting process
ends with an error because masterPassword has not been provided
and there is no default value for it.
To avoid this issue but still don't provide any default value
whcih would be obviously insecure in this context, let's just
test current release name. If it matches "testRelease" we treat whis
as a special case and use predefined master key.
Security implication:
You should never, ever name your productional deployment "testRelease"
nor use it as a master password.
Issue-ID: OOM-2052
Change-Id: I7a2132e81f6910dfea562e8930c7eacd7aa7a00b
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Tue, 21 Jan 2020 23:08:05 +0000 (00:08 +0100)]
[COMMON] Make network-name-gen use common secrets template
For now we use it only for DB secret but in a future also
other secrets should be replaced.
Issue-ID: OOM-2249
Change-Id: Ie6515806c39c6a2cd94be378b5210156b78f4afb
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Tue, 21 Jan 2020 23:06:32 +0000 (00:06 +0100)]
[COMMON] Provide convenience templates for mariadb secrets
Usage of plain strings is very fragile especially when you try
to change them. That's why instead of depending on strings let's
just define a few convenience templates to be used in projects
that use mariadb-galera chart.
Issue-ID: OOM-2249
Change-Id: Ib867d34090b06a15ea3898a9524f5e3d04a656c0
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Tue, 21 Jan 2020 23:03:45 +0000 (00:03 +0100)]
[COMMON] Expose common.secret.genName template
This template used to be for internal use only but it turned out
to be very useful in number of places so let's just expose it.
Issue-ID: OOM-2249
Change-Id: I57cd31681fb5edb4ac95b0b7b2446a364ce826d2
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Fri, 24 Jan 2020 23:00:07 +0000 (00:00 +0100)]
[COMMON] Allow to generate fullname based on passed chart name
By default common.fullname uses .Chart.Name or
.Values.nameOverride to generate a "full name" used in many
places.
In some cases it may be convenient to be able to generate this
full name for a specific, well known chart name.
Issue-ID: OOM-2249
Change-Id: I68034c1c5df81ae9533f5f4bc6fab58f2416623a
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Thu, 9 Jan 2020 20:53:55 +0000 (21:53 +0100)]
[COMMON] Allow to search secret by uid even if name is Overridden
In some cases it is useful to bypass default policy for secret name
generation and provide a custom name for a secret. In this case
current search implementation got confused and couln't find a secret
based on uid. This patch fixes the issue by comaring not only name
but also uid.
Issue-ID: OOM-2246
Change-Id: Iaea7a23fee09aa388968aad792ba7f7e1fbf2f21
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Krzysztof Opasiak [Thu, 30 Jan 2020 11:10:40 +0000 (12:10 +0100)]
[COMMON] Use common secret template in mariadb-init
Use common secret template for all passwords that are used
inside this chart.
Issue-ID: OOM-2248
Change-Id: Ia94b87a4d0316a3d334fd492521be5a255c14b4e
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Krzysztof Opasiak [Fri, 24 Jan 2020 22:49:11 +0000 (23:49 +0100)]
[ONAP-wide] Replace .Release.Name with common.release
ONAP is too big to be deployed using helm install so we need to
use a custom helm plugin helm deploy. This script deloys onap
component by component instead of deploying evrything at
once. Unfortunately this script also modifies the helm release by
appending component name to it.
As a result of this behavior our objects are called for example:
onap-mariadb-galera-mariadb-galera-0
instead of just being called onap-mariadb-galera-0.
This patch simplifies this naming convention by replacing all direct
usages of .Release.Name with common.release macro which strips the
component specific part from the release name.
Issue-ID: OOM-2275
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: Ia8cead50d305adb00eef666d0a1ace74479b5183
Krzysztof Opasiak [Fri, 24 Jan 2020 21:45:16 +0000 (22:45 +0100)]
Remove additional _helpers files
Helm by default creates some useful templates in _helpers.tpl
file. This is fine for stand alone charts but when they become
part of ONAP those helpers are no longer needed as our common
components already provides all required functions
Issue-ID: OOM-2278
Signed-off-by: Krzysztof Opasiak <k.opasiak@samsung.com>
Change-Id: I659e4b45b031e87cc87f7bbbb22bf9e23cd74e61
mprzybys [Fri, 31 Jan 2020 10:09:02 +0000 (10:09 +0000)]
Fix problem with wrong volume mount names
Issue-ID: DMAAP-1378
Signed-off-by: Marcin Przybysz <marcin.przybysz@nokia.com>
Change-Id: Ibac712760dca757475e57129cc1857be5c1086e0
Marco Platania [Thu, 30 Jan 2020 15:32:12 +0000 (15:32 +0000)]
Update git submodules
* Update kubernetes/robot from branch 'master'
to
091f164a832479cb40ad6f5d7e4960269e75f87f
- Merge "Adjust ETE runner for security tests"
- Adjust ETE runner for security tests
This patch adds gathering data which cannot be easily obtained from
within "robot" pod (without granting it access to "kubectl" tool and as
a side effect - cluster modifications).
It introduces dependency to python3 on operator's machine (to convert
"kubectl" tool filtered output to JSON).
Issue-ID: SECCOM-261
Change-Id: Ie5057f65f79337896191b51cfad1b3e06623f80b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
Morgan Richomme [Thu, 30 Jan 2020 14:50:18 +0000 (14:50 +0000)]
Merge "Revert "basic auth for so-monitoring""
Pawel Wieczorek [Fri, 24 Jan 2020 11:38:22 +0000 (12:38 +0100)]
Add ONAP core deployment type override
This patch makes heavy use of Orange accomplishments [1][2][3]. This
deployment override will probably succeed "minimal-onap.yaml" used in
e.g. "integration/bootstrap/vagrant-minimal-onap" setup.
Cassandra replicaCount is increased to 3 to allow reaching quorum.
[1] https://gitlab.com/Orange-OpenSource/lfn/onap/onap_oom_automatic_installation
[2] https://wiki.lfnetworking.org/display/LN/Call%20for%20ONAP%20DDF%20Topics%20-%20Prague%202020#CallforONAPDDFTopics-Prague2020-OOM-IntroductionofServicemesh
[3] https://wiki.lfnetworking.org/download/attachments/
25364127/OOM%20Service%20Mesh%20Prague.pptx
Issue-ID: ONAPARC-551
Change-Id: Ibaec41f088f11f7fb4e7c476f742d12d29c5740b
Signed-off-by: Pawel Wieczorek <p.wieczorek2@samsung.com>
pwielebs [Wed, 29 Jan 2020 11:35:14 +0000 (12:35 +0100)]
Update PRH version to 1.5.0
Issue-ID: OOM-2281
Signed-off-by: Piotr Wielebski <piotr.wielebski@nokia.com>
Change-Id: I0330b2c239af12f48202062954a623c18ca1ac7f
Morgan Richomme [Wed, 29 Jan 2020 10:20:25 +0000 (10:20 +0000)]
Merge changes Ia6344de1,I642bdc7a
* changes:
VID: Update to version 6.0.2 (Frankfurt wave 1)
VID logging adjustments to portal-sdk 2.6.0
Morgan Richomme [Tue, 28 Jan 2020 16:10:13 +0000 (16:10 +0000)]
Merge "Add VID to onap-vfw overrides"
Code Review / oom.git / log