From 7007041548231606f3a2f0f98419d43619340bda Mon Sep 17 00:00:00 2001 From: Sylvain Desbureaux Date: Mon, 9 Nov 2020 21:58:48 +0100 Subject: [PATCH] [AAI] Reintegrate AAI OOM charts in main repo AAI chart is currently in its own directory. As a lot will be done in the charts with tight coordination between "common" part and components parts, it's a lot easier to have everything in a same place for now. Issue-ID: OOM-2513 Signed-off-by: Sylvain Desbureaux Change-Id: I5e27f7de286bf74e6d3a443e1cb31f63b3d83265 [Update aai to commit 18d4bd165e12cb4d03baa318e506f0dda381cd89] Signed-off-by: Krzysztof Opasiak --- .gitmodules | 6 - kubernetes/Makefile | 2 +- kubernetes/aai | 1 - kubernetes/aai/Chart.yaml | 19 + kubernetes/aai/components/aai-babel/.helmignore | 21 + kubernetes/aai/components/aai-babel/Chart.yaml | 19 + .../aai/components/aai-babel/requirements.yaml | 22 + .../resources/config/artifact-generator.properties | 285 ++++ .../resources/config/auth/auth_policy.json | 47 + .../resources/config/auth/tomcat_keystore | Bin 0 -> 2483 bytes .../resources/config/babel-auth.properties | 16 + .../aai-babel/resources/config/logback.xml | 194 +++ .../aai-babel/resources/config/tosca-mappings.json | 193 +++ .../resources/fproxy/config/auth/client-cert.p12 | Bin 0 -> 2556 bytes .../resources/fproxy/config/auth/tomcat_keystore | Bin 0 -> 2214 bytes .../resources/fproxy/config/fproxy.properties | 2 + .../resources/fproxy/config/logback-spring.xml | 45 + .../aai-babel/resources/fproxy/config/readme.txt | 1 + .../resources/rproxy/config/auth/client-cert.p12 | Bin 0 -> 2556 bytes .../resources/rproxy/config/auth/tomcat_keystore | Bin 0 -> 3594 bytes .../rproxy/config/auth/uri-authorization.json | 93 ++ .../resources/rproxy/config/cadi.properties | 25 + .../rproxy/config/forward-proxy.properties | 4 + .../resources/rproxy/config/logback-spring.xml | 45 + .../rproxy/config/primary-service.properties | 3 + .../aai-babel/resources/rproxy/config/readme.txt | 1 + .../rproxy/config/reverse-proxy.properties | 1 + .../resources/rproxy/config/security/keyfile | 27 + .../components/aai-babel/templates/configmap.yaml | 70 + .../components/aai-babel/templates/deployment.yaml | 254 ++++ .../components/aai-babel/templates/ingress.yaml | 1 + .../components/aai-babel/templates/secrets.yaml | 88 ++ .../components/aai-babel/templates/service.yaml | 52 + kubernetes/aai/components/aai-babel/values.yaml | 87 ++ .../aai/components/aai-data-router/.helmignore | 21 + .../aai/components/aai-data-router/Chart.yaml | 18 + .../resources/config/auth/client-cert-onap.p12 | Bin 0 -> 2556 bytes .../resources/config/auth/data-router_policy.json | 18 + .../resources/config/auth/tomcat_keystore | Bin 0 -> 4767 bytes .../resources/config/data-router.properties | 0 .../resources/config/log/logback.xml | 193 +++ .../resources/config/schemaIngest.properties | 65 + .../resources/dynamic/conf/data-router-oxm.xml | 17 + .../resources/dynamic/conf/entity-event-policy.xml | 56 + .../resources/dynamic/routes/entity-event.route | 4 + .../aai-data-router/templates/configmap.yaml | 68 + .../aai-data-router/templates/deployment.yaml | 188 +++ .../aai-data-router/templates/secret.yaml | 27 + .../aai/components/aai-data-router/values.yaml | 112 ++ .../aai/components/aai-elasticsearch/.helmignore | 21 + .../aai/components/aai-elasticsearch/Chart.yaml | 18 + .../resources/config/elasticsearch.yml | 372 +++++ .../aai-elasticsearch/resources/config/jvm.options | 117 ++ .../resources/config/log4j2.properties | 88 ++ .../aai-elasticsearch/templates/configmap.yaml | 26 + .../aai-elasticsearch/templates/deployment.yaml | 120 ++ .../components/aai-elasticsearch/templates/pv.yaml | 42 + .../aai-elasticsearch/templates/pvc.yaml | 36 + .../aai-elasticsearch/templates/service.yaml | 44 + .../aai/components/aai-elasticsearch/values.yaml | 108 ++ .../aai/components/aai-graphadmin/.helmignore | 21 + .../aai/components/aai-graphadmin/Chart.yaml | 23 + .../resources/config/aaiconfig.properties | 126 ++ .../resources/config/application.properties | 111 ++ .../resources/config/janusgraph-cached.properties | 97 ++ .../config/janusgraph-realtime.properties | 91 ++ .../resources/config/localhost-access-logback.xml | 60 + .../aai-graphadmin/resources/config/logback.xml | 958 +++++++++++++ .../janusgraph-migration-cached.properties | 70 + .../migration/janusgraph-migration-real.properties | 65 + .../resources/config/realm.properties | 42 + .../aai-graphadmin/templates/configmap.yaml | 63 + .../aai-graphadmin/templates/deployment.yaml | 187 +++ .../templates/job-copy-db-backup.yaml | 141 ++ .../aai-graphadmin/templates/job-create-db.yaml | 150 ++ .../aai-graphadmin/templates/job-migration.yaml | 309 ++++ .../components/aai-graphadmin/templates/pv.yaml | 44 + .../components/aai-graphadmin/templates/pvc.yaml | 42 + .../aai-graphadmin/templates/service.yaml | 49 + .../aai/components/aai-graphadmin/values.yaml | 158 +++ .../aai/components/aai-modelloader/.helmignore | 21 + .../aai/components/aai-modelloader/Chart.yaml | 18 + .../resources/config/auth/aai-os-cert.p12 | Bin 0 -> 4357 bytes .../resources/config/auth/babel-client-cert.p12 | Bin 0 -> 2817 bytes .../resources/config/auth/tomcat_keystore | Bin 0 -> 2483 bytes .../resources/config/log/logback.xml | 168 +++ .../resources/config/model-loader.properties | 46 + .../aai-modelloader/templates/configmap.yaml | 39 + .../aai-modelloader/templates/deployment.yaml | 109 ++ .../aai-modelloader/templates/ingress.yaml | 1 + .../aai-modelloader/templates/secret.yaml | 27 + .../aai-modelloader/templates/service.yaml | 43 + .../aai/components/aai-modelloader/values.yaml | 86 ++ .../aai/components/aai-resources/.helmignore | 21 + kubernetes/aai/components/aai-resources/Chart.yaml | 19 + .../resources/config/aaf/bath_config.csv | 33 + .../resources/config/aaf/cadi.properties | 8 + .../resources/config/aaf/org.onap.aai.keyfile | 27 + .../resources/config/aaf/org.onap.aai.p12 | Bin 0 -> 4347 bytes .../resources/config/aaf/org.onap.aai.props | 15 + .../resources/config/aaf/org.osaaf.location.props | 24 + .../resources/config/aaf/permissions.properties | 2 + .../resources/config/aaiconfig.properties | 88 ++ .../config/application-keycloak.properties | 14 + .../resources/config/application.properties | 96 ++ .../resources/config/auth/aai_policy.json | 298 ++++ .../resources/config/janusgraph-cached.properties | 100 ++ .../config/janusgraph-realtime.properties | 94 ++ .../resources/config/localhost-access-logback.xml | 63 + .../aai-resources/resources/config/logback.xml | 344 +++++ .../resources/config/realm.properties | 37 + .../resources/fproxy/config/auth/client-cert.p12 | Bin 0 -> 3617 bytes .../resources/fproxy/config/auth/fproxy_truststore | Bin 0 -> 4639 bytes .../resources/fproxy/config/auth/tomcat_keystore | Bin 0 -> 2214 bytes .../resources/fproxy/config/fproxy.properties | 2 + .../resources/fproxy/config/logback-spring.xml | 45 + .../resources/fproxy/config/readme.txt | 1 + .../resources/rproxy/config/auth/client-cert.p12 | Bin 0 -> 4291 bytes .../resources/rproxy/config/auth/org.onap.aai.p12 | Bin 0 -> 4158 bytes .../resources/rproxy/config/auth/tomcat_keystore | Bin 0 -> 4943 bytes .../rproxy/config/auth/uri-authorization.json | 99 ++ .../resources/rproxy/config/cadi.properties | 39 + .../rproxy/config/forward-proxy.properties | 4 + .../resources/rproxy/config/logback-spring.xml | 45 + .../rproxy/config/primary-service.properties | 3 + .../resources/rproxy/config/readme.txt | 1 + .../rproxy/config/reverse-proxy.properties | 1 + .../resources/rproxy/config/security/keyfile | 27 + .../aai-resources/templates/configmap.yaml | 159 +++ .../aai-resources/templates/deployment.yaml | 1484 ++++++++++++++++++++ .../aai-resources/templates/service.yaml | 44 + .../aai/components/aai-resources/values.yaml | 123 ++ .../aai/components/aai-schema-service/.helmignore | 21 + .../aai/components/aai-schema-service/Chart.yaml | 19 + .../aai-schema-service/config/aaiconfig.properties | 43 + .../config/application.properties | 71 + .../config/localhost-access-logback.xml | 58 + .../aai-schema-service/config/logback.xml | 295 ++++ .../aai-schema-service/config/realm.properties | 22 + .../aai-schema-service/templates/configmap.yaml | 78 + .../aai-schema-service/templates/deployment.yaml | 155 ++ .../aai-schema-service/templates/service.yaml | 44 + .../aai/components/aai-schema-service/values.yaml | 88 ++ .../aai/components/aai-search-data/.helmignore | 21 + .../aai/components/aai-search-data/Chart.yaml | 18 + .../resources/config/analysis-config.json | 32 + .../resources/config/auth/search_policy.json | 18 + .../resources/config/auth/tomcat_keystore | Bin 0 -> 3844 bytes .../resources/config/dynamic-custom-template.json | 12 + .../resources/config/elastic-search.properties | 25 + .../resources/config/es-payload-translation.json | 17 + .../resources/config/filter-config.json | 7 + .../resources/config/log/logback.xml | 193 +++ .../resources/fproxy/config/fproxy.properties | 2 + .../resources/fproxy/config/logback-spring.xml | 48 + .../resources/fproxy/config/readme.txt | 1 + .../rproxy/config/auth/uri-authorization.json | 11 + .../resources/rproxy/config/cadi.properties | 39 + .../rproxy/config/forward-proxy.properties | 4 + .../resources/rproxy/config/logback-spring.xml | 48 + .../rproxy/config/primary-service.properties | 3 + .../resources/rproxy/config/readme.txt | 1 + .../rproxy/config/reverse-proxy.properties | 1 + .../aai-search-data/templates/configmap.yaml | 83 ++ .../aai-search-data/templates/deployment.yaml | 259 ++++ .../aai-search-data/templates/secret.yaml | 53 + .../aai-search-data/templates/service.yaml | 53 + .../aai/components/aai-search-data/values.yaml | 78 + .../aai/components/aai-sparky-be/.helmignore | 21 + kubernetes/aai/components/aai-sparky-be/Chart.yaml | 18 + .../config/application-oxm-default.properties | 16 + .../config/application-oxm-override.properties | 16 + .../config/application-oxm-schema-prod.properties | 28 + .../config/application-resources.properties | 20 + .../resources/config/application-ssl.properties | 20 + .../resources/config/application-sync.properties | 6 + .../resources/config/application.properties | 35 + .../resources/config/auth/client-cert-onap.p12 | Bin 0 -> 4117 bytes .../config/auth/csp-cookie-filter.properties | 26 + .../resources/config/auth/org.onap.aai.p12 | Bin 0 -> 4347 bytes .../config/portal/BOOT-INF/classes/key.properties | 1 + .../portal/BOOT-INF/classes/portal.properties | 47 + .../resources/config/portal/cadi.properties | 45 + .../aai-sparky-be/resources/config/portal/keyFile | 27 + .../config/portal/portal-authentication.properties | 31 + .../aai-sparky-be/resources/config/roles.config | 20 + .../aai-sparky-be/resources/config/users.config | 20 + .../aai-sparky-be/templates/configmap.yaml | 72 + .../aai-sparky-be/templates/deployment.yaml | 206 +++ .../aai-sparky-be/templates/ingress.yaml | 1 + .../components/aai-sparky-be/templates/secret.yaml | 27 + .../aai-sparky-be/templates/service.yaml | 38 + .../aai/components/aai-sparky-be/values.yaml | 120 ++ .../aai/components/aai-traversal/.helmignore | 21 + kubernetes/aai/components/aai-traversal/Chart.yaml | 18 + .../resources/config/aaf/bath_config.csv | 33 + .../resources/config/aaf/cadi.properties | 8 + .../resources/config/aaf/org.onap.aai.keyfile | 27 + .../resources/config/aaf/org.onap.aai.p12 | Bin 0 -> 4347 bytes .../resources/config/aaf/org.onap.aai.props | 15 + .../resources/config/aaf/org.osaaf.location.props | 23 + .../resources/config/aaf/permissions.properties | 2 + .../resources/config/aaiconfig.properties | 94 ++ .../resources/config/application.properties | 99 ++ .../resources/config/janusgraph-cached.properties | 100 ++ .../config/janusgraph-realtime.properties | 94 ++ .../resources/config/localhost-access-logback.xml | 63 + .../aai-traversal/resources/config/logback.xml | 344 +++++ .../resources/config/realm.properties | 37 + .../aai-traversal/templates/configmap.yaml | 64 + .../aai-traversal/templates/deployment.yaml | 812 +++++++++++ .../components/aai-traversal/templates/job.yaml | 142 ++ .../aai-traversal/templates/service.yaml | 44 + .../aai/components/aai-traversal/values.yaml | 118 ++ kubernetes/aai/requirements.yaml | 69 + kubernetes/aai/resources/config/aai/aai_keystore | Bin 0 -> 7544 bytes .../resources/config/auth/truststoreONAPall.jks | Bin 0 -> 117990 bytes .../resources/config/fproxy/auth/client-cert.p12 | Bin 0 -> 3591 bytes .../resources/config/fproxy/auth/fproxy_truststore | Bin 0 -> 5569 bytes .../resources/config/fproxy/auth/tomcat_keystore | Bin 0 -> 3607 bytes kubernetes/aai/resources/config/haproxy/aai.pem | 88 ++ .../config/haproxy/haproxy-pluggable-security.cfg | 138 ++ .../aai/resources/config/haproxy/haproxy.cfg | 126 ++ .../aai/resources/config/log/filebeat/filebeat.yml | 55 + .../resources/config/rproxy/auth/client-cert.p12 | Bin 0 -> 2556 bytes .../resources/config/rproxy/auth/org.onap.aai.p12 | Bin 0 -> 4158 bytes .../resources/config/rproxy/auth/tomcat_keystore | Bin 0 -> 3594 bytes .../aai/resources/config/rproxy/security/keyfile | 27 + kubernetes/aai/templates/configmap.yaml | 103 ++ kubernetes/aai/templates/deployment.yaml | 134 ++ kubernetes/aai/templates/ingress.yaml | 1 + kubernetes/aai/templates/secret.yaml | 36 + kubernetes/aai/templates/service.yaml | 40 + kubernetes/aai/values.yaml | 382 +++++ 234 files changed, 16259 insertions(+), 8 deletions(-) delete mode 160000 kubernetes/aai create mode 100644 kubernetes/aai/Chart.yaml create mode 100644 kubernetes/aai/components/aai-babel/.helmignore create mode 100644 kubernetes/aai/components/aai-babel/Chart.yaml create mode 100644 kubernetes/aai/components/aai-babel/requirements.yaml create mode 100644 kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json create mode 100644 kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/config/logback.xml create mode 100644 kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json create mode 100644 kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 create mode 100644 kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties create mode 100644 kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile create mode 100644 kubernetes/aai/components/aai-babel/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-babel/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-babel/templates/ingress.yaml create mode 100644 kubernetes/aai/components/aai-babel/templates/secrets.yaml create mode 100644 kubernetes/aai/components/aai-babel/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-babel/values.yaml create mode 100644 kubernetes/aai/components/aai-data-router/.helmignore create mode 100644 kubernetes/aai/components/aai-data-router/Chart.yaml create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/data-router.properties create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml create mode 100644 kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties create mode 100644 kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml create mode 100644 kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml create mode 100644 kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route create mode 100644 kubernetes/aai/components/aai-data-router/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-data-router/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-data-router/templates/secret.yaml create mode 100644 kubernetes/aai/components/aai-data-router/values.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/.helmignore create mode 100644 kubernetes/aai/components/aai-elasticsearch/Chart.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml create mode 100644 kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options create mode 100644 kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties create mode 100644 kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-elasticsearch/values.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/.helmignore create mode 100644 kubernetes/aai/components/aai-graphadmin/Chart.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/application.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/pv.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-graphadmin/values.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/.helmignore create mode 100644 kubernetes/aai/components/aai-modelloader/Chart.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 create mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 create mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml create mode 100644 kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties create mode 100644 kubernetes/aai/components/aai-modelloader/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/templates/ingress.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/templates/secret.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-modelloader/values.yaml create mode 100644 kubernetes/aai/components/aai-resources/.helmignore create mode 100644 kubernetes/aai/components/aai-resources/Chart.yaml create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/application.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json create mode 100644 kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml create mode 100644 kubernetes/aai/components/aai-resources/resources/config/logback.xml create mode 100644 kubernetes/aai/components/aai-resources/resources/config/realm.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties create mode 100644 kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile create mode 100644 kubernetes/aai/components/aai-resources/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-resources/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-resources/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-resources/values.yaml create mode 100644 kubernetes/aai/components/aai-schema-service/.helmignore create mode 100644 kubernetes/aai/components/aai-schema-service/Chart.yaml create mode 100644 kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties create mode 100644 kubernetes/aai/components/aai-schema-service/config/application.properties create mode 100644 kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml create mode 100644 kubernetes/aai/components/aai-schema-service/config/logback.xml create mode 100644 kubernetes/aai/components/aai-schema-service/config/realm.properties create mode 100644 kubernetes/aai/components/aai-schema-service/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-schema-service/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-schema-service/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-schema-service/values.yaml create mode 100644 kubernetes/aai/components/aai-search-data/.helmignore create mode 100644 kubernetes/aai/components/aai-search-data/Chart.yaml create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/dynamic-custom-template.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/elastic-search.properties create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/es-payload-translation.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/filter-config.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/config/log/logback.xml create mode 100644 kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties create mode 100644 kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt create mode 100644 kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties create mode 100644 kubernetes/aai/components/aai-search-data/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-search-data/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-search-data/templates/secret.yaml create mode 100644 kubernetes/aai/components/aai-search-data/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-search-data/values.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/.helmignore create mode 100644 kubernetes/aai/components/aai-sparky-be/Chart.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/application.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/csp-cookie-filter.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/auth/org.onap.aai.p12 create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/roles.config create mode 100644 kubernetes/aai/components/aai-sparky-be/resources/config/users.config create mode 100644 kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/templates/secret.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-sparky-be/values.yaml create mode 100644 kubernetes/aai/components/aai-traversal/.helmignore create mode 100644 kubernetes/aai/components/aai-traversal/Chart.yaml create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/application.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/logback.xml create mode 100644 kubernetes/aai/components/aai-traversal/resources/config/realm.properties create mode 100644 kubernetes/aai/components/aai-traversal/templates/configmap.yaml create mode 100644 kubernetes/aai/components/aai-traversal/templates/deployment.yaml create mode 100644 kubernetes/aai/components/aai-traversal/templates/job.yaml create mode 100644 kubernetes/aai/components/aai-traversal/templates/service.yaml create mode 100644 kubernetes/aai/components/aai-traversal/values.yaml create mode 100644 kubernetes/aai/requirements.yaml create mode 100644 kubernetes/aai/resources/config/aai/aai_keystore create mode 100644 kubernetes/aai/resources/config/auth/truststoreONAPall.jks create mode 100644 kubernetes/aai/resources/config/fproxy/auth/client-cert.p12 create mode 100644 kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore create mode 100644 kubernetes/aai/resources/config/fproxy/auth/tomcat_keystore create mode 100644 kubernetes/aai/resources/config/haproxy/aai.pem create mode 100644 kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg create mode 100644 kubernetes/aai/resources/config/haproxy/haproxy.cfg create mode 100644 kubernetes/aai/resources/config/log/filebeat/filebeat.yml create mode 100644 kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 create mode 100644 kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 create mode 100644 kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore create mode 100644 kubernetes/aai/resources/config/rproxy/security/keyfile create mode 100644 kubernetes/aai/templates/configmap.yaml create mode 100644 kubernetes/aai/templates/deployment.yaml create mode 100644 kubernetes/aai/templates/ingress.yaml create mode 100644 kubernetes/aai/templates/secret.yaml create mode 100644 kubernetes/aai/templates/service.yaml create mode 100644 kubernetes/aai/values.yaml diff --git a/.gitmodules b/.gitmodules index 19cca65ede..3f0f4efe38 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,11 +1,5 @@ -[submodule "kubernetes/aai"] - path = kubernetes/aai - url = ../aai/oom - branch = master - ignore = dirty [submodule "kubernetes/robot"] path = kubernetes/robot url = ../testsuite/oom branch = master ignore = dirty - diff --git a/kubernetes/Makefile b/kubernetes/Makefile index 08b028afe1..81d35c5feb 100644 --- a/kubernetes/Makefile +++ b/kubernetes/Makefile @@ -32,7 +32,7 @@ else HELM_LINT_CMD := echo "Skipping linting of" endif -SUBMODS := robot aai +SUBMODS := robot EXCLUDES := config oneclick readiness test dist helm $(PARENT_CHART) dcae $(SUBMODS) HELM_CHARTS := $(filter-out $(EXCLUDES), $(sort $(patsubst %/.,%,$(wildcard */.)))) $(PARENT_CHART) diff --git a/kubernetes/aai b/kubernetes/aai deleted file mode 160000 index 18d4bd165e..0000000000 --- a/kubernetes/aai +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 18d4bd165e12cb4d03baa318e506f0dda381cd89 diff --git a/kubernetes/aai/Chart.yaml b/kubernetes/aai/Chart.yaml new file mode 100644 index 0000000000..41e4039464 --- /dev/null +++ b/kubernetes/aai/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP Active and Available Inventory +name: aai +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-babel/.helmignore b/kubernetes/aai/components/aai-babel/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-babel/Chart.yaml b/kubernetes/aai/components/aai-babel/Chart.yaml new file mode 100644 index 0000000000..1fcad3077e --- /dev/null +++ b/kubernetes/aai/components/aai-babel/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: Babel microservice +name: aai-babel +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-babel/requirements.yaml b/kubernetes/aai/components/aai-babel/requirements.yaml new file mode 100644 index 0000000000..193ad2dca0 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/requirements.yaml @@ -0,0 +1,22 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' diff --git a/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties new file mode 100644 index 0000000000..e246b00c2e --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/artifact-generator.properties @@ -0,0 +1,285 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +#action widget details +AAI.model-version-id.action=fd7fb09e-d930-41b9-b83f-cfde9df48640 +AAI.model-invariant-id.action=af593b4b-490e-4665-ad74-2f6351c0a7ce +#action-data widget details +AAI.model-invariant-id.action-data=9551346c-7d8b-4daf-9926-b93e96e2344a +AAI.model-version-id.action-data=2f80c596-27e5-4ca9-b5bb-e03a7fd4c0fd +#allotted-resource widget details +AAI.model-invariant-id.allotted-resource=f6d6a23d-a1a9-48ff-8419-b6530da2d381 +AAI.model-version-id.allotted-resource=7ad0915f-25c0-4a70-b9bc-185a75f87564 +#availability-zone widget details +AAI.model-version-id.availability-zone=6c092fb1-21b2-456b-9e01-67fb4de1896e +AAI.model-invariant-id.availability-zone=61b88c01-d819-41c0-8e21-7fd7ba47148e +#az-and-dvs-switches widget details +AAI.model-version-id.az-and-dvs-switches=b2dea88d-78a0-49bf-95c9-5819df08e966 +AAI.model-invariant-id.az-and-dvs-switches=53dc00d4-e6d9-48ec-b6cc-3d3797e9b896 +#class-of-service widget details +AAI.model-version-id.class-of-service=d2fb27cc-15eb-4c4e-828e-71d41aaecc5b +AAI.model-invariant-id.class-of-service=18094b19-d16d-4822-8acf-e92c6aefa178 +#cloud-region widget details +AAI.model-version-id.cloud-region=2a160989-b202-47dd-874b-4a0f275998f7 +AAI.model-invariant-id.cloud-region=425b2158-e51d-4509-9945-dad4556474a3 +#complex widget details +AAI.model-invariant-id.complex=af91c2f7-35fc-43cf-a13d-443f385b2353 +AAI.model-version-id.complex=3a8ab1ee-9220-4fe8-b89c-9251d160ddc2 +#configuration widget details +AAI.model-invariant-id.configuration=166c050d-f69d-4305-943e-0bc58c3a26cf +AAI.model-version-id.configuration=5a175add-57e4-4a5d-8b02-c36f1d69c52b +#connector widget details +AAI.model-version-id.connector=22104c9f-29fd-462f-be07-96cd6b46dd33 +AAI.model-invariant-id.connector=4c01c948-7607-4d66-8a6c-99c2c2717936 +#constrained-element-set widget details +AAI.model-invariant-id.constrained-element-set=c0292b4f-ee97-40cc-8c2e-f967c48f5701 +AAI.model-version-id.constrained-element-set=01102126-9c04-4a89-945b-b131e61e95d7 +#ctag-assignment widget details +AAI.model-version-id.ctag-assignment=44e5cb1f-0938-41aa-b766-d4595109fe89 +AAI.model-invariant-id.ctag-assignment=fcb8d46b-b656-4ad6-8fa4-22cef74b443f +#ctag-pool widget details +AAI.model-invariant-id.ctag-pool=46c51d4e-d67e-4a9c-b1f5-49b1e9c6fcaa +AAI.model-version-id.ctag-pool=2056c41f-23b9-4de7-9f50-819adad37d76 +#customer widget details +AAI.model-invariant-id.customer=c1d4305f-cdbd-4bbe-9069-a2f4978fd89e +AAI.model-version-id.customer=d4df5c27-98a1-4812-a8aa-c17f055b7a3f +#cvlan-tag-entry widget details +AAI.model-version-id.cvlan-tag-entry=c3878ffb-8d85-4114-bee6-e4074a9db10b +AAI.model-invariant-id.cvlan-tag-entry=245cf4b0-7cc5-4eea-bbd9-753e939adcab +#dvs-switch widget details +AAI.model-invariant-id.dvs-switch=98fbb471-1f86-428e-bd8a-c8a25de6fa23 +AAI.model-version-id.dvs-switch=4cb44ae8-e3ab-452a-9f95-bcc8a44c55ea +#edge-prop-names widget details +AAI.model-invariant-id.edge-prop-names=7a08cad4-8759-46a5-8245-095d1ba57ac6 +AAI.model-version-id.edge-prop-names=f0442326-8201-4d0e-857c-74b4ddcbfc9f +#element-choice-set widget details +AAI.model-invariant-id.element-choice-set=9a011958-7165-47a3-b872-00951d1f09ae +AAI.model-version-id.element-choice-set=af27fbfd-598d-44da-aeae-0f9d3a5fcd6a +#entitlement widget details +AAI.model-version-id.entitlement=7e27ba2e-b7db-4e13-9fae-d142152ef98a +AAI.model-invariant-id.entitlement=ae75b5a0-d5e1-4f3a-b8fb-37626a753da3 +#flavor widget details +AAI.model-invariant-id.flavor=bace8d1c-a261-4041-9e37-823117415d0f +AAI.model-version-id.flavor=36200fb5-f251-4f5d-a520-7c5ad5c2cd4b +#generic-vnf widget details +AAI.model-version-id.generic-vnf=93a6166f-b3d5-4f06-b4ba-aed48d009ad9 +AAI.model-invariant-id.generic-vnf=acc6edd8-a8d4-4b93-afaa-0994068be14c +#group-assignment widget details +AAI.model-invariant-id.group-assignment=7cc05f25-7ba2-42b7-a237-c5662a1689e1 +AAI.model-version-id.group-assignment=fe578080-ce19-4604-8760-fc264fbb2565 +#image widget details +AAI.model-version-id.image=f6a038c2-820c-42ba-8c2b-375e24e8f932 +AAI.model-invariant-id.image=3f4c7204-739b-4bbb-87a7-8a6856439c90 +#include-node-filter widget details +AAI.model-invariant-id.include-node-filter=2a2d8ad2-af0a-4e1f-9982-0c899e7dc827 +AAI.model-version-id.include-node-filter=f05f804d-7057-4ffe-bdc5-39f2f0c9c9fd +#instance-group widget details +AAI.model-version-id.instance-group=8e6ee9dc-9017-444a-83b3-219edb018128 +AAI.model-invariant-id.instance-group=3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd +#inventory-item widget details +AAI.model-invariant-id.inventory-item=cd57d844-9017-4078-aa19-926935a3d77c +AAI.model-version-id.inventory-item=69957f4a-2155-4b95-8d72-d6dd9b88b27b +#inventory-item-data widget details +AAI.model-version-id.inventory-item-data=0e54bb87-bd6e-4a2b-ad1c-6d935b87ae51 +AAI.model-invariant-id.inventory-item-data=87a383ae-cf03-432e-a9de-04e6a622d0fd +#ipsec-configuration widget details +AAI.model-invariant-id.ipsec-configuration=aca4c310-cb45-42bd-9f88-73e40ba7b962 +AAI.model-version-id.ipsec-configuration=d949fd10-36bf-408a-ac7a-cad5004d2e0d +#key-data widget details +AAI.model-version-id.key-data=c23ea04d-1a3b-453d-bc49-a6c783a5e92b +AAI.model-invariant-id.key-data=f5faa464-c2f2-4cc3-89d2-a90452dc3a07 +#l3-interface-ipv4-address-list widget details +AAI.model-version-id.l3-interface-ipv4-address-list=41e76b6f-1e06-4fd4-82cd-81c50fc4574b +AAI.model-invariant-id.l3-interface-ipv4-address-list=aad85df2-09be-40fa-b867-16415e4e10e2 +#l3-interface-ipv6-address-list widget details +AAI.model-invariant-id.l3-interface-ipv6-address-list=82966045-43ee-4982-8307-7e9610866140 +AAI.model-version-id.l3-interface-ipv6-address-list=d040621d-541a-477b-bb1b-a2b61b14e295 +#l3-network widget details +AAI.model-version-id.l3-network=9111f20f-e680-4001-b83f-19a2fc23bfc1 +AAI.model-invariant-id.l3-network=3d560d81-57d0-438b-a2a1-5334dba0651a +#lag-interface widget details +AAI.model-version-id.lag-interface=ce95f7c3-b61b-4758-ae9e-7e943b1c103d +AAI.model-invariant-id.lag-interface=e0ee9bde-c1fc-4651-a95d-8e0597bf7d70 +#lag-link widget details +AAI.model-version-id.lag-link=d29a087a-af59-4053-a3f8-0f95a92faa75 +AAI.model-invariant-id.lag-link=86ffe6e5-4d0e-4cec-80b5-5c38aa3eff98 +#license widget details +AAI.model-invariant-id.license=b9a9b337-1f86-42d3-b9f9-f987a089507c +AAI.model-version-id.license=6889274b-a1dc-40ab-9090-93677e13e2e6 +#license-key-resource widget details +AAI.model-invariant-id.license-key-resource=9022ebfe-b54f-4911-a6b2-8c3f5ec189b7 +AAI.model-version-id.license-key-resource=24b25f8c-b8bd-4c62-9421-87c12667aac9 +#l-interface widget details +AAI.model-version-id.l-interface=a32613fd-18b9-459e-aab8-fffb3912966a +AAI.model-invariant-id.l-interface=cea0a982-8d55-4093-921e-418fbccf7060 +#logical-link widget details +AAI.model-version-id.logical-link=a1481a38-f8ba-4ae4-bdf1-06c2c6af4c54 +AAI.model-invariant-id.logical-link=fe012535-2c31-4a39-a739-612374c638a0 +#metadatum widget details +AAI.model-invariant-id.metadatum=86dbb63a-265e-4614-993f-6771c30b56a5 +AAI.model-version-id.metadatum=6bae950e-8939-41d3-a6a7-251b03e4c1fc +#model widget details +AAI.model-invariant-id.model=06d1418a-5faa-452d-a94b-a2829df5f67b +AAI.model-version-id.model=1f51c05c-b164-4c27-9c03-5cbb239fd6be +#model-constraint widget details +AAI.model-invariant-id.model-constraint=c28966f3-e758-4483-b37b-a90b05d3dd33 +AAI.model-version-id.model-constraint=ad70dd19-f156-4fb5-a865-97b5563b0d37 +#model-element widget details +AAI.model-invariant-id.model-element=2076e726-3577-477a-a300-7fa65cd4df11 +AAI.model-version-id.model-element=753e813a-ba9e-4a1d-ab34-b2f6dc6eec0c +#multicast-configuration widget details +AAI.model-invariant-id.multicast-configuration=ea78c9e3-514d-4a0a-9162-13837fa54c35 +AAI.model-version-id.multicast-configuration=666a06ee-4b57-46df-bacf-908da8f10c3f +#named-query widget details +AAI.model-version-id.named-query=5c3b7c33-afa3-4be5-8da7-1a5ac6f99896 +AAI.model-invariant-id.named-query=80b712fd-0ad3-4180-a99c-8c995cf1cc32 +#named-query-element widget details +AAI.model-version-id.named-query-element=204c641a-3494-48c8-979a-86856f5fd32a +AAI.model-invariant-id.named-query-element=3c504d40-b847-424c-9d25-4fb7e0a3e994 +#network-policy widget details +AAI.model-invariant-id.network-policy=6aa05779-94d7-4d8b-9bee-59ef2ab0c246 +AAI.model-version-id.network-policy=a0ccd9dc-7062-4940-9bcc-e91dd28af510 +#network-profile widget details +AAI.model-version-id.network-profile=01f45471-4240-498c-a9e1-235dc0b8b4a6 +AAI.model-invariant-id.network-profile=2734b44a-b8a2-40f6-957d-6256589e5d00 +#newvce widget details +AAI.model-version-id.newvce=7c79e11f-a408-4593-aa86-ba948a1236af +AAI.model-invariant-id.newvce=4b05ec9c-c55d-4987-83ff-e08d6ddb694f +#oam-network widget details +AAI.model-invariant-id.oam-network=2851cf01-9c40-4064-87d4-6184a6fcff35 +AAI.model-version-id.oam-network=f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79 +#physical-link widget details +AAI.model-invariant-id.physical-link=c822d81f-822f-4304-9623-1025b53da568 +AAI.model-version-id.physical-link=9c523936-95b4-4d7f-9f53-6bdfe0cf2c05 +#p-interface widget details +AAI.model-invariant-id.p-interface=94043c37-4e73-439c-a790-0fdd697924cd +AAI.model-version-id.p-interface=d2cdb2d0-fc1f-4a57-a89e-591b1c4e3754 +#pnf widget details +AAI.model-version-id.pnf=e9f1fa7d-c839-418a-9601-03dc0d2ad687 +AAI.model-invariant-id.pnf=862b25a1-262a-4961-bdaa-cdc55d69785a +#port-group widget details +AAI.model-version-id.port-group=03e8bb6b-b48a-46ae-b5d4-e5af577e6844 +AAI.model-invariant-id.port-group=8ce940fb-55d7-4230-9e7f-a56cc2741f77 +#property-constraint widget details +AAI.model-version-id.property-constraint=81706bbd-981e-4362-ae20-995cbcb2d995 +AAI.model-invariant-id.property-constraint=f4a863c3-6886-470a-a6ae-05723837ea45 +#pserver widget details +AAI.model-invariant-id.pserver=6d932c8f-463b-4e76-83fb-87acfbaa2e2d +AAI.model-version-id.pserver=72f0d495-bc27-4653-9e1a-eef76bd34bc9 +#related-lookup widget details +AAI.model-invariant-id.related-lookup=468f6f5b-2996-41bb-b2a3-7cf9613ebb9b +AAI.model-version-id.related-lookup=0988bab5-bf4f-4938-a419-ab249867d12a +#reserved-prop-names widget details +AAI.model-invariant-id.reserved-prop-names=0c3e0ba3-618c-498d-9127-c8d42b00170f +AAI.model-version-id.reserved-prop-names=ac49d26d-9163-430e-934a-13b738a04f5c +#result-data widget details +AAI.model-version-id.result-data=4e9b50aa-5227-4f6f-b489-62e6bbc03c79 +AAI.model-invariant-id.result-data=ff656f23-6185-406f-9006-4b26834f3e1c +#route-table-reference widget details +AAI.model-version-id.route-table-reference=fed7e326-03a7-45ff-a3f2-471470d268c4 +AAI.model-invariant-id.route-table-reference=a8614b63-2636-4c4f-98df-fd448c4241db +#routing-instance widget details +AAI.model-invariant-id.routing-instance=1c2ded4f-8b01-4193-829c-966847dfec3e +AAI.model-version-id.routing-instance=3ccbcbc7-d19e-44d5-a52f-7e18aa8d69fa +#secondary-filter widget details +AAI.model-version-id.secondary-filter=1380619d-dd1a-4cec-b755-c6407833e065 +AAI.model-invariant-id.secondary-filter=738ff299-6290-4c00-8998-bd0e96a07b93 +#segmentation-assignment widget details +AAI.model-invariant-id.segmentation-assignment=6e814aee-46e1-4583-a9d4-0049bfd2b59b +AAI.model-version-id.segmentation-assignment=c5171ae0-44fb-4c04-b482-d56702241a44 +#service widget details +AAI.model-version-id.service=ecce2c42-3957-4ae0-9442-54bc6afe27b6 +AAI.model-invariant-id.service=07a3a60b-1b6c-4367-8173-8014386f89e3 +#service-capability widget details +AAI.model-invariant-id.service-capability=b1a7cc05-d19d-443b-a5d1-733e325c4232 +AAI.model-version-id.service-capability=f9cfec1b-18da-4bba-bd83-4b26cca115cd +#service-instance widget details +AAI.model-invariant-id.service-instance=82194af1-3c2c-485a-8f44-420e22a9eaa4 +AAI.model-version-id.service-instance=46b92144-923a-4d20-b85a-3cbd847668a9 +#service-subscription widget details +AAI.model-invariant-id.service-subscription=2e1a602a-acd8-4f78-94ff-618b802a303b +AAI.model-version-id.service-subscription=5e68299a-79f2-4bfb-8fbc-2bae877a2459 +#site-pair widget details +AAI.model-version-id.site-pair=7106bc02-6552-4fc3-8a56-4f3df9034531 +AAI.model-invariant-id.site-pair=db63f3e6-f8d1-484e-8d5e-191600b7914b +#site-pair-set widget details +AAI.model-invariant-id.site-pair-set=5d4dae3e-b402-4bfd-909e-ece12ff75d26 +AAI.model-version-id.site-pair-set=a5c6c1bc-dc38-468e-9459-bb08f87247df +#snapshot widget details +AAI.model-version-id.snapshot=962a7c8b-687f-4d32-a775-fe098e214bcd +AAI.model-invariant-id.snapshot=24de00ef-aead-4b52-995b-0adf8d4bd90d +#sriov-vf widget details +AAI.model-version-id.sriov-vf=1e8b331f-3d4a-4160-b7aa-f4d5a8916625 +AAI.model-invariant-id.sriov-vf=04b2935f-33c4-40a9-8af0-8b52690042dc +#start-node-filter widget details +AAI.model-version-id.start-node-filter=aad96fd3-e75f-42fc-9777-3450c36f1168 +AAI.model-invariant-id.start-node-filter=083093a3-e407-447a-ba5d-7583e4d23e1d +#subnet widget details +AAI.model-version-id.subnet=f902a6bc-6be4-4fe5-8458-a6ec0056b374 +AAI.model-invariant-id.subnet=1b2c9ba7-e449-4831-ba15-3073672f5ef2 +#tagged-inventory-item-list widget details +AAI.model-invariant-id.tagged-inventory-item-list=e78a7eaa-f65d-4919-9c2b-5b258c8c4d7e +AAI.model-version-id.tagged-inventory-item-list=c246f6e2-e3a1-4697-94c0-5672a7fbbf04 +#tenant widget details +AAI.model-invariant-id.tenant=97c26c99-6870-44c1-8a07-1d900d3f4ce6 +AAI.model-version-id.tenant=abcc54bc-bb74-49dc-9043-7f7171707545 +#tunnel-xconnect widget details +AAI.model-invariant-id.tunnel-xconnect=50b9e2fa-005c-4bbe-b651-3251dece4cd8 +AAI.model-version-id.tunnel-xconnect=e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5 +#update-node-key widget details +AAI.model-version-id.update-node-key=6004cfa6-eb6d-4062-971f-b1fde6b74aa0 +AAI.model-invariant-id.update-node-key=fe81c801-f65d-408a-b2b7-a729a18f8154 +#vce widget details +AAI.model-version-id.vce=b6cf54b5-ec45-43e1-be64-97b4e1513333 +AAI.model-invariant-id.vce=bab6dceb-e7e6-4301-a5e0-a7399b48d792 +#vf-module widget details +AAI.model-invariant-id.vf-module=ef86f9c5-2165-44f3-8fc3-96018b609ea5 +AAI.model-version-id.vf-module=c00563ae-812b-4e62-8330-7c4d0f47088a +#vig-server widget details +AAI.model-version-id.vig-server=8e8c22f1-fbdf-48ea-844c-8bdeb44e7b16 +AAI.model-invariant-id.vig-server=bed7c3b7-35d0-4cd9-abde-41b20e68b28e +#virtual-data-center widget details +AAI.model-invariant-id.virtual-data-center=5150abcf-0c5f-4593-9afe-a19c48fc4824 +AAI.model-version-id.virtual-data-center=6dd43ced-d789-47af-a759-d3abc14e3ac1 +#vlan widget details +AAI.model-version-id.vlan=257d88a5-a269-4c35-944f-aca04fbdb791 +AAI.model-invariant-id.vlan=d2b1eaf1-ae59-4116-9ee4-aa0179faa4f8 +#vnfc widget details +AAI.model-invariant-id.vnfc=96129eb9-f0de-4e05-8af2-73146473f766 +AAI.model-version-id.vnfc=5761e0a7-c6df-4d8a-9ebd-b8f445054dec +#vnf-image widget details +AAI.model-invariant-id.vnf-image=f9a628ff-7aa0-40e2-a93d-02d91c950982 +AAI.model-version-id.vnf-image=c4d3e747-ba4a-4b17-9896-94c6f18c19d3 +#volume widget details +AAI.model-version-id.volume=0fbe2e8f-4d91-4415-a772-88387049b38d +AAI.model-invariant-id.volume=ddd739b4-2b25-46c4-affc-41a32af5cc42 +#volume-group widget details +AAI.model-invariant-id.volume-group=fcec1b02-b2d0-4834-aef8-d71be04717dd +AAI.model-version-id.volume-group=99d44c90-1f61-4418-b9a6-56586bf38c79 +#vpe widget details +AAI.model-invariant-id.vpe=053ec3a7-5b72-492d-b54d-123805a9b967 +AAI.model-version-id.vpe=203817d3-829c-42d4-942d-2a935478e993 +#vpls-pe widget details +AAI.model-version-id.vpls-pe=b1566228-6785-4ce1-aea2-053736f80341 +AAI.model-invariant-id.vpls-pe=457ba89b-334c-4fbd-acc4-160ac0e0cdc0 +#vpn-binding widget details +AAI.model-invariant-id.vpn-binding=9e23b675-db2b-488b-b459-57aa9857baa0 +AAI.model-version-id.vpn-binding=21a146e5-9901-448c-9197-723076770119 +#vserver widget details +AAI.model-invariant-id.vserver=ff69d4e0-a8e8-4108-bdb0-dd63217e63c7 +AAI.model-version-id.vserver=8ecb2c5d-7176-4317-a255-26274edfdd53 +#collection resource widget details +AAI.model-invariant-id.cr=8bac3599-9a1c-4b7f-80e5-c1838f744c23 +AAI.model-version-id.cr=3f908abc-3a15-40d0-b674-2a639e52884d diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json new file mode 100644 index 0000000000..ff33c17eb0 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/auth/auth_policy.json @@ -0,0 +1,47 @@ +{"roles": [ + { + "name": "admin", + "functions": [ + { + "name": "generateArtifacts", + "methods": [{"name": "POST"}] + } + ], + "users": [ + {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"} + ] + }, + { + "name": "ops", + "functions": [{ + "name": "actions", + "methods": [{"name": "POST"}] + }], + "users": [ + {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"} + ] + }, + { + "name": "readonly", + "functions": [ + { + "name": "actions", + "methods": [{"name": "GET"}] + } + ], + "users": [ + {"username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA"} + ] + }, + { + "name": "basicauth", + "functions": [{ + "name": "util", + "methods": [{"name": "GET"}] + }], + "users": [{ + "user": "aai", + "pass": "OBF:deadbeef" + }] + } +]} diff --git a/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d24d9b4de61178a26e098390e0349478685ea4 GIT binary patch literal 2483 zcmcImc{J4R7oYDe!Z5OBYe-0zG?J{nzqjm_K}L-wnqitz!!Uz*jWD($vP4Lj$dW>K zMY4rNVUk^lERm$FXE|c7zoOM&Sv!0B)6xCD@y2Jy4h~)atoY)AC}E{H z_2jFFmN6v0PdmiW@8%X%Z?TXva%IqaWLhdj+Dpg0aKSoi3>jVGWT zICM+#c0R#HgE3Kdw}SmAMB3(4W0(;1&rHXaX<7TE(@M>KRZCeaS5!wONSKxVys*7% zT!x7aAH~^HqeO3mH#wu49e7bytq;4!$EBl&MK8Y`gEu}ZiM*jREmmM-ZLu%IL2Z@_ z5jy?Jli3oaui>dLe6Ers;KK809hoV;IlOr$f>rOsqOzXqt@13HJ8^i-EX59X=mwey z6j4{Dst|)h4?ZA2rnJkz`o8P6g!wymTCDMi1~8eJqE#s0?G5_pc8wgLWO(bp_CK{vq7cS5E$S>SH8!?7IyLmCY3W|=B`9gfF zmne5X^xm@7)=)p=nlUAU7GHUZsrfcm<>KBlhnE;R38J*yOqsu6R~7HT1QlUbVL!Jx z48J$9Ug8gYGd`%2oHf4^@%V5p5HB=xxS-k6kh`EEDdd*V*)kU)J(b-W6MrOQBoAr# z_${Hmc_G1Q*fJVf6;Ph3{hYoLUf1A^kq0$owpgW4IUs zOV3h`%a=Ahr@D;Dz#D@)-yE&?d^JMRS95bryH0unmY2Yel_Da$`rZo{whd{ZD2oKrJS_<&~97BlbY<`!(_$&iF^p-Mi1b{bu?$m4a9rEAe~ z*L#Os8c7yLoK5q#{^G$Ev+7IOviZZaBHfZfwz(|zQc_8jd1|mu@J0Q_$N>8@+31ke z*5f!!;+R2}-xrRu)n0;Bl2Xw}>vaZXQRO*IF237;?VL|t5K{K;aiYGc)BF*Uiv$pR zuj;-Wf9()zw?;2J>fL#PlDDHp$&_PJ7BGkQjMVi+sct)y;(=6ge=zN5RfJ*HG*LPr z5Y&CU9$rQXpbkgza6xRKT*6?Jlj?#f zfgQlj$8AkN=rjs zT~kx%=rKDn{v*G_|Fd@nu>aTVZZ`u60}ueA7yvJr0RW)JHtpu?PjzLX3;z34%|}87 zDjx@^87Y;?8kf`;Ay9*lzlb;;OR4-aOk#h`uMhdr<>^;Z6U&vt9WZ-2liiACz4rDy zAi|j3Kg5RsC}~YDVzS7z`#vf6vBzVZLSyE06MVVP*_c|B6}d1mFI{x)DrYc~d*b2m zjiC1K!E$HLh4M$Qw>u+s+XT(?l=#I)OM3q!+E%>(Olg;$OIRH8|5dVMxhcJ3Ogi$jH7wEI@1U^sx#?- zs}ZRLH?pfcjX?DwP=Bk2+_6T&<7kB6(m$R3<7LN)tMl*G#CELw?y! zxu0s0Fv>+y(BZg*$qOS@jdAywBVY?*d4+sJX$MSV$|=7#y*IPvHAp5V`wpG8NC~bB z>kYBJs+a7Z)I*IIuDouZjC+`VeyQP+Y7jNMyd62{MV`(!Gf2WqYiR2$ST*C?fObY@GGagXM$eJcMd?%$)#sMQg2irf#> z`wn~O=v<#X#)O4$-esj9k&eheYDEtlS4g`#`e2%N(4A$_Q#whm4=(4HNWvOkK|O{k!kk_mIrcXd{yLlh literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties new file mode 100644 index 0000000000..ef85c23a04 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/babel-auth.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +auth.policy.file=/auth/auth_policy.json +auth.authentication.disable=true diff --git a/kubernetes/aai/components/aai-babel/resources/config/logback.xml b/kubernetes/aai/components/aai-babel/resources/config/logback.xml new file mode 100644 index 0000000000..878d8c05d0 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/logback.xml @@ -0,0 +1,194 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditLogPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${metricsLogPattern} + + + + + 256 + + + + + + ${logDirectory}/${debugLogName}.log + + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + + + + e.level.toInt() < INFO.toInt() + + + DENY + NEUTRAL + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json new file mode 100644 index 0000000000..fa3a9c9952 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/config/tosca-mappings.json @@ -0,0 +1,193 @@ +{ + "instanceGroupTypes": [ + "org.openecomp.groups.NetworkCollection", + "org.openecomp.groups.VfcInstanceGroup", + "org.openecomp.groups.ResourceInstanceGroup" + ], + "widgetTypes": [ + { + "type": "SERVICE", + "name": "service-instance", + "deleteFlag": true, + "modelVersionId": "46b92144-923a-4d20-b85a-3cbd847668a9", + "modelInvariantId": "82194af1-3c2c-485a-8f44-420e22a9eaa4" + }, + { + "type": "VF", + "name": "generic-vnf", + "deleteFlag": true, + "modelVersionId": "93a6166f-b3d5-4f06-b4ba-aed48d009ad9", + "modelInvariantId": "acc6edd8-a8d4-4b93-afaa-0994068be14c" + }, + { + "type": "VFC", + "name": "vnfc", + "deleteFlag": true, + "modelVersionId": "5761e0a7-c6df-4d8a-9ebd-b8f445054dec", + "modelInvariantId": "96129eb9-f0de-4e05-8af2-73146473f766" + }, + { + "type": "VSERVER", + "name": "vserver", + "deleteFlag": true, + "modelVersionId": "8ecb2c5d-7176-4317-a255-26274edfdd53", + "modelInvariantId": "ff69d4e0-a8e8-4108-bdb0-dd63217e63c7" + }, + { + "type": "VOLUME", + "name": "volume", + "deleteFlag": true, + "modelVersionId": "0fbe2e8f-4d91-4415-a772-88387049b38d", + "modelInvariantId": "ddd739b4-2b25-46c4-affc-41a32af5cc42" + }, + { + "type": "FLAVOR", + "name": "flavor", + "deleteFlag": false, + "modelVersionId": "36200fb5-f251-4f5d-a520-7c5ad5c2cd4b", + "modelInvariantId": "bace8d1c-a261-4041-9e37-823117415d0f" + }, + { + "type": "TENANT", + "name": "tenant", + "deleteFlag": false, + "modelVersionId": "abcc54bc-bb74-49dc-9043-7f7171707545", + "modelInvariantId": "97c26c99-6870-44c1-8a07-1d900d3f4ce6" + }, + { + "type": "VOLUME_GROUP", + "name": "volume-group", + "deleteFlag": true, + "modelVersionId": "99d44c90-1f61-4418-b9a6-56586bf38c79", + "modelInvariantId": "fcec1b02-b2d0-4834-aef8-d71be04717dd" + }, + { + "type": "LINT", + "name": "l-interface", + "deleteFlag": true, + "modelVersionId": "a32613fd-18b9-459e-aab8-fffb3912966a", + "modelInvariantId": "cea0a982-8d55-4093-921e-418fbccf7060" + }, + { + "type": "L3_NET", + "name": "l3-network", + "deleteFlag": true, + "modelVersionId": "9111f20f-e680-4001-b83f-19a2fc23bfc1", + "modelInvariantId": "3d560d81-57d0-438b-a2a1-5334dba0651a" + }, + { + "type": "VFMODULE", + "name": "vf-module", + "deleteFlag": true, + "modelVersionId": "c00563ae-812b-4e62-8330-7c4d0f47088a", + "modelInvariantId": "ef86f9c5-2165-44f3-8fc3-96018b609ea5" + }, + { + "type": "IMAGE", + "name": "image", + "deleteFlag": false, + "modelVersionId": "f6a038c2-820c-42ba-8c2b-375e24e8f932", + "modelInvariantId": "3f4c7204-739b-4bbb-87a7-8a6856439c90" + }, + { + "type": "OAM_NETWORK", + "name": "oam-network", + "deleteFlag": true, + "modelVersionId": "f4fb34f3-fd6e-4a8f-a3fb-4ab61a343b79", + "modelInvariantId": "2851cf01-9c40-4064-87d4-6184a6fcff35" + }, + { + "type": "ALLOTTED_RESOURCE", + "name": "allotted-resource", + "deleteFlag": true, + "modelVersionId": "7ad0915f-25c0-4a70-b9bc-185a75f87564", + "modelInvariantId": "f6d6a23d-a1a9-48ff-8419-b6530da2d381" + }, + { + "type": "TUNNEL_XCONNECT", + "name": "tunnel-xconnect", + "deleteFlag": true, + "modelVersionId": "e7cb4ca8-e1a5-4487-a716-4ae0bcd8aef5", + "modelInvariantId": "50b9e2fa-005c-4bbe-b651-3251dece4cd8" + }, + { + "type": "CONFIGURATION", + "name": "configuration", + "deleteFlag": true, + "modelVersionId": "5a175add-57e4-4a5d-8b02-c36f1d69c52b", + "modelInvariantId": "166c050d-f69d-4305-943e-0bc58c3a26cf" + }, + { + "type": "CR", + "name": "cr", + "deleteFlag": true, + "modelVersionId": "3f908abc-3a15-40d0-b674-2a639e52884d", + "modelInvariantId": "8bac3599-9a1c-4b7f-80e5-c1838f744c23" + }, + { + "type": "INSTANCE_GROUP", + "name": "instance-group", + "deleteFlag": true, + "modelVersionId": "8e6ee9dc-9017-444a-83b3-219edb018128", + "modelInvariantId": "3bf1e610-45f7-4ad6-b833-ca4c5ee6a3fd" + }, + { + "type": "PNF", + "name": "pnf", + "deleteFlag": true, + "modelVersionId": "e9f1fa7d-c839-418a-9601-03dc0d2ad687", + "modelInvariantId": "862b25a1-262a-4961-bdaa-cdc55d69785a" + } + ], + "widgetMappings": [ + { + "prefix": "org.openecomp.resource.vfc", + "type": "widget", + "widget": "VSERVER", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.cp", + "type": "widget", + "widget": "LINT", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.cp", + "type": "widget", + "widget": "LINT", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.vl", + "widget": "L3_NET", + "deleteFlag": false + }, + { + "prefix": "org.openecomp.resource.vf", + "widget": "VF", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.groups.vfmodule", + "widget": "VFMODULE", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.groups.VfModule", + "widget": "VFMODULE", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.vfc.nodes.heat.cinder", + "type": "widget", + "widget": "VOLUME", + "deleteFlag": true + }, + { + "prefix": "org.openecomp.resource.pnf", + "widget": "PNF", + "deleteFlag": true + } + ] +} diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/fproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..9eec841aa2c1243b5ca3e22b0b116e5bca2afd49 GIT binary patch literal 2214 zcmcJQXHyf35{AvG`{CJ{ot=GmXP3T7-vj^vpko357Sz|n&7RYU`$h=up~Z`{XDvR*`$ zzz#)47haP~tv|D6mK5}zGvJ;XTcs8(8BRtSutt0nY_g%MoRa|;|Md5m6Fh;Jq2N{Y z_@3}C$JB}YtUs*Za?s`JeoMO1+r=63TnZY#qy*QgQqWyhEkSt;6nsS%)@q-fP~E0k z;;U!hctBy*u?73i4m--P-{w7I}r@otzjdND9D8ErKeeYe+W~WR6XoY%67E(c zKG2?clD{PU%-x8D{xsDjm8_i!Iz*!~sprgz-pbd|wD(J^B61Y&c8N|WjVZ|w(#tL3 z);vAKL47*5^D&KRS;w=+hJbeg9DS27bTdLTKaF?v@IGVZYIWHjnM2&;#FbO!hU2qE z+bdse`Ua`*ZDSbQ2`zDZPe8T@&;k+)>fplIw{8rpK#w_^oyy@JG-<*ytx4iE#yxnm0w= zsQ3mhmsjlZsqDe$)4tZiZ8RyqHRA(V@Z-;JVxjT&?A7`G1xSuj{d4T^ z`)2$ClX^CNSj2ZA7>6eiBWnlCZ#_k7+R{j3Zs3k}#59ZG%&egH70h}?*UV&AM*Nux zftp}&{@Bu4uYsw@OI5B^W#l8Gva3CRE@@gldvhn`*Zk<$Y0#?*w(wKl@IPPerG#ew zF#ma(&R;XYX7qXa!7I*7ye&-MlMsvA*gq!(+D7brD%esfz4f5p*wqG`A;*o|ZZ!I} z+5PP#v@U?VeeENz+c5~Ar}mueC$HJKfJ&S_*{uz6VF>tC@l@c(g?Mr?%9Bnz=F$N% zGJwGPmUyvf1q#=GQSz;4>Y0n!PhQ=nPlaG+ZKuVDSYCSTCB@@0XY72sTWR}GFu0sM zuJU)M7B9no2}*V)H*Q$sZ4bK=uc;9Z#*YlOBsxVL(zz4`vhyg-qhWGi7huPU<11)Y5*UN!14#^-uFzS7BV58VKr zEA@&jM5+va6#HX6u>AXmQdEdZs8yblX}kfBR64HCf0!aQRy-pc`BR7Bd{w0`La7pI zkm=yi-+ve=rYfwtttUgeMdb|Jcjx%UI#bu~NFgHk+;KiDl~>v4d7X3w z9rc55$0f!7n&sJ9{L+P^xOe}Ks>QqeF)(&V{YCm!er2w>_iX(t_Tivuge8N>R-3qr~xQviRhIz7E zmF2Mnc|_>mPq`r8ijUH>?@90qr{15OW~Xm0vAh-gzs|zfiNZj${Gzru|mOS5GWjURRewE_Y};HIkp*=k2hBQiz7ez0-g*`J z;kBFnkU1$tF0Q3m>%h|VsX%2p1>*X`1iB_Xsp#U?;-t;1ook?X4d(qVk*{RR6P$!( zp1b3J(1hT0hDnnDpuGp1ZS=|N6}7K@$PGzIw|!Z2!?d{VA_xow0CUArqA20xnF@14 z_#iwJi$B9~LoCv7gCyLen@bi+ATHT|ns~f5$0h;+Rx~^Phbuh2WcIpC_L=IRX6m;L zysyK_ECDymj03FucK5@FeBsQGhhk{RwcU?BM=B2vJs7~^Rk^HuniMI0TX6bN0{i~@uuQZjr@ z0~JCi^gFuj9Za{klpnkui<5%Dg>7HPFqAv?53G&aN9E0RU&+ronb{ED1*wh|l;Zsh_>tSL literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..0637cfb84b --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..99129c145f6069a2038983022d440917e1b61fd5 GIT binary patch literal 3594 zcmcJRc{mhY-^XXhSjUpazJ!#eGG+|f8A7s0ma=55qb%7a!eozZ*}~YeQ-&e?zGWFC zM8=XOB^22;9^Lo-+}Hg)@B7dD$NR^*&iS7GI@kC2J0J2oc^v=%fc`GDXtaZuy{DHg z8UO&=fA~hz1)wy8Nx@|S07_LjmQo3hr4Y)Y00BWDS^)0VdRq~(CJW9$MSCe+GklK$ z2!v1q;8zfgaC#~VV=#oCQr}2LMFYVAhy2!b^k98G6$1nWPWxL@K|#hw@N?`82pPB} zTnZtHkdlzO!_I(|fg_QKzvTaMH!SGOaM3*LK+jVuV%5^l*4uhB`dQ$Ki3n*i!ELLq zNB-zZdNyh)0`W*Kff2eh&+RIpA!;|N8`{-xHuf;0c%#PH|en8Gm;$ z{q6vt21xinZFm|Lr#1uvl==EFul=%hE0wt%(F!eMhJC%%_sANRQnQh+f=F@VcG?(4 znlF{hAv2vaVNRW2#-Ht>q)9CwY_@ppZn0ZR;#vxfqppoAd)4ZXaY4BipOk&I9 z=j*QA^?@wy4u{m8SMd1shl8v#^5(q9K`yu3h1#-yrMxQ!=eT>$a(ep3WMo#Tqw|ln z`Ufl9EYwSKapusZfs19qUr-%g5_8q=55fqIbu#?jPv_z;ge@7wGAsM#WEXA`$Ne6y z-tUX!D4Q&g&hoA4Jm()JWUTeNzFGVFpql{jM_;YRSSsV3Z`7_-0~eT}^D;Z)9_6Kg zNAg1w0V0+YOpHHCyYs=U%VA=7X2FzrUstqJn^8i%Y!a&SMdhGhHZi6OXLmRP$lB#Ze3+nNe7;l%Ps7Y3AEqyCoB^M+ zHs4J;@vwV`pXOO0fXd6w#TM;#+BC<5cf?LJD+rDSlTZCacbN(Z23`U&15fi77z_T2 zAkWW{G|#fB#6kOgzTTIfqLqS|Lyq|P7GB~iEZ69=%Zr9YbeLx*K9hUU+GBpB*~z%!~52GYEGn6&UV(ewMvF{DMP75-~$5MKNdl0~xGRmC}FV%wW|^ zs*JA1&*#Jm%$?_Z995=;-ij`@gP@nsmAO1O~~n*DCF zyPx$bEmOPG*84fmdyMjxB=NDtT)xh#gmtgSsNF5($yQQZd}yQ+#sWfW?JGQ>X3uM` zO9@?}8PWc{8VYg1JZSVwmraXyzVc}F5zpvugX=(cYwXZB4U2X98r1S!E6J%LDAv*7 zy_{!wz%rxJmjUo3$Pt)|X6Pp+x19$If{Thsdj=v61y7m3M++YSt^U{4NyT zUpPO~aL>$gUspwb!S~KgcLQy!ec+q`$I&iVtnWO-FgjI01WzUcOh{|2x zesVZJzVQ+C0#6st;Q@X9VmB=``=`mi44J)dm`-nP$?pZ@Rn|7jA1R!lu1mlEz}4~I z#uHDMP8e(i4aR+LvKqDjYVNW^zB#+Mm4dhdVD4NUkngj9tX`n}4CgJO*1Q0JK6|$B zI@sxi%d?sVFF(n{l8;oFa@;l%^^Lg<@NaBO_#tS)%br_5f8g;5yIoj+ZnyBU~+#`!&iX#L30bl$pe|(jTdSVc2Q6OiSs3RX+ zF^OV7N)w(an-PoL*F}a^O5EWr%l4;lz48RtzF$%G>aN}=NSk9~ zsdlyZD`)vGI-+8w8%l%UQb-!ZKr)Xi`Ld$cEs;b*Ss{)$GZV@-`r(F?fSC7)N?N4$KC*7a=NKf8e zq({9-7;n;E~hWWA2n1xDDTF^Xx{kN=jy9RaGs%Wfo&5y*c%;&b z#8>hNB>ku>JMZ_&Bf+}E=_InK;oL#1ToxIURyve{jj2RBChN67X???E(wMP!J7fzY z%e~99&1?mkDgJSPe8yUbQ?zHwg42D0q90gzFDY$4kDy-^a+A!$>Ml*1=0R=m%kYfl zZxNrIblXUB$uG+doRp-d(kVsH`@0_Bio2>Sr*x?q`L(nC8tm;$7u!*j*eBxgZDkq< zw+(~2swxR!=L7?)Ro*FCCzm$I>#W!Fb+m3mJib3?E1!NqkpiQhyX$k%!pVq%2;l-& zx+sjl4vA@%cCNn7f0C4Gom_Xzu&hJsPmU9S^ZkS4K785_lOLrKt$lpnHM+I@Q!I!{ z?7v(?@%!y8R&2B%F0%~c=o_xuW~1KCG;Zp67(sC~zNWAAeJzJ}_QFTKpwxk*F)Ogu zoq_&iMZY7r6JXhA@tndH;n>VA-bsO9VkMI;Az}FOz#$;|`>-x3cJt;)p$s*zYD@F4 zSOsNf(Ty8`euW2)+1*t@ajmf)bW4rlWgIU_Z=J!sVn^NWepjZCm`}s|w%hrUDQl2? zpZ7bsio*~5-)KiDBP6A#L5PM{I3VmfAo#ED|f?w@Kyf7HbYn>c( zqR_o}V5!$RE+HXZ1m!#b_^!XbAa3Uo%`~l#ju5U%NLh7Btr0s#J-#BZDg5B^JbR`h bHA4n}c7Wg6kSx#03G;5$(TcY1CK35B0yZ&e literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..acc940987c --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,93 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/services\/babel-service\/.*", + "permissions": [ + "org\\.access\\|\\*\\|\\*" + ] + } +] diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..a82e38caf6 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/cadi.properties @@ -0,0 +1,25 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG +cadi_keyfile=/opt/app/rproxy/config/security/keyfile + +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# Configure AAF +aaf_url=https://{{.Values.global.aaf.serverHostname}}:{{.Values.global.aaf.serverPort}} +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..1b58d4235c --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..2cd95d4c69 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..7055bf5303 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9516 diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000000..6cd12fcfb4 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +bZNOXiGDJ2_eiKBKWYLIFx27URvb-SWfmOl2d-QKetcVKIupOrsG-ScS_VXOtKN3Yxfb2cR6t7oM +1RNpDnhsKAxDLM6A62IkS_h_Rp3Q9c2JeyomVmyiuHR7a2ARbelaMrX8WDrxXI_t9ce4pIHDVE29 +xiQm3Bdp7d7IiKkgg-ipvOU7Y6NEzeQbvHlHvRTJ3ZZMSwHxBOA5M8DhKN-AF1sqwozEVaNAuJxK +BVdh72A6KTW7ieb_GvVQQp8h32BuOz8oJhZV7KaGXsWTEvXg9ImboY0h7Sl9hufgn1ZtDK1jxzGm +6O6LBg1qezzZaFGTXRmHvaeYmEeYSu0bGsU4x-JCU0RyhNTzFhkhjNoccaqPXBdcJymLf096mD99 +QLS8nyji_KtLQJL1fqr500c8p6SOURLPgG6Gzkn4ghgFYlfgve92xs1R3ggHKhNTLV4HJ4O6iSDm +zCoHeRbsZR1JER9yxT-v8NtcHOMAZe1oDQeY6jVyxb-bhaonN6eZPI4nyF6MHJQtWKhGARC_kOs6 +x9E0ZdAEp5TrX7F7J5PwkXzbCOuSiTVftOBum43iUB4q9He8tn2tJ0X4LtLHT3bPl16wWnZm9RPf +8wBtTJh4QP_cTStPq1ftSaLIAuqVFpbiC2DxGemXZn3QvykuYqa-rKeYPoIJ5dtWd5rNb_hhcSIz +FakKTELb0HWYGji98TBF6PaStea2f2m-wGX_uQGD7_Dijl6AgnV9koKVs1bN1XljLtNMPbLdD8sz +UCvc5lwvCFyyeunljI7os1fgwBmaMyckflq5VfZv9kFxom6jFLbcozylQ_uBg4j7oCP79IXVUI-r +banZltOSmm8zHGc2R9UlUyxJWBi01yxwi1hUtn9g1H4RtncQpu3BY0Qvu5YLAmS5imivUnGVZWbv +6wcqnJt5HwaVatE9NHONSLNTViQPsUOutWZBZxhJtAncdZuWOYZSh4TPzUJWvt6zT0E3YMBc_UuG +yPmdLyqo7qGHR8YWRqq_vq6ISJqENMnVD6X9-BeI6KM4GPEAlDWyhgENXxQFjG45ufg3UpP8LBTB +xDntlfkphRumsd13-8IlvwVtlpgnbuCMbwP_-lNVeNJcdA1InPt79oY-SEVZ-RVM1881ZASCnFeB +lh3BTc_bGQ8YoC9s6iHtcCK_1SdbwzBfQBJUqqcYsa8hJLe-j8di7KCaFzI3a-UXWKuuWljpbKbq +ibd48UFJt_34_GxkD6bmLxycuNH-og2Sd2VcYU0o5UarcrY4-2sgFPE7Mzxovrl98uayfgNF9DqE +fJ4MwFGqLRtEHlm4zfuMxQ5Rh_giMUHDJApc1DYRkxdGbNUd4bC4aRBln2IhN-rNKbSVtiW_uT6v +1KTMGmElvktjPWybJd2SvhT5qOLUM81-cmZzAsNa04jxZLBlQn_1fel3IroVos4Ohbdhar2NG6T5 +liten9RZ9P4Cg9RWhgeQonAD5kqLWXAHnCfffb5CVcAU5PHqkCgCbdThvD0-zIGETLO9AE0jKISc +0o67CUZn3MzJ9pP_3gh-ALr2w-KAwqasqCf0igf1wmEDijv9wEDcgDm39ERIElTpGKgfyuVl4F8u +PrpK5ZfpUYySUB6CZFQVVz0MvH6E7orQk4dCKFIimV_XwEtGijBttrTvyV6xYNScAEw_olt-0mdm +8UEKSsuqSyDMxUWLjKJT19rNedahYJNtI87WR9Fhhjsrai9Or3a-srOYa56wcvSj2ZHbkevbO9Xv +dQ2wzWCGEAMQSpSr83n0XEpR2pZT19Z19Svbhr08mnt2JNykCk60FLCeDTUOylJtYw6YOjqBizQZ +-85B51BCbSEaAKJkgT9-8n_-LGW5aPBrBB_9FT7UIYczNEt3B1Lqr2s4ipPI_36JecEfqaS2cNLn +c0ObAtNGAONkhO5LYLneMR3fZPMFuOX1-rMObPgE0i9dYqWDZ_30w9rpRsmiWyxYi5lvWDxU5L1J +uJxwREz3oa_VgpSC3Y2oxCufdQwzBk57iVLDOb1qs_Hwj1SWd1nukWyAo2-g5sR1folAEcao \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/configmap.yaml b/kubernetes/aai/components/aai-babel/templates/configmap.yaml new file mode 100644 index 0000000000..07e684d440 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/configmap.yaml @@ -0,0 +1,70 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/deployment.yaml b/kubernetes/aai/components/aai-babel/templates/deployment.yaml new file mode 100644 index 0000000000..70ed7bf583 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/deployment.yaml @@ -0,0 +1,254 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + spec: + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + env: + - name: CONFIG_HOME + value: /opt/app/babel/config + - name: KEY_STORE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_STORE_PASSWORD + - name: KEY_MANAGER_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "common.fullname" . }}-pass + key: KEY_MANAGER_PASSWORD + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/babel/config/artifact-generator.properties + name: {{ include "common.fullname" . }}-config + subPath: artifact-generator.properties + - mountPath: /opt/app/babel/config/tosca-mappings.json + name: {{ include "common.fullname" . }}-config + subPath: tosca-mappings.json + - mountPath: /opt/app/babel/config/babel-auth.properties + name: {{ include "common.fullname" . }}-config + subPath: babel-auth.properties + - mountPath: /opt/app/babel/config/auth + name: {{ include "common.fullname" . }}-secrets + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/babel/config/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + items: + - key: artifact-generator.properties + path: artifact-generator.properties + - key: tosca-mappings.json + path: tosca-mappings.json + - key: babel-auth.properties + path: babel-auth.properties + - key: logback.xml + path: logback.xml + - name: {{ include "common.fullname" . }}-secrets + secret: + secretName: {{ include "common.fullname" . }}-babel-secrets + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-filebeat + emptyDir: {} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-babel/templates/ingress.yaml b/kubernetes/aai/components/aai-babel/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/aai/components/aai-babel/templates/secrets.yaml b/kubernetes/aai/components/aai-babel/templates/secrets.yaml new file mode 100644 index 0000000000..adc2220da1 --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/secrets.yaml @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-babel-secrets + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-pass + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: + KEY_STORE_PASSWORD: {{ .Values.config.keyStorePassword | b64enc | quote }} + KEY_MANAGER_PASSWORD: {{ .Values.config.keyManagerPassword | b64enc | quote }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-babel/templates/service.yaml b/kubernetes/aai/components/aai-babel/templates/service.yaml new file mode 100644 index 0000000000..69892ac32a --- /dev/null +++ b/kubernetes/aai/components/aai-babel/templates/service.yaml @@ -0,0 +1,52 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.global.rproxy.port }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + {{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-babel/values.yaml b/kubernetes/aai/components/aai-babel/values.yaml new file mode 100644 index 0000000000..24b22b55fb --- /dev/null +++ b/kubernetes/aai/components/aai-babel/values.yaml @@ -0,0 +1,87 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################################################################# +# Global configuration defaults. +################################################################# +global: + loggingImage: beats/filebeat:5.5.0 + +################################################################# +# Application configuration defaults. +################################################################# + +# application image +image: onap/babel:1.7.1 + +flavor: small +flavorOverride: small + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: babel + externalPort: 9516 + internalPort: 9516 + nodePort: 79 + +ingress: + enabled: false + service: + - baseaddr: "aaibabel" + name: "aai-babel" + port: 9516 + config: + ssl: "redirect" + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-data-router/.helmignore b/kubernetes/aai/components/aai-data-router/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-data-router/Chart.yaml b/kubernetes/aai/components/aai-data-router/Chart.yaml new file mode 100644 index 0000000000..70f75f6dd5 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI Data-Router +name: aai-data-router +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-data-router/resources/config/auth/client-cert-onap.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json new file mode 100644 index 0000000000..c03870e288 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/auth/data-router_policy.json @@ -0,0 +1,18 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ] + } + ], + + "users": [ + { + "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA" + } + ] + } + ] +} diff --git a/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-data-router/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..7a7738602dbda3949baf56550ebd2486d4d797fd GIT binary patch literal 4767 zcmcJTcTf~dyT&&Wmmn?~Bq~W+W?7N2gasr>4iY5El2L*r35v){77j@Xl7k>Y$vJ~$ zSU@Ca2_gt6NLIM0=bk#>`EJ!$_g39Mrn;Y=p6;ohx8MFfbFy)=0Rn*_XBYHW33GPB z-2;KZF4v%Iejp-4qzE7m0>QiiJj?^YLrl}55HJJ+CIKjk$pnIwgZ3%GU^o#7xPqbr zD2SnYFgOK~rmn24B8n1#|J39ZFij0vEfgFe`zeVL5ItRhje!y+28f|VQDPz}w5SmS zr7-$$5>Wb=?*AO>pEEH53_pj4Qk=7Qa<_JMw6?Oxxm(N2-WCV&V6MNvDVPWZ#e=Cq zXYJ$=JQxfr8gzLdU0GEKK&E7;`8fsSJKF`iMN{)|mg|bXcujRrs5ppf5v%J;{CZk&lOuY` zFvd&q@@BFI{QQ#hE=Aa53d|chy{3=H__aJ6z3ora%`wXuQ@K%Ba`B~Zrnp|d5S6}q z#T)jsMur7LmR^`VVU6m1Gsb?Ve|F z{=w!$2owwgXZZ&K{!f4lXN!1&3Pum3_1{l4K3CHfKD(o1wx(g9E-zg;1F-+R%?)D& z=pWPS>Y=w)*9WyrTD)Gg@Sz@Tt!>-@&j0Ly0E16qqyX_*0Re*ns-JDtKignuffMw5 zj!Q6lfR>o_GBKElhy)7$s|NY|r#cHNC>{a^Q6pSma6}Z@R&8<(`2>{+*f_U_ySs=* zfL|Sl<_-}YNHZcvOt#KFWmCrWc+q8Jd`&HT(wY;qbGtl`B)Z+p*r_|-Uc?l`E2mX- zs^^?`bo8*-;K$2#iFMjKs+_6{lu`P39==zxN0i_@b2upJASn|A)4E3SZdc|nXG*2&ax61MC|VDXo+(_s~VTUb_GEoBFI@nIynn3^0O#{ zfdwEm;Iq9A!^754C-ZYN%IE22BN09K*Y1i=kcj|=@MCuNh3wSVrt9Qsg}MEFYBbZM zA7^qG)h9yL$b!GHG@8vw@m+=%9Nc%FV>zdAxm-a?h2D>DDZG}`?UQ%imemc~uF8m; zeVtTK{@^7JT9iO2mtDQ_QMwRtWzOA1zN%5WG%mfpa!a9NHqV(DUJ;qQZ)de5nO*tv zDH+w0b#&Em#E6K`vv`!rT$oLt#{0to{lgF>Z(vU_d-W#$+aB&trW3w$EknXov0_PL zW9-(-J)|O&<<`Qh@(MoPhoTiPd!&Y{Zr<;GNImnc@XZTUSviW>?14_{PlBPPS z%9FBxBKk&3K-#;p_8z*YWYjJ8+wbR??oeThXM~1hGT7Tnqc_|iVfVJtr`xg3Q2`;+ zb|&zdrmmbr5{Ar%>bQUv(m~aas{wEuyL)wBiQ)-i4p$xwJzyQ$t99y4Yl`UqtZ1@9 zQGs2aYnrjI^^368dN1J?^l+I<_i{VZZuR&}LB}YG&~yIf>!AjLsG8I}hR%=6(Ja?V zn{xwkQQzrZ-(xO1mgzqIdb-W>?a@Hs$U8Hxv8xan*K({z!A(pS9fvPt#^4`Q?xq)7 zS9s}HH4owbzUz)00Wp>o6*+`lB;|-I-+mnYbC_2JF~xExYyN^TTq6pfMDPDCe@y1F zV!Bjj09ow2N>nTUDB$oR zHG{=QkCE5SS0XqZq3xfTrbt<)XIYfw(4R^=rzg@=VlIv|SNlVAMi(!+3{3himO0Ew zA|K!-9V{8LBBrnz8#_;q=0`TCATLVDgBV>AMKAUe0@A+eABdeWR1c7AtS@=Jpt?ra zO!PI5>4TDJ(KvJKdkeP`^2GAKI!IsS$9l6N>osG?l@smR{p~o^4G>M+YA>eC`jNs* znLkoJgs(R&0MBO6cPYW_Pnq4yXiG3-th8BZ$qCyXeSXjI%OIb+<`|B!tL4=D`SC_i zv1uPf-??yb`Z9i{2&HDV&UnGZ&QQ-abUQK}QYu8~8VOF2@;l zgdWmSt|gN;9@&DMdRZ3IXphQ}i;)gJ4tLXSQz*5y*hAG5&%JgDd4-f3?B#g)$*1`1 znndUmtpJmk5;`$zn26V7Scc;S-qC_-!H@%GoSnQ>ZLmZsQZ3EOiaS2c{EGA^Wk$R zrrfFPM`(?LlgBCA;yWQBWg!EV;q|IY2|vmaEiG{#+!Vq z)CIPWp`tz@!{p7HnD3vKQtNjs8kdI8Ify5lVD?`vF$p3A?@^e%c}e=nIrzrige#ma z3ZW{NJ+Ur9Gj}JZC{DH(NwZlD5t1*qUmgk(POpu8Pd)h&XH>3I6^^VkEA^}wgPWbY zAg?gR-qd3tEGI5SqS*K%AQrGU7O5%1TRUB{zcS;06B^VMz(a4H5t{68LW3#brn&!d zo&u(S!zy`M)VW{BGmI2LqUq$0bG3IyQJ+0=Mp7gQVoi5k*}-{I zAFjNG>aFz)s^qt=c4s|_O*VgCeN(5PRpdA8aRTgrBfaqt2Z5L&QvS+ETuxz4g&!gy z)PnzrnloSqgG^Q|RK1sJ`%)=tuUV#H-%ZzTsk!PRQb|1x-e`K7_V4Zo4Y?yoe22nU zkgL1BJ>R9gj-5}z1s{ddb5?jGlD996asCj@8*B6rEE)0b2jjjBs6!&QvZvGua?f@Kw=C2&%RT00llPPjS=nxf(F8+TLktrL(;y=~X!z#S24R zFn=C?D%rk&XsXdRA}lPLi(uz^blb<8J9YN~=_J{GHJ;RZ9vQi%>vi}El93gRGVi@d z^9;#SB$P?Nyb55*R#Cx8`Z$u|+3@muij z5I*~ZD=C{TYAKC1HFhpE)B0-t{uhnr{X}@#JLEcu@mU_7^WT^GSt|u$WapwGt+$74 ztmMr2`l{j^g4y9pCLL@v#5}7{aRsT&@>q} z#xBGo)BGrQEfQ95%Mm`A^*s53i2Us@oxK#S`Fv)LE%cpD+F^hAp6c_>EJizTSC=XT zXoTqJHdOe82e-tWQd?KdPiT#nJmtu3!`Any99?>NZwnvmEz6DjLn^NIe7>gMH5Ng& zqmsVnXP3UnJ=viMGHeN|@@AhmuM~OwBa=p(pzuo6p=>gD)L=;yYNIwRBDUJNz4Rpq zpSaJg)#^YzI0K2N4V&H_>K^Kj7b)?bM;Po=B@dzteBnt{1{ZOZZwmzSi=8LRRrnmkZ7VtWYd(`R*&}vdK&=V^EeIYDW-T&EFc`BZ#^}t-zxYXb| zF#+a?Z$|J(6UTNyZGR(F($won)u1=CWCyK=)vms90Xd%K*!Z0+! zli2ZyhFpd!h9%wKPqp)QYYekN*xiJZ*g!d?aa_~p(FqS{9fy-$!=_BK*1dsY;ceG% zMQ<}UdQ((eZQ^&|08xqFeRN_N;|t&Y9B;MoG^hNCd-n>K?&3DfAx&mvyYt z(^uSVqL7!7YK(~Oy;Sh{6SnoO@LZY8y}6BVG?y z?{-Bp7K{~!rFd4fvH67Z=&2OdG^i@|Idg))c2z14$5YLDhVF^fGQ-N%veSa^5D7ed zfaw>0$Y(lAP4#VNZ~igea-g8mER3kc(+MZttQ#FA9u(J9NSz~a^4Kp>R-fnc*S-Uf zs6tvkr?5aX$1Mvy^ISOl>8sp4dUQLSZ-;NjX)q?|)WJ`jxg;7L!P4VdEy>66IWtiS zQGpg(w3#!Pk-VOhoyTc_7;3bYTeeFF=NqKRVw6fMtKe$i*iJs}< j$CRyiWA>~J9zhig`H##4F|PI*1BcY&U{2`E?Qj1Dq!j=F literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties b/kubernetes/aai/components/aai-data-router/resources/config/data-router.properties new file mode 100644 index 0000000000..e69de29bb2 diff --git a/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml new file mode 100644 index 0000000000..d7ff0143a1 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/log/logback.xml @@ -0,0 +1,193 @@ + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties new file mode 100644 index 0000000000..b94ce51e81 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/config/schemaIngest.properties @@ -0,0 +1,65 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. +# Copyright © 2017-2018 Amdocs +# Modifications Copyright © 2018 Bell Canada +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# + + +# Properties for the SchemaLocationsBean +# Files named aai_oxm_v*.xml are unpacked here: +nodeDir=/opt/app/data-router/onap/oxm +# Dummy folder/directory: +edgeDir= + +# Properties required by the aai-common - aai-schema-ingest lib as of 1.3.0 +schema.configuration.location=N/A +schema.nodes.location=/opt/app/data-router/onap/oxm/ +schema.edges.location= +# These versions need to exist if they are included in the list +schema.version.list={{ .Values.config.schemaVersionList }} +# Decalares the oxm version to load +schema.version.api.default={{ .Values.config.schemaApiDefault }} + +# Don't use these properties in our application, need to be set to prevent an exception on startup (see SchemaVersions bean) +schema.version.depth.start={{.Values.global.config.schema.version.depth}} +schema.version.related.link.start={{.Values.global.config.schema.version.related.link}} +schema.version.app.root.start={{.Values.global.config.schema.version.app.root}} +schema.version.namespace.change.start={{.Values.global.config.schema.version.namespace.change}} +schema.version.edge.label.start={{.Values.global.config.schema.version.edge.label}} + +#This property is used to enable or disable schema service, possible values are: schema-service or config +schema.translator.list={{.Values.config.schemaTranslatorList}} + +#These properties are needed when schema service is enabled +schema.service.base.url=https://aai-schema-service:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.local=true +schema.filename=mockrequests +#Default rest client is the two-way-ssl +#schema.service.client=two-way-ssl +#Replace the below with the A&AI client key store +schema.service.ssl.key-store=${CONFIG_HOME}/auth/{{.Values.global.config.keystore.filename}} +#Replace the below with the A&AI tomcat trust store +schema.service.ssl.trust-store=${CONFIG_HOME}/auth/{{.Values.global.config.truststore.filename}} +schema.service.ssl.key-store-password={{.Values.global.config.keystore.passwd}} +schema.service.ssl.trust-store-password={{.Values.global.config.truststore.passwd}} + +spring.application.name=datarouter diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml new file mode 100644 index 0000000000..2e3361d164 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/data-router-oxm.xml @@ -0,0 +1,17 @@ + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml new file mode 100644 index 0000000000..b5e4129595 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/conf/entity-event-policy.xml @@ -0,0 +1,56 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route new file mode 100644 index 0000000000..14db6d6596 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/resources/dynamic/routes/entity-event.route @@ -0,0 +1,4 @@ + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-data-router/templates/configmap.yaml b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml new file mode 100644 index 0000000000..93b498ac00 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/templates/configmap.yaml @@ -0,0 +1,68 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-dynamic + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/dynamic/routes/entity-event.route").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/data-router-oxm.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/dynamic/conf/entity-event-policy.xml").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-filebeat-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-data-router/templates/deployment.yaml b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml new file mode 100644 index 0000000000..01efcd0558 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/templates/deployment.yaml @@ -0,0 +1,188 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + initContainers: + - command: + - /bin/sh + - -c + - | + mkdir -p /logroot/data-router/logs + chmod -R 777 /logroot/data-router/logs + chown -R root:root /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: {{ include "common.fullname" . }}-logs + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: SERVICE_BEANS + value: /opt/app/data-router/dynamic/conf + - name: CONFIG_HOME + value: /opt/app/data-router/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: DYNAMIC_ROUTES + value: /opt/app/data-router/dynamic/routes + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + - name: PATH + value: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + - name: JAVA_HOME + value: usr/lib/jvm/java-8-openjdk-amd64 + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/data-router/config/auth + name: {{ include "common.fullname" . }}-auth + - mountPath: /opt/app/data-router/config/data-router.properties + subPath: data-router.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/config/schemaIngest.properties + subPath: schemaIngest.properties + name: {{ include "common.fullname" . }}-properties + - mountPath: /opt/app/data-router/dynamic/routes/entity-event.route + subPath: entity-event.route + name: {{ include "common.fullname" . }}-dynamic-route + - mountPath: /opt/app/data-router/dynamic/conf/entity-event-policy.xml + subPath: entity-event-policy.xml + name: {{ include "common.fullname" . }}-dynamic-policy + - mountPath: /opt/app/data-router/dynamic/conf/data-router-oxm.xml + subPath: data-router-oxm.xml + name: {{ include "common.fullname" . }}-dynamic-oxm + - mountPath: /opt/app/data-router/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-logback-config + subPath: logback.xml + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /logs + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: aai-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-auth + secret: + secretName: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + items: + - key: data-router.properties + path: data-router.properties + - key: schemaIngest.properties + path: schemaIngest.properties + - name: {{ include "common.fullname" . }}-dynamic-route + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-policy + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-dynamic-oxm + configMap: + name: {{ include "common.fullname" . }}-dynamic + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logback-config + configMap: + name: {{ include "common.fullname" . }}-log-configmap + items: + - key: logback.xml + path: logback.xml + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-data-router/templates/secret.yaml b/kubernetes/aai/components/aai-data-router/templates/secret.yaml new file mode 100644 index 0000000000..292e03571a --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-data-router/values.yaml b/kubernetes/aai/components/aai-data-router/values.yaml new file mode 100644 index 0000000000..354559b303 --- /dev/null +++ b/kubernetes/aai/components/aai-data-router/values.yaml @@ -0,0 +1,112 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for data-router. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + loggingImage: beats/filebeat:5.5.0 + +# application image +repository: nexus3.onap.org:10001 +image: onap/data-router:1.7.0 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +dockerhubRepository: registry.hub.docker.com +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 + +# application configuration +config: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + schemaTranslatorList: config + schemaVersionList: "v11,v12,v13,v14,v15,v16,v17,v18,v19" + schemaApiDefault: "v19" + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 300 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 120 + periodSeconds: 10 + +service: + name: aai-data-router + internalPort: 9502 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/data-router/logs + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1536Mi + unlimited: {} + +# Entity Event route configuration +event: + port: + dmaap: 3905 + protocol: https + consumer: + topic: AAI-EVENT diff --git a/kubernetes/aai/components/aai-elasticsearch/.helmignore b/kubernetes/aai/components/aai-elasticsearch/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-elasticsearch/Chart.yaml b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml new file mode 100644 index 0000000000..93c6b255a7 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI elasticsearch +name: aai-elasticsearch +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml new file mode 100644 index 0000000000..ae12344635 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/elasticsearch.yml @@ -0,0 +1,372 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +##################### Elasticsearch Configuration Example ##################### + +# This file contains an overview of various configuration settings, +# targeted at operations staff. Application developers should +# consult the guide at . +# +# The installation procedure is covered at +# . +# +# Elasticsearch comes with reasonable defaults for most settings, +# so you can try it out without bothering with configuration. +# +# Most of the time, these defaults are just fine for running a production +# cluster. If you're fine-tuning your cluster, or wondering about the +# effect of certain configuration option, please _do ask_ on the +# mailing list or IRC channel [http://elasticsearch.org/community]. + +# Any element in the configuration can be replaced with environment variables +# by placing them in ${...} notation. For example: +# +# node.rack: ${RACK_ENV_VAR} + +# For information on supported formats and syntax for the config file, see +# +################################### Cluster ################################### + +# Cluster name identifies your cluster for auto-discovery. If you're running +# multiple clusters on the same network, make sure you're using unique names. +# +# cluster.name: elasticsearch + +cluster.name: ES_AAI + +#################################### Node ##################################### + +node.name: ES_ONAP +node.master: true +node.data: true + + +# Use the Cluster Health API [http://localhost:9200/_cluster/health], the +# Node Info API [http://localhost:9200/_nodes] or GUI tools +# such as , +# , +# and +# to inspect the cluster state. + +# By default, multiple nodes are allowed to start from the same installation location +# to disable it, set the following: + +node.max_local_storage_nodes: 1 + + +#################################### Index #################################### +# You can set a number of options (such as shard/replica options, mapping +# or analyzer definitions, translog settings, ...) for indices globally, +# in this file. +# +# Note, that it makes more sense to configure index settings specifically for +# a certain index, either when creating it or by using the index templates API. +# +# See and +# +# for more information. + +# Set the number of shards (splits) of an index (5 by default): + +#index.number_of_shards: 5 + +# Set the number of replicas (additional copies) of an index (1 by default): + +#index.number_of_replicas: 1 + +# These settings directly affect the performance of index and search operations +# in your cluster. Assuming you have enough machines to hold shards and +# replicas, the rule of thumb is: +# +# 1. Having more *shards* enhances the _indexing_ performance and allows to +# _distribute_ a big index across machines. +# 2. Having more *replicas* enhances the _search_ performance and improves the +# cluster _availability_. +# +# The "number_of_shards" is a one-time setting for an index. +# +# The "number_of_replicas" can be increased or decreased anytime, +# by using the Index Update Settings API. +# +# Elasticsearch takes care about load balancing, relocating, gathering the +# results from nodes, etc. Experiment with different settings to fine-tune +# your setup. + +# Use the Index Status API () to inspect +# the index status. + + +#################################### Paths #################################### + +# Path to directory containing configuration (this file and logging.yml): +#path.conf: /opt/app/elasticsearch/config + +# Path to directory where to store index data allocated for this node. +# Use swm auto link to redirect the data directory if necessary. + +path.data: /usr/share/elasticsearch/data + +# path.data: /path/to/data1,/path/to/data2 + +# path.work: /path/to/work + +path.logs: /usr/share/elasticsearch/logs + +#path.plugins: /opt/app/elasticsearch/plugins + + +#################################### Plugin ################################### + +# If a plugin listed here is not installed for current node, the node will not start. +# +# plugin.mandatory: mapper-attachments,lang-groovy + + +################################### Memory #################################### + +# Elasticsearch performs poorly when JVM starts swapping: you should ensure that +# it _never_ swaps. +# +# Set this property to true to lock the memory: default is true + +#bootstrap.memory_lock: true + +# Make sure that the ES_MIN_MEM and ES_MAX_MEM environment variables are set +# to the same value, and that the machine has enough memory to allocate +# for Elasticsearch, leaving enough memory for the operating system itself. +# +# You should also make sure that the Elasticsearch process is allowed to lock +# the memory, eg. by using `ulimit -l unlimited`. + +### Kernel Settings + +# Elasticsearch installs system call filters of various flavors depending on the +# operating system (e.g., seccomp on Linux). These system call filters are +# installed to prevent the ability to execute system calls related to forking +# as a defense mechanism against arbitrary code execution attacks on +# Elasticsearch The system call filter check ensures that if system call +# filters are enabled, then they were successfully installed. To pass the system +# call filter check you must either fix any configuration errors on your system +# that prevented system call filters from installing (check your logs), or at +# your own risk disable system call filters by setting +# bootstrap.system_call_filter to false. +# See: https://www.elastic.co/guide/en/elasticsearch/reference/current/system-call-filter-check.html +# +# seccomp is found in Linux kernels: 2.6.37–2.6.39, 3.0–3.19, 4.0–4.9, +# 4.10-rc+HEAD +# +# The default setting is to disable the filters assuming an older kernel +# version where seccomp is not available. +# See: https://discuss.elastic.co/t/elasticsearch-warn-unable-to-install-syscall-filter/42819 + +bootstrap.system_call_filter: false + +############################## Network And HTTP ############################### +# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens +# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node +# communication. (the range means that if the port is busy, it will automatically +# try the next port). + +# Set the bind address specifically (IPv4 or IPv6): +network.bind_host: 0.0.0.0 + +# Set the address other nodes will use to communicate with this node. If not +# set, it is automatically derived. It must point to an actual IP address. + +# network.publish_host: 0.0.0.0 + +# Set both 'bind_host' and 'publish_host': +# network.host: 192.168.0.1 + + +# Set a custom port for the node to node communication (9300 by default): +transport.tcp.port: {{ .Values.service.internalPort2 }} + +# Enable compression for all communication between nodes (disabled by default): +transport.tcp.compress: false + +# Set a custom port to listen for HTTP traffic: +# http.port: 9200 +http.port: {{ .Values.service.internalPort }} + +# Set a custom allowed content length: +# http.max_content_length: 100mb +http.max_content_length: 100mb + +# Disable HTTP completely: +# http.enabled: false +http.enabled: true + +# This is specifically useful for permitting which front end Kibana Url's are permitted to access elastic search. +http.cors.enabled: false +http.cors.allow-origin: "/.*/" +http.cors.allow-headers: X-Requested-With, Content-Type, Content-Length +http.cors.allow-credentials: false +################################### Gateway ################################### + +# The gateway allows for persisting the cluster state between full cluster +# restarts. Every change to the state (such as adding an index) will be stored +# in the gateway, and when the cluster starts up for the first time, +# it will read its state from the gateway. +# There are several types of gateway implementations. For more information, see +# . + +# The default gateway type is the "local" gateway (recommended): +# +#gateway.type: local +#gateway.type: local + +# Settings below control how and when to start the initial recovery process on +# a full cluster restart (to reuse as much local data as possible when using shared +# gateway). + +# Allow recovery process after N nodes in a cluster are up: +# +# gateway.recover_after_nodes: 1 +gateway.recover_after_nodes: 1 + +# Set the timeout to initiate the recovery process, once the N nodes +# from previous setting are up (accepts time value): +# +#gateway.recover_after_time: 5m +gateway.recover_after_time: 5m + +# Set how many nodes are expected in this cluster. Once these N nodes +# are up (and recover_after_nodes is met), begin recovery process immediately +# (without waiting for recover_after_time to expire): +# +# gateway.expected_nodes: 2 +gateway.expected_nodes: 2 + +############################# Recovery Throttling ############################# + +# These settings allow to control the process of shards allocation between +# nodes during initial recovery, replica allocation, rebalancing, +# or when adding and removing nodes. + +# Set the number of concurrent recoveries happening on a node: +# +# 1. During the initial recovery +# +# cluster.routing.allocation.node_initial_primaries_recoveries: 4 +# +# 2. During adding/removing nodes, rebalancing, etc +# +# cluster.routing.allocation.node_concurrent_recoveries: 2 + +# Set to throttle throughput when recovering (eg. 100mb, by default 20mb): +# indices.recovery.max_bytes_per_sec: 20mb +indices.recovery.max_bytes_per_sec: 20mb + +# Set to limit the number of open concurrent streams when +# recovering a shard from a peer: +# +# indices.recovery.concurrent_streams: 5 +#indices.recovery.concurrent_streams: 5 + +################################## Discovery ################################## + +# Discovery infrastructure ensures nodes can be found within a cluster +# and master node is elected. Multicast discovery is the default. + +# Set to ensure a node sees N other master eligible nodes to be considered +# operational within the cluster. Its recommended to set it to a higher value +# than 1 when running more than 2 nodes in the cluster. +# +discovery.zen.minimum_master_nodes: 1 + +# Set the time to wait for ping responses from other nodes when discovering. +# Set this option to a higher value on a slow or congested network +# to minimize discovery failures: +# +# discovery.zen.ping_timeout: 3s +discovery.zen.ping_timeout: 3s + +# For more information, see +# + +# Unicast discovery allows to explicitly control which nodes will be used +# to discover the cluster. It can be used when multicast is not present, +# or to restrict the cluster communication-wise. +# +# 1. Disable multicast discovery (enabled by default): +# discovery.zen.ping.multicast.enabled: false +#discovery.zen.ping.multicast.enabled: false + + +# 2. Configure an initial list of master nodes in the cluster +# to perform discovery when new nodes (master or data) are started: +# +# discovery.zen.ping.unicast.hosts: ["host1", "host2:port"] +discovery.zen.ping.unicast.hosts: ["0.0.0.0"] + +# EC2 discovery allows to use AWS EC2 API in order to perform discovery. +# +# You have to install the cloud-aws plugin for enabling the EC2 discovery. +# +# For more information, see +# +# +# +# See +# for a step-by-step tutorial. + +# GCE discovery allows to use Google Compute Engine API in order to perform discovery. +# +# You have to install the cloud-gce plugin for enabling the GCE discovery. +# +# For more information, see . + +# Azure discovery allows to use Azure API in order to perform discovery. +# +# You have to install the cloud-azure plugin for enabling the Azure discovery. +# +# For more information, see . + +################################## Slow Log ################################## + +# Shard level query and fetch threshold logging. + +#index.search.slowlog.threshold.query.warn: 10s +#index.search.slowlog.threshold.query.info: 5s +#index.search.slowlog.threshold.query.debug: 2s +#index.search.slowlog.threshold.query.trace: 500ms + +#index.search.slowlog.threshold.fetch.warn: 1s +#index.search.slowlog.threshold.fetch.info: 800ms +#index.search.slowlog.threshold.fetch.debug: 500ms +#index.search.slowlog.threshold.fetch.trace: 200ms + +#index.indexing.slowlog.threshold.index.warn: 10s +#index.indexing.slowlog.threshold.index.info: 5s +#index.indexing.slowlog.threshold.index.debug: 2s +#index.indexing.slowlog.threshold.index.trace: 500ms + +################################## GC Logging ################################ + +#monitor.jvm.gc.young.warn: 1000ms +#monitor.jvm.gc.young.info: 700ms +#monitor.jvm.gc.young.debug: 400ms + +#monitor.jvm.gc.old.warn: 10s +#monitor.jvm.gc.old.info: 5s +#monitor.jvm.gc.old.debug: 2s + + +# x-pack security conflicts with searchguard +xpack.security.enabled: false +xpack.ml.enabled: false +xpack.monitoring.enabled: false +xpack.watcher.enabled: false diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options new file mode 100644 index 0000000000..e69d7983c0 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/jvm.options @@ -0,0 +1,117 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +## JVM configuration + +################################################################ +## IMPORTANT: JVM heap size +################################################################ +## +## You should always set the min and max JVM heap +## size to the same value. For example, to set +## the heap to 4 GB, set: +## +## -Xms4g +## -Xmx4g +## +## See https://www.elastic.co/guide/en/elasticsearch/reference/current/heap-size.html +## for more information +## +################################################################ + +# Xms represents the initial size of total heap space +# Xmx represents the maximum size of total heap space + +-Xms1g +-Xmx1g + +################################################################ +## Expert settings +################################################################ +## +## All settings below this section are considered +## expert settings. Don't tamper with them unless +## you understand what you are doing +## +################################################################ + +## GC configuration +-XX:+UseConcMarkSweepGC +-XX:CMSInitiatingOccupancyFraction=75 +-XX:+UseCMSInitiatingOccupancyOnly + +## optimizations + +# pre-touch memory pages used by the JVM during initialization +-XX:+AlwaysPreTouch + +## basic + +# force the server VM +-server + +# explicitly set the stack size +-Xss1m + +# set to headless, just in case +-Djava.awt.headless=true + +# ensure UTF-8 encoding by default (e.g. filenames) +-Dfile.encoding=UTF-8 + +# use our provided JNA always versus the system one +-Djna.nosys=true + +# turn off a JDK optimization that throws away stack traces for common +# exceptions because stack traces are important for debugging +-XX:-OmitStackTraceInFastThrow + +# flags to configure Netty +-Dio.netty.noUnsafe=true +-Dio.netty.noKeySetOptimization=true +-Dio.netty.recycler.maxCapacityPerThread=0 + +# log4j 2 +-Dlog4j.shutdownHookEnabled=false +-Dlog4j2.disable.jmx=true + +## heap dumps + +# generate a heap dump when an allocation from the Java heap fails +# heap dumps are created in the working directory of the JVM +-XX:+HeapDumpOnOutOfMemoryError + +# specify an alternative path for heap dumps +# ensure the directory exists and has sufficient space +#-XX:HeapDumpPath=/heap/dump/path + +## GC logging + +#-XX:+PrintGCDetails +#-XX:+PrintGCTimeStamps +#-XX:+PrintGCDateStamps +#-XX:+PrintClassHistogram +#-XX:+PrintTenuringDistribution +#-XX:+PrintGCApplicationStoppedTime + +# log GC status to a file with time stamps +# ensure the directory exists +#-Xloggc:${loggc} + +# By default, the GC log file will not rotate. +# By uncommenting the lines below, the GC log file +# will be rotated every 128MB at most 32 times. +#-XX:+UseGCLogFileRotation +#-XX:NumberOfGCLogFiles=32 +#-XX:GCLogFileSize=128M diff --git a/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties new file mode 100644 index 0000000000..e674865221 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/resources/config/log4j2.properties @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, AT&T, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +status = error + +# log action execution errors for easier debugging +logger.action.name = org.elasticsearch.action +logger.action.level = INFO + +appender.console.type = Console +appender.console.name = console +appender.console.layout.type = PatternLayout +appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n + +appender.rolling.type = RollingFile +appender.rolling.name = rolling +appender.rolling.fileName = ${sys:es.logs.base_path}.log +appender.rolling.layout.type = PatternLayout +appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +appender.rolling.filePattern = ${sys:es.logs.base_path}-%d{yyyy-MM-dd}.log +appender.rolling.policies.type = Policies +appender.rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.rolling.policies.time.interval = 1 +appender.rolling.policies.time.modulate = true + +rootLogger.level = info +rootLogger.appenderRef.console.ref = console +rootLogger.appenderRef.rolling.ref = rolling + +# appender.deprecation_rolling.type = RollingFile +# appender.deprecation_rolling.name = deprecation_rolling +# appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}_deprecation.log +# appender.deprecation_rolling.layout.type = PatternLayout +# appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n +# appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}_deprecation-%i.log.gz +# appender.deprecation_rolling.policies.type = Policies +# appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy +# appender.deprecation_rolling.policies.size.size = 1GB +# appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy +# appender.deprecation_rolling.strategy.max = 4 + +# logger.deprecation.name = org.elasticsearch.deprecation +# logger.deprecation.level = warn +# logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling +# logger.deprecation.additivity = false + +appender.index_search_slowlog_rolling.type = RollingFile +appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling +appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_search_slowlog.log +appender.index_search_slowlog_rolling.layout.type = PatternLayout +appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_search_slowlog-%d{yyyy-MM-dd}.log +appender.index_search_slowlog_rolling.policies.type = Policies +appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_search_slowlog_rolling.policies.time.interval = 1 +appender.index_search_slowlog_rolling.policies.time.modulate = true + +logger.index_search_slowlog_rolling.name = index.search.slowlog +logger.index_search_slowlog_rolling.level = trace +logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling +logger.index_search_slowlog_rolling.additivity = false + +appender.index_indexing_slowlog_rolling.type = RollingFile +appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling +appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}_index_indexing_slowlog.log +appender.index_indexing_slowlog_rolling.layout.type = PatternLayout +appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n +appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}_index_indexing_slowlog-%d{yyyy-MM-dd}.log +appender.index_indexing_slowlog_rolling.policies.type = Policies +appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy +appender.index_indexing_slowlog_rolling.policies.time.interval = 1 +appender.index_indexing_slowlog_rolling.policies.time.modulate = true + +logger.index_indexing_slowlog.name = index.indexing.slowlog.index +logger.index_indexing_slowlog.level = trace +logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling +logger.index_indexing_slowlog.additivity = false diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml new file mode 100644 index 0000000000..b3af5da60b --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/configmap.yaml @@ -0,0 +1,26 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-es-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml new file mode 100644 index 0000000000..8fa165a5fc --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/deployment.yaml @@ -0,0 +1,120 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + hostname: {{ include "common.name" . }} + initContainers: + - command: + - /bin/sh + - -c + - | + sysctl -w vm.max_map_count=262144 + mkdir -p /logroot/elasticsearch/logs + mkdir -p /logroot/elasticsearch/data + chmod -R 777 /logroot/elasticsearch + chown -R 1000:1000 /logroot + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + securityContext: + privileged: true + image: {{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.global.busyboxImage | default .Values.busyboxImage }} + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + name: init-sysctl + volumeMounts: + - name: elasticsearch-data + mountPath: /logroot/ + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.global.loggingRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.pullPolicy | default .Values.global.pullPolicy }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + volumeMounts: + - name: localtime + mountPath: /etc/localtime + readOnly: true + - name: elasticsearch-config + subPath: elasticsearch.yml + mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + - name: elasticsearch-config + subPath: jvm.options + mountPath: /usr/share/elasticsearch/config/jvm.options + - name: elasticsearch-config + subPath: log4j2.properties + mountPath: /usr/share/elasticsearch/config/log4j2.properties + - name: elasticsearch-data + mountPath: /usr/share/elasticsearch/data + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: elasticsearch-config + configMap: + name: {{ include "common.fullname" . }}-es-config + - name: elasticsearch-data + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-data + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml new file mode 100644 index 0000000000..0838e3367b --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/pv.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath }} +{{- end -}} \ No newline at end of file diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml new file mode 100644 index 0000000000..513a7e80f6 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/pvc.yaml @@ -0,0 +1,36 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} diff --git a/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml new file mode 100644 index 0000000000..68d767b380 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-elasticsearch/values.yaml b/kubernetes/aai/components/aai-elasticsearch/values.yaml new file mode 100644 index 0000000000..49b4c36378 --- /dev/null +++ b/kubernetes/aai/components/aai-elasticsearch/values.yaml @@ -0,0 +1,108 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for elasticsearch. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + persistence: + mountPath: /dockerdata-nfs + +# application image +image: elasticsearch/elasticsearch:6.1.2 +pullPolicy: Always +restartPolicy: Always + +flavor: small +flavorOverride: small + +# application configuration +config: + tcpPort: 8443 + nodeKeyStore: esaai-keystore.jks + nodeKeyStorePassword: b87b46d3da7d3d4aadfe + adminKeyStore: sgadmin-keystore.p12 + adminKeyStorePassword: 341274302a70ad691e12 + trustStore: truststore.jks + trustStorePassword: b200926e9da205487f63 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + name: aai-elasticsearch + portName: aai-elasticsearch + internalPort: 9200 + portName2: aai-elasticsearch-tcp + internalPort2: 8443 + +ingress: + enabled: false + +persistence: + enabled: true + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + ## storageClass: "-" + accessMode: ReadWriteOnce + size: 2Gi + mountPath: /dockerdata-nfs + mountSubPath: aai/elasticsearch/data + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 2Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-graphadmin/.helmignore b/kubernetes/aai/components/aai-graphadmin/.helmignore new file mode 100644 index 0000000000..f0c1319444 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-graphadmin/Chart.yaml b/kubernetes/aai/components/aai-graphadmin/Chart.yaml new file mode 100644 index 0000000000..2388e622a0 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/Chart.yaml @@ -0,0 +1,23 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +description: ONAP AAI GraphAdmin +name: aai-graphadmin +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties new file mode 100644 index 0000000000..e9ec6850e4 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/aaiconfig.properties @@ -0,0 +1,126 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +# Used by Data Grooming +aai.grooming.default.max.fix={{ .Values.config.maxFix.dataGrooming | int }} +aai.grooming.default.sleep.minutes={{ .Values.config.sleepMinutes.dataGrooming | int }} + +# Used by DupeTool +aai.dupeTool.default.max.fix={{ .Values.config.maxFix.dupeTool | int }} +aai.dupeTool.default.sleep.minutes={{ .Values.config.sleepMinutes.dupeTool | int }} + + +aai.model.proc.max.levels=50 +aai.edgeTag.proc.max.levels=50 + +# Used by the ForceDelete tool +aai.forceDel.protected.nt.list=cloud-region +aai.forceDel.protected.edge.count=10 +aai.forceDel.protected.descendant.count=10 + +#used by the dataGrooming and dataSnapshot cleanup tasks +aai.cron.enable.datagroomingcleanup={{ .Values.config.cron.dataCleanup.dataGrooming.enabled }} +aai.cron.enable.datasnapshotcleanup={{ .Values.config.cron.dataCleanup.dataSnapshot.enabled }} +aai.datagrooming.agezip={{ .Values.config.cron.dataCleanup.dataGrooming.ageZip | int }} +aai.datagrooming.agedelete={{ .Values.config.cron.dataCleanup.dataGrooming.ageDelete | int }} + +aai.datasnapshot.agezip={{ .Values.config.cron.dataCleanup.dataSnapshot.ageZip | int }} +aai.datasnapshot.agedelete={{ .Values.config.cron.dataCleanup.dataSnapshot.ageDelete | int }} + +#used by the dataSnapshot and dataGrooming tasks +aai.cron.enable.dataSnapshot={{ .Values.config.cron.dataSnapshot.enabled }} + +aai.cron.enable.dataGrooming={{ .Values.config.cron.dataGrooming.enabled }} + +#used by the dataGrooming tasks +aai.datagrooming.enableautofix=true +aai.datagrooming.enabledupefixon=true +aai.datagrooming.enabledontfixorphans=true +aai.datagrooming.enabletimewindowminutes=true +aai.datagrooming.enableskiphostcheck=false +aai.datagrooming.enablesleepminutes=false +aai.datagrooming.enableedgesonly=false +aai.datagrooming.enableskipedgechecks=false +aai.datagrooming.enablemaxfix=false +aai.datagrooming.enablesinglecommits=false +aai.datagrooming.enabledupecheckoff=false +aai.datagrooming.enableghost2checkoff=false +aai.datagrooming.enableghost2fixon=false +aai.datagrooming.enablef=false + +# used by the dataGrooming to set values +aai.datagrooming.timewindowminutesvalue=10500 +aai.datagrooming.sleepminutesvalue=100 +aai.datagrooming.maxfixvalue=10 +aai.datagrooming.fvalue=10 + +#timeout for traversal enabled flag +aai.graphadmin.timeoutenabled={{ .Values.config.timeout.enabled }} +#default timeout limit added for graphadmin if not overridden (in ms) +aai.graphadmin.timeoutlimit={{ .Values.config.timeout.limit }} + +#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms) +aai.graphadmin.timeout.appspecific={{ .Values.global.config.realtime.clients }} + +# Disable the process check which are oriented towards linux OS +# These props should only be true for local on windows +aai.disable.check.snapshot.running=false +aai.disable.check.grooming.running=false + +# Specify the params listed right here that you would have send to the dataSnapshot shell script +# JUST_TAKE_SNAPSHOT +# THREADED_SNAPSHOT 2 DEBUG +# THREADED_SNAPSHOT 2 +aai.datasnapshot.params={{ .Values.config.cron.dataSnapshot.params }} + +# Concurrency lock control flag +aai.lock.uri.enabled={{ .Values.config.aai.lock.uri.enabled }} diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties new file mode 100644 index 0000000000..7cc354ac53 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/application.properties @@ -0,0 +1,111 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-graphadmin +info.build.name=resources +info.build.description=Resources Microservice +info.build.version=1.2.0 + +spring.application.name=aai-graphadmin +spring.jersey.type=filter + +spring.main.allow-bean-definition-overriding=true +server.servlet.context-path=/ + +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-graphadmin/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8449 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61649 +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) + +aperture.rdbmsname=aai_relational + +aperture.service.client={{ .Values.global.config.schema.service.client }} +aperture.service.base.url=http://localhost:8457/aai/aperture +aperture.service.ssl.key-store=${server.local.startpath}etc/auth/{{ .Values.global.config.keystore.filename }} +aperture.service.ssl.trust-store=${server.local.startpath}etc/auth/{{ .Values.global.config.truststore.filename }} +aperture.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +aperture.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +aperture.service.timeout-in-milliseconds=300000 diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000000..232262e8c2 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-cached.properties @@ -0,0 +1,97 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000000..923611d2ea --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/janusgraph-realtime.properties @@ -0,0 +1,91 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000000..95d41235b2 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/localhost-access-logback.xml @@ -0,0 +1,60 @@ + + + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml new file mode 100644 index 0000000000..553de3f134 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/logback.xml @@ -0,0 +1,958 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + 1000 + true + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + + + 1000 + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + 1000 + true + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + + + 1000 + true + + + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${"errorPattern"} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + + WARN + + ${logDirectory}/dataGrooming/error.log + + ${logDirectory}/dataGrooming/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dataGrooming/debug.log + + ${logDirectory}/dataGrooming/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dataGrooming/audit.log + + ${logDirectory}/dataGrooming/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + WARN + + ${logDirectory}/dataSnapshot/error.log + + ${logDirectory}/dataSnapshot/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dataSnapshot/debug.log + + ${logDirectory}/dataSnapshot/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dataSnapshot/audit.log + + ${logDirectory}/dataSnapshot/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + WARN + + ${logDirectory}/historyTruncate/error.log + + ${logDirectory}/historyTruncate/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/historyTruncate/debug.log + + ${logDirectory}/historyTruncate/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/historyTruncate/audit.log + + ${logDirectory}/historyTruncate/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + WARN + + ${logDirectory}/createDBSchema/error.log + + ${logDirectory}/createDBSchema/error.log.%d{yyyy-MM-dd} + + + ${"errorPattern"} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/createDBSchema/debug.log + + ${logDirectory}/createDBSchema/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/createDBSchema/metrics.log + + ${logDirectory}/createDBSchema/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + + + + + + WARN + + ${logDirectory}/misc/error.log + + ${logDirectory}/misc/error.log.%d{yyyy-MM-dd} + + + ${"errorPattern"} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/misc/debug.log + + ${logDirectory}/misc/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/misc/audit.log + + ${logDirectory}/misc/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dupetool/debug.log + + ${logDirectory}/dupetool/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + WARN + ACCEPT + DENY + + ${logDirectory}/dupeTool/error.log + + ${logDirectory}/dupeTool/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + + + WARN + + ${logDirectory}/dynamicPayloadGenerator/error.log + + ${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dynamicPayloadGenerator/debug.log + + ${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dataExport/audit.log + + ${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/forceDelete/debug.log + + ${logDirectory}/forceDelete/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + WARN + ACCEPT + DENY + + ${logDirectory}/forceDelete/error.log + + ${logDirectory}/forceDelete/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/migration/debug.log + + ${logDirectory}/migration/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + WARN + ACCEPT + DENY + + ${logDirectory}/migration/error.log + + ${logDirectory}/migration/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + + + WARN + + ${logDirectory}/dataExport/error.log + + ${logDirectory}/dataExport/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dataExport/debug.log + + ${logDirectory}/dataExport/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dataExport/audit.log + + ${logDirectory}/dataExport/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/schemaMod/debug.log + + ${logDirectory}/schemaMod/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + WARN + ACCEPT + DENY + + ${logDirectory}/schemaMod/error.log + + ${logDirectory}/schemaMod/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/uniquePropertyCheck/debug.log + + ${logDirectory}/uniquePropertyCheck/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/uniquePropertyCheck/metrics.log + + ${logDirectory}/uniquePropertyCheck/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + + + + WARN + ACCEPT + DENY + + ${logDirectory}/uniquePropertyCheck/error.log + + ${logDirectory}/uniquePropertyCheck/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + + + WARN + + ${logDirectory}/dynamicPayloadGenerator/error.log + + ${logDirectory}/dynamicPayloadGenerator/error.log.%d{yyyy-MM-dd} + + + ${errorPattern} + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dynamicPayloadGenerator/debug.log + + ${logDirectory}/dynamicPayloadGenerator/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dataExport/audit.log + + ${logDirectory}/dynamicPayloadGenerator/audit.log.%d{yyyy-MM-dd} + + + ${auditPattern} + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + ${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.log + + + ${logDirectory}/perf-audit/Audit-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip + + 1 + 9 + + + 5MB + + + auditPattern + + + + + ${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.log + + + ${logDirectory}/perf-audit/Perform-${lrmRVer}-${lrmRO}-${Pid}.%i.log.zip + + 1 + 9 + + + 5MB + + + "%d [%thread] %-5level %logger{1024} - %msg%n" + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties new file mode 100644 index 0000000000..b8f9a7fd38 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-cached.properties @@ -0,0 +1,70 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cql +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 + +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties new file mode 100644 index 0000000000..4b7261e937 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/migration/janusgraph-migration-real.properties @@ -0,0 +1,65 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +query.fast-property=true +query.smart-limit=false + +{{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + +storage.backend=cql +storage.hostname={{ .Values.global.cassandra.existingInstServiceName | default .Values.global.cassandra.serviceName }} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true +{{- else }} +{{- if .Values.global.jobs.migration.remoteCassandra.storage }} +storage.backend={{ .Values.global.jobs.migration.remoteCassandra.storage.backend }} +storage.hostname={{ .Values.global.jobs.migration.remoteCassandra.storage.hostname }} +{{- if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cassandra" }} +storage.cassandra.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cassandra.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cassandra.replicationFactor | int }} +storage.cassandra.replication-strategy-class=org.apache.cassandra.locator.SimpleStrategy + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "cql" }} +storage.cql.keyspace={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +storage.cql.read-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.replicationFactor | int }} +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.clusterName }} +storage.cql.local-datacenter={{ .Values.global.jobs.migration.remoteCassandra.storage.cql.localDataCenter }} + +{{- else if eq .Values.global.jobs.migration.remoteCassandra.storage.backend "hbase" }} +storage.hbase.table={{ .Values.global.jobs.migration.remoteCassandra.storage.name }} +{{- end }} +storage.connection-timeout={{ .Values.global.jobs.migration.remoteCassandra.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.jobs.migration.remoteCassandra.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.jobs.migration.remoteCassandra.storage.keyConsistent }} +{{- end }} +{{- end }} +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties new file mode 100644 index 0000000000..97627eac16 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/resources/config/realm.properties @@ -0,0 +1,42 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml new file mode 100644 index 0000000000..e70474362d --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml @@ -0,0 +1,63 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + {{- if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation + {{- end }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} + +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-migration-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: +{{ tpl (.Files.Glob "resources/config/migration/*").AsConfig . | indent 2 }} +{{- end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml new file mode 100644 index 0000000000..a43e984afe --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml @@ -0,0 +1,187 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + hostname: aai-graphadmin + {{ if .Values.global.initContainers.enabled }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-create-db-schema + {{ else }} + - /app/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml new file mode 100644 index 0000000000..3111d0cf15 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml @@ -0,0 +1,141 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# In ONAP, the following job will always be run on each installation +# The following job will go through the latest oxm and +# create properties based on the data type defined in the oxm +# and create the required indexes for the appropriate properties +# This can be run multiple times as the code if the index or property already exists +# then the index or property won't be created again +# NOTE - During the execution of the createSchema job, there should +# be no other janusgraph connection to the graph as its the reason +# that resources traversal and graphadmin wait until this job is done +# If you are using an existing cassandra cluster not coming from oom +# then it is your job to ensure that there are no connections to the database + +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-db-backup + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + initContainers: + - command: + - /bin/bash + - -c + - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-backup-readiness + {{- end }} + containers: + - name: {{ include "common.name" . }}-db-backup-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - dataSnapshot.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-real.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-migration + configMap: + name: {{ include "common.fullname" . }}-migration-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml new file mode 100644 index 0000000000..fe3e6e81be --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml @@ -0,0 +1,150 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# In ONAP, the following job will always be run on each installation +# The following job will go through the latest oxm and +# create properties based on the data type defined in the oxm +# and create the required indexes for the appropriate properties +# This can be run multiple times as the code if the index or property already exists +# then the index or property won't be created again +# NOTE - During the execution of the createSchema job, there should +# be no other janusgraph connection to the graph as its the reason +# that resources traversal and graphadmin wait until this job is done +# If you are using an existing cassandra cluster not coming from oom +# then it is your job to ensure that there are no connections to the database + +{{- if and ( not .Values.global.jobs.migration.enabled ) ( .Values.global.jobs.createSchema.enabled ) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-create-db-schema + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - createDBSchema.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml new file mode 100644 index 0000000000..f95557d4f0 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml @@ -0,0 +1,309 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# In ONAP, the following job will always be run on each installation +# The following job will go through the latest oxm and +# create properties based on the data type defined in the oxm +# and create the required indexes for the appropriate properties +# This can be run multiple times as the code if the index or property already exists +# then the index or property won't be created again +# NOTE - During the execution of the createSchema job, there should +# be no other janusgraph connection to the graph as its the reason +# that resources traversal and graphadmin wait until this job is done +# If you are using an existing cassandra cluster not coming from oom +# then it is your job to ensure that there are no connections to the database + +{{- if .Values.global.jobs.migration.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-job + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "1" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + - command: + - /bin/bash + - -c + - bash docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'` + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-restore-backup + containers: + - image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-perform-migration + command: + - /bin/bash + - -c + - bash docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GA + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-graphadmin/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-db-backup-job + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + backoffLimit: 20 + template: + metadata: + labels: + app: {{ include "common.name" . }}-db-backup-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }} + initContainers: + - command: + - /bin/bash + - -c + - /app/ready.py --container-name aai-cassandra --timeout 1 || /app/ready.py --container-name cassandra + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-db-backup-readiness + {{- end }} + containers: + - name: {{ include "common.name" . }}-db-backup-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - /bin/bash + - docker-entrypoint.sh + - dataSnapshot.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots + name: {{ include "common.fullname" . }}-snapshots + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-real.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-migration + subPath: janusgraph-migration-cached.properties + - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-graphadmin/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-graphadmin/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + resources: +{{ include "common.resources" . | indent 10 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-migration + configMap: + name: {{ include "common.fullname" . }}-migration-configmap + - name: {{ include "common.fullname" . }}-snapshots + persistentVolumeClaim: + claimName: {{ include "common.fullname" . }}-migration + restartPolicy: Never + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml new file mode 100644 index 0000000000..563b920c04 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/pv.yaml @@ -0,0 +1,44 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +{{- if eq "True" (include "common.needPV" .) -}} +kind: PersistentVolume +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + name: {{ include "common.fullname" . }} + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +spec: + capacity: + storage: {{ .Values.persistence.size}} + accessModes: + - {{ .Values.persistence.accessMode }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.volumeReclaimPolicy }} + storageClassName: "{{ include "common.fullname" . }}-data" + hostPath: + path: {{ .Values.global.persistence.mountPath | default .Values.persistence.mountPath }}/{{ include "common.release" . }}/{{ .Values.persistence.mountSubPath1 }} +{{- end -}} +{{- end -}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml new file mode 100644 index 0000000000..bf8900686d --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/pvc.yaml @@ -0,0 +1,42 @@ +{{/* +# Copyright ▒ 2017 Amdocs, Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +*/}} + +{{- if .Values.global.jobs.migration.enabled -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "common.fullname" . }}-migration + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ include "common.release" . }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": pre-upgrade,pre-install + "helm.sh/hook-weight": "-1" + "helm.sh/hook-delete-policy": before-hook-creation +{{- if .Values.persistence.annotations }} +{{ toYaml .Values.persistence.annotations | indent 4 }} +{{- end }} +spec: + accessModes: + - {{ .Values.persistence.accessMode }} + resources: + requests: + storage: {{ .Values.persistence.size }} + storageClassName: {{ include "common.storageClass" . }} +{{- end -}} diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml new file mode 100644 index 0000000000..ab6c67709d --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml @@ -0,0 +1,49 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2018 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-graphadmin/values.yaml b/kubernetes/aai/components/aai-graphadmin/values.yaml new file mode 100644 index 0000000000..ee0a20b367 --- /dev/null +++ b/kubernetes/aai/components/aai-graphadmin/values.yaml @@ -0,0 +1,158 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. +# Copyright (c) 2020 Nokia Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-graphadmin:1.7.1 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# default number of instances +replicaCount: 1 + +# Configuration for the graphadmin deployment +config: + + # Specify the profiles for the graphadmin microservice + profiles: + active: "dmaap,one-way-ssl" + + # Specifies the timeout limit for the REST API requests + timeout: + enabled: true + limit: 180000 + + # Default maximum records to fix for the data grooming and dupeTool + maxFix: + dataGrooming: 150 + dupeTool: 25 + + # Default number of sleep minutes for dataGrooming and dupeTool + sleepMinutes: + dataGrooming: 7 + dupeTool: 7 + + # Cron specific attributes to be triggered for the graphadmin spring cron tasks + cron: + # Specifies that the data grooming tool which runs duplicates should be enabled + dataGrooming: + enabled: true + # Specifies that the data snapshot which takes a graphson snapshot should be enabled + dataSnapshot: + enabled: true + params: JUST_TAKE_SNAPSHOT + + # Data cleanup which zips snapshots older than x days and deletes older than y days + dataCleanup: + + dataGrooming: + enabled: true + # Zips up the dataGrooming files older than 5 days + ageZip: 5 + # Deletes the dataGrooming files older than 30 days + ageDelete: 30 + + dataSnapshot: + enabled: true + # Zips up the dataSnapshot graphson files older than 5 days + ageZip: 5 + # Deletes the dataSnapshot graphson files older than 30 days + ageDelete: 30 + # Concurrency lock control flag + aai: + lock: + uri: + enabled: false + + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + # REST API port for the graphadmin microservice + portName: aai-graphadmin-8449 + internalPort: 8449 + portName2: aai-graphadmin-5005 + internalPort2: 5005 + +ingress: + enabled: false + +persistence: + enabled: true + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + volumeReclaimPolicy: Retain + ## database data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + accessMode: ReadWriteMany + size: 2Gi + + mountPath: /dockerdata-nfs + mountSubPath: aai/aai-graphadmin + mountSubPath1: aai/migration + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1536Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-modelloader/.helmignore b/kubernetes/aai/components/aai-modelloader/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-modelloader/Chart.yaml b/kubernetes/aai/components/aai-modelloader/Chart.yaml new file mode 100644 index 0000000000..98c842d564 --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI modelloader +name: aai-modelloader +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/aai-os-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..ee57120fa0d5e5089c351930e668b87bde52e7e6 GIT binary patch literal 4357 zcmY+GWl$81w}%CmZdkg(C0E#`yX!?3kPbmgq(Mqj$wj1F=|(!2TsoHS6cD5v$wfi9 zzBBjU|Ggj1oSEl0=X`yBkWg|AObjeYC>aU|pBJtUM-yYc}@Tc-6n*90=X8$wx6RfnjED!$OUCM_G~*B8_-8GV{s ziZYnh-o^U3PKG!OGY?g9=RQL%$nnff&PK7}*S@JIzHGo$pxZIa(?O}NpfXuPs&*=* zvu>YHw3mpeHo3nhSYjRSo_p1QRE^EjQ4P9&}u=2oS>}^u+w;pvnmd;bGO_s`h zuohz_9*s$;l*0uXe!bN-!E?FpY-wdN^dHkAVoMwkpInKq-^nlVKWrIQ#@9isexbK0 zSP+Qd&PjcqKS~3fz+2Xj%Q6LaMg|1cd>PJJ0K2TAC+$X@M7@0w3%@u}S@)3ovS;Ll z${i{3Ezk2AI@RYSRrij+TDFrTcg@zNew!#RWa1sBLaW#jm7TPUi7xGwAHLFhO@KL_cKJ_$foWyun6h{`m3?gJU3Lcq&SbMsBb#9#b zHvJSMYu}A`XLn20&(W>#^cs{fl}Fj12v>?ougHZDwkgPsFz1*F=zvS#FK9~h!Ms)g`>_pQ z(~Ms|RY5;ZVW9We#1&B5_BHEF`I!UQEHxd(*_FNDi(l;~8QOAPM$-ce{gbf?j zt}}Oe5YnI24y!k4=v<8!9~Hq*%LxH?crdpdh9m}tWCb2-!3W~2o3aw2FLTldQ9WgW z9a0}F-Wz}2*Y2Qz#B@<(4s%tc$m6O~W%P&w$*C79mzXw0*dt{b`!#J|qyDij86-6) zfDlQJq9k~@jz1#wEjC%lsN#f4zvYRjGo0ep2L>3*QX&qWE@*olY#S0_RgraXzL%4} zbN3f@h-n1-C%n4o1|j+#cuOAc7G!(2JOlJHKl(~KC!Tc^~GV)bJhPQrq&lB(h9?*fKuWrxh!JOvT7gc2&&*2SVa`o_1lW~10& zJizmln{QCG7$VOK+6rH%i568UmQfloVY~WrNy1az+qI9YxHI)HbntT6+?mIwXsStB z3Civ)5%Ng@t+KT$C>n)run%mYBJ&#k4mND(ajKQ2n&D?+grwx2$!!abd`Fc7a%+Y5 zVONJ{F}ytUa)(z)?iNR1bGHXO3o5_yZ5$!9Rb3eKsRN7$;0OQlx;&aJ!60~G*v}et zEAV4jHAN#ew2&h-k(YX&UpM}zGUckh=T**_22KEL-qU26HSlgpAl!|~TXO!= z6H71C%X9vp<-BPTYLSMulsqe+k~9iUy=d*-%S*rzELT3OpZh0>#!*XrVs`g#G)(pt z|F1#7r+(gBRjxE?k!SuMTDK8<)G4!7ruTP3K51@yfZ4@J*qd9 z9GPejpmng)M&N>>vwo3#5a~Mi-ZSf`0p1%01bg-Oi1&PC-h4 zI|o~~r^?voQa~LuirPb5TO_4c7&ML$V$0(TILT-SUXIRJV{CmxU47qG+i<^0mPN;R z$HF(`k<v~_$Rb?flRvtN53hzB1US7lr5 zkLJscq9j>q$*>f}(=e--KbH@AfU>yMrgr03965k`<$Os?Q<-jYXD%wES)A{kB{L6+E6%UFbq4+)jM`(GW`1OEL{OZ5B{O^?D5dM$e z2rw}JhOU31;68!jyC` zJJ36mFFRL1Z@J2~*UL?|Ctw&ElVv-hOh<&M`-o} zN=>ykkSVstDFrrx9=uoe%I6wcWN;b>x}_8omAQWu=vJ7lrxUbzU+iMXNwRBXsVppf zb9gefemo003b?c1qfH2yKe>tOY5CCIKItVNCUN4v3E0G)0?G)ZZyNd0zJT1c-86Y0 zM&k_mh~(Vkx~B02bM=1P{QThXwub`c-?=`XLj0LmdVB1w(n0+ziAhcA6G>j`+~UOZ zKI^9;RpnuMWmjc6L2l@*ZzFMum;ABDW>PZ-mxV%E46Ps!-^r_|jbc}4#xZ433?5uTFPzR@JesCbjM%!I!MGa`TU8 zs=!}M1FWympFuNn6XUGjM!pV1D&qdxN*oukQs50(k|2mB!_hM$!ZzPI5s^AdJELEo z>>mFRXQ3{0E6WD%$zG=csxmoKs7qvcv^FQQD4rXP0vle^+xd)h9?-$ViDvAMi%606 z-So&At?Iq}FRYGd3Vd}M9CY44@S*a0l0-lYYq~4pty?m>1K)Dp>Pw|L^BYRXc(L(+ z6vc0+JEw->d|0N@IH97+bLg=&PC8O7iR;|0we-XFf{Z>Jbyi~g-;>Gv{9i^tMlgZ~ zw8N@Xjtc7eOUm=|8b44<4mb`_{zu4rF;4n9wp5$1@V3cr%{oQ4*Eq%N;u+IELf2;bK( z6IOO6Y79hc%aUE=_w{EwenJj0GWRL;+=ROw&J{z=?8Np(#(FvyB)W(hK3z=!tC1I> zRSMqwWhB0@jf5c~!bZc0z`7c`?){yUPNx#YD;l6mFbTG`Z%lKEuFWBRliL=pFF2(a z3p-U)`{W8ih|l;G6#PVf8bwrUL@@bAm^Gj5Q?{_Q(2+F%N>|RQM*lea)dW7Vzrfv9X;09sr(?k zcqBSC7+~k?IJh6-+gr+V4>0G$LBSn%mpB@JPGu>7+{4xe-Bv~IA`%E)ZM6C3O$?chb&0?IzI%^7Gj+1KbYHl4V zPd}=`I=Ez_VtV=(SI{rxSOCzvx*vv3Q=+*hdGlU-W3}MM-1EA)caf}Cic9>ua#MOh z@Oo|)U%Fs~{VoYQK4}6uPljxhqcSpFK>7c9?6@fqI?`f&* zA467o<~lO^#LxjxZa|5jL)^n$4#hv1^Iye5WjzMsJDK{~dKV+wwr{soN03}MZwoD( zJj%p?iNymqxlqt+m{9VEr&VT!2I{pJBApl1{3CC<)=uZkJI3v<_=R}f>8Wrrkq9qP zub5ZfK=0ji!BD)9-C@BHzG%*Yaf;v`DkVyH)7uPYy3Ju59I#Oeeab~$1VuO6ILW^8 z`&3q_!%_d&XkF(xmB5~&cQ=);3n*-inFX;FZ~QYPh0pX(k-NX&ow}r+#AyC5`S0gLgGh6~v zJCJ~Zj&pc(@HU1yS=ZmKFUA(m z?2v-5!RZw?^{A{_iOpu%Xry-)qJvOBkh$rzoqb^Osz_gh+wIKi?8*Dc`?WwriOdJJfZQp(Z|PX`lV$(0CaO{K{Rviq>H5%=~8D;ubGJCfLy-V zWjl@%Ge+gMiVE8BA=z5FHl>?3aXd(VnHb|tS(o^QBsje{!=FXuLpv%<;hLq(0%oKL!rNz^E;^m^+UbCB~)FV23k zWz}HN_TwlFyw}$9LnnxZ25vhQzLZCPqln#wF5jGul}VbuKnQz%6MWTzRw0xzD(9<9 zJN1uZ-=(SuOwSbQINb2pu}mnmACAsDqdEr`k-c`eE;Rp6p5Z<1yRh_4QD)jhs2O zJbA(CWeBAHym(FDe_H^S_Ll}f4UX#nhQAuwLL_E7Skp46DH(JywX~2fjZ*Wvvb4^r0|Lnbi2KQZPQt| zrh;fRwBdtHoyTDx7dzGYQ;Hz>Qn2bl6<<=M<;v02orfS64W{Yz{+}pC_!|fm!Un;|!R8~u s!lcK30s!`$(Z1lZj{F4bjFD-@{t`5Fq;~?qQ!4r1OqX>o@o!7}FACd2%K!iX literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 b/kubernetes/aai/components/aai-modelloader/resources/config/auth/babel-client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..e64895e911c31a1b4c25fc8b91aba80cd89a1962 GIT binary patch literal 2817 zcmY+EcQhM{9>*n;h>$9k#;#R0qGG2uDc2~WHClUD-D*qiRf3>Gt>)@bGlUXF>`_JS zQRCJ%YHKM{N>M4E_s)Cwo_BudcYf!5zQ5n^&kq_8I|2fj(Rf%bgjJegNZ5x1SOB?r zSTP6>D>%hDXgt{M|01v@2oE+t#n(>T5W@D~D|Q$Fn2QH7(0I^3S_%UDA3lA~58~#Z z4)3xeINPl;OWqdjy1c%r>d*{iX6i5p;Xys|VzT5QZ8%_t-30X|z|Byw3ErE};vL8L z+D`XqhdWs=*Izr-!R!56a%lOZq23hU^d=HP;!Xc?7frQ^&uiVEjqhNlU#$~79 z8g6SYYznJYEsKCgMsk02*Xk(Pz287$GYjDpm9W` zUM$sS(##qrK6i**gs2ap1tkVyW9505xNl~4Gg-Puc+qG;j)LHErBci$il zS#j1vLUbXTH#H(gIfW4OGHdJU^T+y)XW^Nl^sCn=9`1a{420z@`5+!X65+>`h}wG6 zuAk}P?VR5hpj97~F*u1n%GqjKNtnv(^bfO*E;_ry`mPRYMo-yr_x{S#I4H_GgSv$A zgjN|%=j-O|rwUxX%(;}{(J)+NFu0y)=0D7UUf zrGzZ$T}aM9FlDC+2E5IIE-CFbAScXKv%l8nrDf|#0MY6-&E$)j%YsgcYB|>Gx}VYB zjx5^HB$jJ5{*o7~fuU|~ylaje0O7b$XL)x_wHj$o`8DfmS;}GqqOhM<{wZI)mGm<1 zu3mkOOpiv$N7`*A(=E~6^2*Mj%WpQt8G7Savi@vIENFfxOA7bZT81c7qg=4+9tQ>- zMbZuS7+)Jwwx1RC;*0U}b_*CZ)f{ZNI>)qKudOf!F(^YZfm^bxP z%P~*qJQlo+@9pu29g!rs&s$Gom;HRyx-Bacv2u_5tRC{&pF`!DBc{>Og6J1#UhDt%ir&|zt>IY^=*6I~P8-%8#s_#}0Hb}nRmJo9k z@M;0`K0_z_rbn* zseCA1!y1Hi`N6hvoc`RiHMlcVOPaXd^{)I_XW#*6;J);Q42@5i^kdD2h%ky}TeKXa z3-hS7a#5fS*P^S!L&8uBW?}IoO&{MQu%8J>i(D%KJmOswpV-AUM=HKZf(;ZWRmUxK zuO0=Z!|bV5gO^A=#!0&o+wrb^=rU0c1kX6e)_?Q z$oOSGrs+W5vpZ>4^R`)|2e4Rj1hlN`)jWWhc^eBrQ zxnFI*B8eP67L8o?KJ)a$)n%{v;{M@v&y4ej((5ItH&&G{xvPOf4ON3i5-xQOAF8*T z5bNCt@M;BlG=+ms5%PiTubN?)FWZ0CdTBkK+h21jZ-?o3*@+uS_yPC#_C9gq64y9` z+xk)7C6cA4xF9aJ$ZiOCE5opF6*=v5d!a%rJbCP@QS1r?s|l!0KLW@&CMS5VigJtL zZq4N77}^D0e3oU}G%*Zbn79{6d|`Fp-=^{1XoCJps|W_h&s;R{lhRaIxeb`-j4aB` z0<5XJPR|(L=>wXV;||+lj>Sgg8lf#!g(!*KVc{OUd=T$gz=i|7Kv{}(BiMrL=bo(z zgGV6@mk{o85l-(9cE_-kRt0Cur*JX*(h|)jN+2ggQ3K=bSnaQtz3owh$pNYY|jzjZW$x}7@St`1kVAM%GD3e5$gJ>!nW1;M+4;c*<4 zUl(iR+QlgW9O=SG<0}iacDBa#zMRUA?5V93R=|KT5v5wkl&w6$4S+Z0I zg&XHj*_%lC)lWH>W?)qKqQ0*H0TRqn7gh3T9gE9kR_z5x{;#JbgZq7Uu-6oeayY>U6=O$hz z{)!tgXrKLV|A1@pA>oqfqW!JK@?{^-b{;`})8Z(K!A8XJ=F}%{_Sr4uv%r}pz9IG( z1`W@#=^tM`HJEl&`=tnS`EZ>)S#ZclAwjkxEwk5yr7D>}ry*%IQ7;S9nlFWwz3*(q z=r@sHQBPdeOL3gZH_zJBQ=WKK?OCA`zlDy-GrfhN+h0YU8#^Z^pvT+WJ2gY6?Xje? z$9e*NuTqChBJ>@I(B{IHx7xwoR3Wto#uv19#PyHT2IUe&C~VPbBfZU!lb{_BFUV>gv2x)DzB;6Sx@`08I=XQnLM^yWKL<#8eHmDDmmm zph`nf)2#v8gbX>lST5^qg{H3ch%aImSK{wPwQ-+TKSU#TI~cy}4qV2rmGp|@D+9o< zgKm1quQqldTZ7PpYXZK|xr*5(%pVyj^T_k2QhjLEx^(0)KB?U~(I8SS?iCc_eS z1XFcBl`u`Vby#eCmGmXO22p@3Ia25B#d6`y-fl@3g}?3?8u|0*q$n+-wa_AHRtQ+; z3^R}q%mm^-e|^IDI6l(f-I8*=7rE^e&aNv5;wCF*CKBC=)n7woG{(wUla%?xp8%Nw Hgxr4t7$qtf literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-modelloader/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d24d9b4de61178a26e098390e0349478685ea4 GIT binary patch literal 2483 zcmcImc{J4R7oYDe!Z5OBYe-0zG?J{nzqjm_K}L-wnqitz!!Uz*jWD($vP4Lj$dW>K zMY4rNVUk^lERm$FXE|c7zoOM&Sv!0B)6xCD@y2Jy4h~)atoY)AC}E{H z_2jFFmN6v0PdmiW@8%X%Z?TXva%IqaWLhdj+Dpg0aKSoi3>jVGWT zICM+#c0R#HgE3Kdw}SmAMB3(4W0(;1&rHXaX<7TE(@M>KRZCeaS5!wONSKxVys*7% zT!x7aAH~^HqeO3mH#wu49e7bytq;4!$EBl&MK8Y`gEu}ZiM*jREmmM-ZLu%IL2Z@_ z5jy?Jli3oaui>dLe6Ers;KK809hoV;IlOr$f>rOsqOzXqt@13HJ8^i-EX59X=mwey z6j4{Dst|)h4?ZA2rnJkz`o8P6g!wymTCDMi1~8eJqE#s0?G5_pc8wgLWO(bp_CK{vq7cS5E$S>SH8!?7IyLmCY3W|=B`9gfF zmne5X^xm@7)=)p=nlUAU7GHUZsrfcm<>KBlhnE;R38J*yOqsu6R~7HT1QlUbVL!Jx z48J$9Ug8gYGd`%2oHf4^@%V5p5HB=xxS-k6kh`EEDdd*V*)kU)J(b-W6MrOQBoAr# z_${Hmc_G1Q*fJVf6;Ph3{hYoLUf1A^kq0$owpgW4IUs zOV3h`%a=Ahr@D;Dz#D@)-yE&?d^JMRS95bryH0unmY2Yel_Da$`rZo{whd{ZD2oKrJS_<&~97BlbY<`!(_$&iF^p-Mi1b{bu?$m4a9rEAe~ z*L#Os8c7yLoK5q#{^G$Ev+7IOviZZaBHfZfwz(|zQc_8jd1|mu@J0Q_$N>8@+31ke z*5f!!;+R2}-xrRu)n0;Bl2Xw}>vaZXQRO*IF237;?VL|t5K{K;aiYGc)BF*Uiv$pR zuj;-Wf9()zw?;2J>fL#PlDDHp$&_PJ7BGkQjMVi+sct)y;(=6ge=zN5RfJ*HG*LPr z5Y&CU9$rQXpbkgza6xRKT*6?Jlj?#f zfgQlj$8AkN=rjs zT~kx%=rKDn{v*G_|Fd@nu>aTVZZ`u60}ueA7yvJr0RW)JHtpu?PjzLX3;z34%|}87 zDjx@^87Y;?8kf`;Ay9*lzlb;;OR4-aOk#h`uMhdr<>^;Z6U&vt9WZ-2liiACz4rDy zAi|j3Kg5RsC}~YDVzS7z`#vf6vBzVZLSyE06MVVP*_c|B6}d1mFI{x)DrYc~d*b2m zjiC1K!E$HLh4M$Qw>u+s+XT(?l=#I)OM3q!+E%>(Olg;$OIRH8|5dVMxhcJ3Ogi$jH7wEI@1U^sx#?- zs}ZRLH?pfcjX?DwP=Bk2+_6T&<7kB6(m$R3<7LN)tMl*G#CELw?y! zxu0s0Fv>+y(BZg*$qOS@jdAywBVY?*d4+sJX$MSV$|=7#y*IPvHAp5V`wpG8NC~bB z>kYBJs+a7Z)I*IIuDouZjC+`VeyQP+Y7jNMyd62{MV`(!Gf2WqYiR2$ST*C?fObY@GGagXM$eJcMd?%$)#sMQg2irf#> z`wn~O=v<#X#)O4$-esj9k&eheYDEtlS4g`#`e2%N(4A$_Q#whm4=(4HNWvOkK|O{k!kk_mIrcXd{yLlh literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml new file mode 100644 index 0000000000..72b5dab65a --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/resources/config/log/logback.xml @@ -0,0 +1,168 @@ + + + + + + + + + + + + + + + + + + + + + + ${defaultPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + 60 + + + ${errorLogPattern} + + + + 256 + + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties new file mode 100644 index 0000000000..246e52895a --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/resources/config/model-loader.properties @@ -0,0 +1,46 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Model Loader Distribution Client Configuration +ml.distribution.ACTIVE_SERVER_TLS_AUTH=false +ml.distribution.ASDC_ADDRESS=sdc-be.{{.Release.Namespace}}:8443 +ml.distribution.CONSUMER_GROUP=aai-ml-group +ml.distribution.CONSUMER_ID=aai-ml +ml.distribution.ENVIRONMENT_NAME=AUTO +ml.distribution.KEYSTORE_PASSWORD= +ml.distribution.KEYSTORE_FILE=asdc-client.jks +ml.distribution.PASSWORD=OBF:1ks51l8d1o3i1pcc1r2r1e211r391kls1pyj1z7u1njf1lx51go21hnj1y0k1mli1sop1k8o1j651vu91mxw1vun1mze1vv11j8x1k5i1sp11mjc1y161hlr1gm41m111nkj1z781pw31kku1r4p1e391r571pbm1o741l4x1ksp +ml.distribution.POLLING_INTERVAL=30 +ml.distribution.POLLING_TIMEOUT=20 +ml.distribution.USER=aai +ml.distribution.ARTIFACT_TYPES=MODEL_QUERY_SPEC,TOSCA_CSAR +ml.distribution.MSG_BUS_ADDRESSES=message-router.{{.Release.Namespace}} + +# Model Loader AAI REST Client Configuration +ml.aai.BASE_URL=https://aai.{{.Release.Namespace}}:8443 +ml.aai.MODEL_URL=/aai/v*/service-design-and-creation/models/model/ +ml.aai.NAMED_QUERY_URL=/aai/v*/service-design-and-creation/named-queries/named-query/ +ml.aai.VNF_IMAGE_URL=/aai/v*/service-design-and-creation/vnf-images +ml.aai.KEYSTORE_FILE=aai-os-cert.p12 +ml.aai.KEYSTORE_PASSWORD=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +ml.aai.AUTH_USER=ModelLoader +ml.aai.AUTH_PASSWORD=OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw + +# Model Loader Babel REST Client Configuration\r +ml.babel.BASE_URL=https://aai-babel.{{.Release.Namespace}}:9516 +ml.babel.GENERATE_ARTIFACTS_URL=/services/babel-service/v1/app/generateArtifacts +ml.babel.KEYSTORE_FILE=babel-client-cert.p12 +ml.babel.KEYSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +ml.babel.TRUSTSTORE_FILE=tomcat_keystore +ml.babel.TRUSTSTORE_PASSWORD=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 diff --git a/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml new file mode 100644 index 0000000000..d1b14e4e16 --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/templates/configmap.yaml @@ -0,0 +1,39 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/model-loader.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml new file mode 100644 index 0000000000..8cfad2015f --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/templates/deployment.yaml @@ -0,0 +1,109 @@ +# Copyright © 2018 Amdocs, AT&T +# Modifications Copyright © 2018 Bell Canada +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: /opt/app/model-loader/config/ + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/model-loader/config/model-loader.properties + subPath: model-loader.properties + name: {{ include "common.fullname" . }}-prop-config + - mountPath: /opt/app/model-loader/config/auth/ + name: {{ include "common.fullname" . }}-auth-config + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/model-loader/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + resources: +{{ include "common.resources" . }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-prop-config + configMap: + name: {{ include "common.fullname" . }}-prop + - name: {{ include "common.fullname" . }}-auth-config + secret: + secretName: {{ include "common.fullname" . }} + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/aai/components/aai-modelloader/templates/secret.yaml b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml new file mode 100644 index 0000000000..292e03571a --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-modelloader/templates/service.yaml b/kubernetes/aai/components/aai-modelloader/templates/service.yaml new file mode 100644 index 0000000000..37ed1dee7a --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/templates/service.yaml @@ -0,0 +1,43 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-modelloader/values.yaml b/kubernetes/aai/components/aai-modelloader/values.yaml new file mode 100644 index 0000000000..e2b9fa1f34 --- /dev/null +++ b/kubernetes/aai/components/aai-modelloader/values.yaml @@ -0,0 +1,86 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for modelloader. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/model-loader:1.7.0 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# application configuration +config: {} + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-modelloader + externalPort: 8080 + internalPort: 8080 + nodePort: 10 + portName2: aai-modelloader-ssl + externalPort2: 8443 + internalPort2: 8443 + nodePort2: 29 + +ingress: + enabled: false + service: + - baseaddr: "aaimodelloader" + name: "aai-modelloader" + port: 8443 + config: + ssl: "redirect" + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.5 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 1 + memory: 1536Mi + unlimited: {} diff --git a/kubernetes/aai/components/aai-resources/.helmignore b/kubernetes/aai/components/aai-resources/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-resources/Chart.yaml b/kubernetes/aai/components/aai-resources/Chart.yaml new file mode 100644 index 0000000000..7ee15fbd16 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP AAI resources +name: aai-resources +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000000..60a8fb5f0b --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties new file mode 100644 index 0000000000..ec5fd55e06 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=INFO +cadi_prop_files=/opt/app/aai-resources/resources/aaf/org.osaaf.location.props:/opt/app/aai-resources/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000000..4c14bc37f1 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e +ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC +uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e +QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M +YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 +pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z +94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b +YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE +NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT +PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa +_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x +NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs +BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ +AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg +EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ +Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ +g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb +5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm +4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e +21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId +0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l +vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft +mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW +b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra +w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d +TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq +PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.p12 new file mode 100644 index 0000000000000000000000000000000000000000..b2449c6a54285b5285d4921c786e38e59d09f117 GIT binary patch literal 4347 zcmY*bbx;(J)?H$0mRcI5MS7QJ=|;Lcq?T@2`60Qqlyr9pxCjVJNF&{i(jn3!5|aD* zzIoq!^Ua+*_slu>+&|A;2$J*~69Wr^ByGUK=Z;Z}xhBTI#VA3NmSQ7G3;)u&5F{|< z|4BekY$VY2FAe|Ob~uFpb`cR^V3r`U?;uF*YX}z(!T-^JkJDp=MH&apPe9LC&M7)l zR)5i+me`1gU}6FKb+M7y!!+sN%Jw8=6UB4%R|B;)?gwfV+**qLZ#)aAJ}KRaC)sIy z^Ppop-Obpjvy&@UO2C!N6`$E0q>+Iy_81B?EuiM0;D);5}Lgm1l-c+MMH zXlhOyv;=$qX3%(IzOjC0@MvK%@VggFPp5g)QjoyRPM1Si(pd-PmIYWORw1IL$mZMI z{?hN`=Ep;&)orJ^UPW15tYD@w+(;d(wKW@!yeT-zoJ`(7uGJhd z8ZltB`O)BgAnwSak{l5~IQBk9O@2XAhe^y#6NkKQDTM}q%)vZNyP{ZzN|H;bAGngH za!h|zS)fc?{;uXdh&~$v#C3)puuBVxen_+VC@vK=V6pcS7ttDrOCM!nL-cZ-vM1?| zHsa=Fx)OC!kn*tOD@!3QyiZ22uD5-3@-*@*6OvtI6rNT}c)r9_KTAua>R7X<)}IuL z)i<0swj-?bn!iwYR8Gzm#?PFoH(e0267glXb+qWG)kcMlSaj5Lq<>aM)z^MY@J?3W z*hpFu`Wq^HW^S~o7Yl7&u6%CXn2<p z#6~h=*PlF|7tsG%yt0*zA#`M$e9`p%XO|wc<^`VS4g#0igF9PVX|Cx9)6&6CTbwo7 zd|Q^^*C&E`&DUf2y4$xN%kL6%GsmP#47yM#_F?zj>a)-_-%WG*VXoKS)gT-VHyd#UWesOrPl$F=&VQXJf@>O%y(bj;0-~&;EY&-NgWhzat$yJG&^=Dis6^ zKni*bIr7AE=R*5KMkm{&VZ6+Pv*SM7_VxE4pi#)Vm(V=t1kAV6zb_p_E#1_Ae>W{4 zGU~4CrK%kkJ;Zx%<|Tm!y_;$z;VC@pynCVCkv&?G&lC zP4Hu!)p_41P8Hknq3LRLH5U)^ZdcjJP!P%=)hI7g>*N$|TgIxyGXIEfO<3ygDxw;c{k>Y4tZ^zm@kQil~QTT?JZ`u zUB=Sk(ohXq1Tu3}ytPlbtAKmsv0@_KFp7gvtMpIQ?_Vj~hJ(m$JkI`?muC<$HPsRC z?S*<{pH4ztl1(%dzJka8dxkAj{uhabjtSwwt17Yf@^jp_=NVjHaXvWS4$o`_ZcSv8 z@hGx^Spt*5`NI5}jiRY8f1iMM{8ptwl}YK8)f{S+6!h4tano=f3R1_4@GEok2p~JZ zQpBuCYzMdR>)LJG9a7$8e}2MBqPB zi4TUdK4Avf{w)`P+`lJ3zzg8{7kdN#g?s@{5SITMD4}3%azhsnM`oyqxUjI8sDzNH z2vh`uBn1Cw2^XgXNeKK)VPIkaAV`AS|0)>&FLiPLmAd1*!=hFbBtY(ZJ#!Xz^*KYL zQ`7%V-Ebs9kAOok0g-jii=Z+rkkdyM$p5uTXS0e_n;ru!Rzd}!Y*R|XqeB!a)G~vuSVt!_ib~2L;woWFHdK@ znX*&TT&%GSfhcYP$>7;jJF(nv6tev>x$^N^ZLYdCale#f>E%Z@<!~1 z2lWAQq{Axhy*q2BZ~dbDNm30H1h3SBt#WYM=rnUAcvgH!(xyFS;DKrQV*+Y^u{P@> zreKYwn~+A}$>*h|L+JgAMn@D$Y_18TTJ|C?lR!h0t&8_3lBIzrV#UGD6Fvpz7I%?O zU(>V5n+?3*mXpserpbp^Vc6L7e8k&@N`Wm9H12u9H0P^7^ogUik`-sNwD;QCf+De^ zEQzb#TF+(eDYwLyx*sPBIYr;*@g9mH9FJAke|{nNqq`HP7d~N z{=oodqOC0Kd5J+1ya~6Fze%{73DA1gWB?+uss0t~mZT$N;T%_s?KN^aEJm3j?ptp0I6~Pde?A+Cs_Ovl=&=#_=(zCQw-f)z&Bl|Wi zMg_7`J?KA5mAW zD}CJ-FED8@W$U^TNpwJMStGheS5UD`gEN3Yb$&)Rf1JHZ-oSJwy4Hy4m+P6<(HaG9K4VbRwIo!KL|f2}np?H~m3(5&;w zVR1mMvm#(dWf{YDJj9PTMNCe4Y)r+%Ep5%g3n^EHvs*Ss@>MOHL!|I*<^|c)w^l+~ z?(+{uO8(tP>x{bKbptqyfA(W>`8O`a8b%6=s?+|nz*(I!Xm29S$-aMqv^dK3_NAMA z^#DlJyA;!KO3|j3tufDWSzP2uH`32cN(Pai&?p0z8y*{MrHx;4fB56TtJ5|VjvgTI zRZRBEeIqn=fE4eb(Y6BcL8+f1dS^F#>M04a>4rem@x@65PL4?OMZ$J5om6Nm=J9HI zgWs8cQ*<8*p}X6GOt4nWdPY7XdvU-a=lS`5r}v$gtE!Nx!tF)&@yfpE3`C$OcuS~M zN4l9^9okvAukMqalVE&|<6mSw@D4ZB=Z;KS?;i#_*eHb5qkyPv+wp}GoGv=$0lL*w z?!rl-3p%kf9K7zxR(#E<-18gv^H-C|`-Sm_lTZ)YLw`bg>h^KvgjW9uO#~lMpFly> zy3)U#Xm{c%@)O12!sf2CJ8fHa9Hxea)BsUz1sT+K<lzIeKLZ=b>b~>0@&()XVdoTl_(25Y{+;a>j~alpW$|i7nWFaa z9xGU>Nd^&Yd|YKCmhh&L9Vd3~UJpOdY0auHar1gi>N9;PzT0Q_$QAt_&-RDMUnY$P z!5O?{lLO<=I5)eb%9@pYhSp+^vunYU61#~&x4pG0$Gy(}t8^@Oc-*M`Cun&!wsKx2 z)^1~RTV*Fo-*UD@#Czg_wXPs`EFLRfKrGNpuRPkSw54{|8rqcud#W0&F#9W6Ld{L7 z{CC6LT=Cby4!Y4p{mQP$URq=24107O_2F-0aH%pHt~7Rv01NY>t0veH6mq&*LBv%j zao;j8C|`pbEN+x+0261{gdME%GO*jV*XH>aoD>L_h}ouRn-t?BiCm_cF^m`*p6M<3 z?UUM_^EkYIDb}uvCx_v}89&7?pP1o0FDQ?>2q#$hy+B>qiK${*+w92;mID`Ht2hUaYI+OA2M9!H9w*;@coEvlx;qq z3H%_Ng{VS4h1>(kOt9A(Rl3D&j^A;5`LCxXC zwHt1Qrr^{#^u4iO;94W^6?miZ@DQMB*OPdzbSMyL+uq{i@n*Yq&kEpCP0c_x${-b> zO)ng>Iy3vlXGT`S#B*YM=;d|1d*6tTm-ef$(X`s&W#vz+V88@!;oUogCcGYuo0`mh zShCTAK{g{}P?i92KtT9D=&7@$noOg@mLsSN38<-B1>YYvZ#DBB#(u7oLje%jcdq5P z{T>rh*vu7M7CH8`eUJnKg!$Vq%^Y(0mATZlR|PN4W=#VAG&{xjP>Z^+nyj-L{GOa{ zIa)3M^TEXH&N^_)mopzkq!>PyS(Wl`QizCgczZt1GZqE)7ZE!wC(up2I8ZBEWlsE) zwtHMnDSvbL-VR5hHmLI|19Ktz&p#f{Pc;c%z>A_oQUhAq?#-vjnbgt(z6qQQ1ieOU z6Nga1n>n7p+y+xy2uu@?MMfDYU8 zH8}xodbGNpVIRRg1N>FB-rU1zj)APJ?^`h8Gr9${l?q-#miW7-)C;v-!*emY{4Xub zyk*|&!Vkj<_CxL%b*T?dF`B}QCSjcAPH8tH^i&4tTqVf6`NM z9*k|5nPYklhS558e9bL8bPTv3CPJS3##e1fn!1RpcrYKKmGQI#hGv4D>I47wRFTc?#8}D6P&-TtNeqINO@ayCzdmOX4Z?JeQ@XN{$XC-oKOv4=>XS&E7J7O{K>OtG@9PxA3CF;E ztlEOeKv*F7I6xi{7A74KfDP7z78Hule%OV2HC9xj7$0f0!C2T}>(J9`9Wui#i_FB8 Sk_|*CjxSL#CKg6a$^QVck|7}g literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props new file mode 100644 index 0000000000..d5a64750f4 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.onap.aai.props @@ -0,0 +1,15 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-resources/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p + +#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/aai-resources/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-resources/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props new file mode 100644 index 0000000000..8ae66aaf79 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/org.osaaf.location.props @@ -0,0 +1,24 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + + diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties new file mode 100644 index 0000000000..4234121a2d --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaf/permissions.properties @@ -0,0 +1,2 @@ +permission.type=org.onap.aai.resources +permission.instance=* \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties new file mode 100644 index 0000000000..f2e7caaa29 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/aaiconfig.properties @@ -0,0 +1,88 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +#################################################################### +# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE +# TEMPLATE AND *ALL* DATAFILES +#################################################################### + +#################################################################### +# REMEMBER TO THINK ABOUT ENVIRONMENTAL DIFFERENCES AND CHANGE THE +# TEMPLATE AND *ALL* DATAFILES +#################################################################### + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=true + +aai.realtime.clients={{ .Values.global.config.realtime.clients }} + +# Timeout for crud enabled flag +aai.crud.timeoutenabled={{ .Values.config.crud.timeout.enabled }} + +# Timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms) +aai.crud.timeout.appspecific={{ .Values.config.crud.timeout.appspecific }} + +#default timeout limit added for crud if not overridden (in ms) +aai.crud.timeoutlimit={{ .Values.config.crud.timeout.limit }} +#limit set for bulk consumer APIS +aai.bulkconsumer.payloadlimit={{ .Values.config.bulk.limit }} + +#uncomment and use header X-OverrideLimit with the value to override the bulk api limit +aai.bulkconsumer.payloadoverride={{ .Values.config.bulk.override }} diff --git a/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties new file mode 100644 index 0000000000..0aee21778c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/application-keycloak.properties @@ -0,0 +1,14 @@ + +spring.autoconfigure.exclude=\ + org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ + org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + + +keycloak.auth-server-url=http://{{ .Values.config.keycloak.host }}:{{ .Values.config.keycloak.port }}/auth +keycloak.realm=aai-resources +keycloak.resource=aai-resources-app +keycloak.public-client=true +keycloak.principal-attribute=preferred_username + +keycloak.ssl-required=external +keycloak.bearer-only=true \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/config/application.properties b/kubernetes/aai/components/aai-resources/resources/config/application.properties new file mode 100644 index 0000000000..d0a9c14345 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/application.properties @@ -0,0 +1,96 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-resources +info.build.name=resources +info.build.description=Resources Microservice +info.build.version=1.3.0 + +spring.application.name=aai-resources +spring.jersey.type=filter + +spring.main.allow-bean-definition-overriding=true +server.servlet.context-path=/ + +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-resources/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8447 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61647 +dmaap.ribbon.listOfServers=message-router.{{.Release.Namespace}}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json new file mode 100644 index 0000000000..65f13eff5f --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/auth/aai_policy.json @@ -0,0 +1,298 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "actions", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "servers", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "cloudinfra", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "cloud-infrastructure", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "sdandc", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "service-design-and-creation", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "business", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "network", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "search", + "methods": [ + { + "name": "GET" + }, + { + "name": "POST" + } + ] + }, + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "license-management", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + }, + { + "name": "examples", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "resources", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "generateurl", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "bulkadd", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "nodes", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "query", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "dbquery", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "bulk", + "methods": [ + { + "name": "POST" + } + ] + }, + { + "name": "bulkprocess", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "recents", + "methods": [ + { + "name": "GET" + } + ] + }, + { + "name": "dsl", + "methods": [ + { + "name": "PUT" + } + ] + }, + { + "name": "common", + "methods": [ + { + "name": "GET" + }, + { + "name": "DELETE" + }, + { + "name": "PUT" + } + ] + } + ], + "users": [ + { + "username": "CN=aai, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US" + } + ] + }, + { + "name": "basicauth", + "functions": [ + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + } + ], + "users": [ + { + "user": "aai", + "pass": "OBF:1u2a1t2v1vgb1s3g1s3m1vgj1t3b1u30" + } + ] + }, + { + "name": "HAProxy", + "functions": [ + { + "name": "util", + "methods": [ + { + "name": "GET" + } + ] + } + ], + "users": [ + { + "username": "CN=haproxyuser, OU=OSAAF, OU=aai@aai.onap.org, O=ONAP, C=US" + } + ] + } + ] +} diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000000..1db2774d52 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-cached.properties @@ -0,0 +1,100 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000000..36cbc4201d --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/janusgraph-realtime.properties @@ -0,0 +1,94 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000000..4cf6c74333 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/localhost-access-logback.xml @@ -0,0 +1,63 @@ + + + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + + + + diff --git a/kubernetes/aai/components/aai-resources/resources/config/logback.xml b/kubernetes/aai/components/aai-resources/resources/config/logback.xml new file mode 100644 index 0000000000..f24e86d8d0 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/logback.xml @@ -0,0 +1,344 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + + + + 1000 + + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-resources/resources/config/realm.properties b/kubernetes/aai/components/aai-resources/resources/config/realm.properties new file mode 100644 index 0000000000..0499b34f1c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/config/realm.properties @@ -0,0 +1,37 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..d9fe86e4ece3713ea5bae80fd9219344f8289ad1 GIT binary patch literal 3617 zcmY+EbyO1$_r^CElfj07BSuNXq(*}X(y5e4Bb`G*5fB`pqgxo#B`F9ZF+xgOq(fqK zBN9$Z`t|*t_xF9zd+xdCx##oTd;fe;SSnT$ASnt9n*c*@g=vNz!+_U-xmZ{a2n*}@ zi(64xvgrS@$S@!**^9sU`QP>gQ~u`)N&zIv#e&XISkN&F38wge{P#IC2;RZyy&ntP z^$1MAV^yVg11N_p&>$fNbm)Vypsy>*CL+9{DZ0ZsAzP}YINc2ycqbt28uuYL8!tBxW8JScQ0yJ1ZER?K!J&C#R zOW-Zx?>+rJ$qa!#d6P!F%Zw8=v-fg-zgevZ~t5d>~ve(O0jTXthkTtC1;uw@EdFxr!Bgn(`VG{Ug;2lGT}a#{mz1 z=;=~BA1&R4PUnA&-`w_icoR5};C${^{8i>aKHU(>REYr}7sm(j0Sz#W#7&IP!#*2e zXw|fFl74*8q*7&0RAk(mtE;`v@9?P#nFkXM?CmArAa);Ti3}RMOyN@g7F>nSv_Do1 zZHMX2%9C#6O#_k((~`9Y1`E4l=r!otZjN@^!1f(FRtDYO)0clL9HH~)BvxJC>$BNI_i}I!=to>CT^ng3E+QA3YT2l@mruD$>XX$)YG~8;Rb#x5Mn~-Ew zGp=3gtEJ;5)|bH_WjPVA;t!qNY`eCe+=ArYag0-EyF}NnzMs$w|G@~A5~KMEEXuJh zLnq&}INSGsw{%U2b{=f;yc``&`#|jl%(;l6YiB&C%M0ro|HtcOPt2&?Y=E_S>t553 zqqX%}%j>yJDY48Osphsd(Fc=?8fyzbYWFzH>@f&*dZEG{j?Nbs2CGWSPsU?w-FU#Q1LC(HKIk{sfk%@Zosfz{jx#64;g zl%`n{Y(z7II9U7%m6zk(o2(Ie+8w(C*tbmtdZOA{@gAh&Xs72+TR}8Y zU?0A8mTI=zl!&(n&CSV|_Fje<3)OC^M&=?{mkEnUK4ux;WjIX+hYXOB`w1_j6`@dpGg}u&+V(^AoR2}&hJ7lOL%eKiP%I&Q-Md2)-2usz zRVW!Lbsv5k+)2>Go@^jus0MtsKQ~&pIXdgBtGlc!aj#HrUpflDe6+Migv!h7%`@C> z7#T4XYSD}9^jb4L;`@=Q?5^q2yVDr8uAlN%qHDK-C9QDrBCEvF{BzsT7o|);4v6J& zdL?@AyF1UF5TG)QimZH3IF0MJz6{(y8*#PI;cCPSZhBWHkn!lczM2AF*@LN))w2 z$^R3T5V$CcO&DPNw_E{=|50Ip2jI!y*%R>Z=^4Nozz*R5hapiM|2?M@g@b5~Tpv5K zi%Lp}iJ>IL#APK>k|->>;6F>(z`0m**1rfr0tEaO+W$Jh|H)wRzcct2pR$y_U4YHn zuSo7PWj~|Lc023;%iveoYg3=VG}EYW8uB$48pF_pn1rTTKmF@la{`NQ@a#(D2d=|v z=u`EUzToLfRlNV1Bo=L zokXh>X0S|(O~mW8H@-8_a`}FaYWZCktESmakzoIYs$2J-O26HF*l?4LNJC-e$Z5u3 zL0rBZ#mbU*xkJOeQ#)l;L}FjA(N85!C{;_E2?N?lsKeZVZa;CIj<-*<&e<~XK5oNZ zR)Km$d6$uNYEPW1;WN=MC6?orWVBMP#ZF~4Wc@DkSrneV+6C%1X4bUDd3P)qy2R!W z)*9G*+k{r3{T21tna@3X*`iu_N*9}i1dtnG58I^jLz&fTyZ#e$gI^MDB4r~mWrcLy zWQ8lzuqenV+x&L7S3%}t`9X8hs>vn&0^!(js6j--N2yfP$P`Tz{?yrCm~IRRqJ>BX zj_Q!W!rHD_WsWHKXw`BcvwFkI46RpDqg^NT2(=`s+oxEi3cHX9&d-ph3XAo+XB5{( zG-KC!OhumSce|a5qWtCvjnXz53^8{?ALdHJy zoEE=u_5%yd3ePyFO)wB&rD`kyF^jHPEX7x z(4Re+b{=^`1*76sHgDcW5flE@t(blx*eO#TuL(=j5G@+HOmxo-^B%pIqt~s_%siq- zH{?0KKNMb;vn2$?X1FP5MFxU5NV1l4y`EgCbq{y16uuAiM%gMY{$jJl+9)jfd}d&C z2+TonP0iqwiYwtkC+&4k3WCsrS09AnDlIkv(#f$-2+AShV9Fcms^>SG{cxM@Sl=EU zfi6Xo=Jiz!cZFfoRnCiqgvHkd(07|=83#9?sHTmLs%q*DjdQF(up9NdgwxssMR&`Q_RDdil8sBVQi}}1@=?E36-^p7 zOz9pK$aIq-;JAjrUOa;JK8}yuOrniUTwD^)T(U@=PpnMd!`8^j^pp ziLrjaFymI=3MnmI*lJ)KtH%q~GYQY!kiRIKOEEOQ5?ArBpF7(yb3V@_9e73&k??Y- zm9w9x=JQMy9r&ba*}VUg&#kTy)jWexa?4T1+&U=*=NLKKx?e@6<1#*dxMLpr!}Bcr zjLHlEOJs6qK6n6CrWE@oCUG$w#N_Y76~s2Bv0)ST#rmKN){hAqungVyEq#r1lp7ly zOZfDG7#f~BX^^k5DSOT!e{0Vvb7VWj7^3n^`ypw&x~=d*f4f{Kbu(|SJ3uaH%LPfj zfF~@{(wT<6ZZvm`e(wqYogiR6dxt}6B&Z90R6{N39E1^5^nB{>>Xv)+g>aGKGilTu zUuuUjk!!-lw7nkm1JROg+=a`_%PKeksQW!JUGwnRPHPJEj0t_VD14&K2&cfq}W%&txD z)b0QknP+UypJ=IHXf~MgjmZh4o;~e1!yM~7*|_eAH&iryHDYN>yYk?GT2Y*4)-#M% zL@qB$&zh)5lZlOok4OYk)(}93lAp-%l(%LZ;*ie4zViCIDBaDy@^}?e*#=6ct{N)g zy|MItqFVfsN?cejN{uMOTOXEBqT-f=C(HB=FPxuB;Omv)p#|dUUtUeb#>}EuH^lkG z^B2pQA0CZy8uL?c#+8wtQ?REp3DQAB*(=QVk>CJe<{o}3PLL_pDh`b?1}JEX(|;H2 z(#%fp*3wu$4^SmPOO!14tTw6jfq!9m9CU^4NSV_Pq_G~)RyJXs(EMmlvHFg0uHV~j zaCU|GWu_D#6*oUb{m@)>uq+GQ)XKF+spUZ{=F)soG=iP<2^1cX88J!4M!+8~na{0d zHR8ZMrCG95E7ULT!%lApVFP1xI_nSA(c$P%O}l*+ z?#z+5dq=~$Sd$|qjt3uToZ$>U=C?7YM@z4-g#_0JOY~I^@QOZ3G`)|IBV<)yguf`Z zUNBH!5eP3G)!a*y>dlrNx$z;(^!K}KHF|Cq^W~>H;>9bb`U}1FHTmgE>{=)V6bA|d zCKI3{C1D~1fZ(rus6rs}yhG&{^4a)r)N`nma(xh-6j+A6%;p>Qbc*DVj(%8_5jKe- JAq9rz{tI2+vm*ci literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/fproxy_truststore new file mode 100644 index 0000000000000000000000000000000000000000..f6ebc75ed85ccee1b82ae27fd24e0238976be3ad GIT binary patch literal 4639 zcmd6pc{tSV8pmg~4P%+Ila#ga8@os(`yd8oi!p{K`_NcIj7UgHs+0A#Wow}%7->{`g(L=YF31cR%yobALb2y*9o!4g!H7vkejpIogZt9SXb}9cyb7QJ0zsVs3e*muKyJvY z3T9!hd+@u7__GP!Fac3M4zwDetf;0404hpq_Iw;lY5*Fo_|5#gx2J%`e?Bl64uVp^ zoFIS#W`j_`U{D%Y0T6;UEOR>^Z~Lx{QzMFr=L6);vTnUn*)8GiDbv*@;=vzC$u5n= z^|)&_qD%FAGS(1Ril3)Z5^pJaq?$KG*H;PK)~1cwMa>{IguV#RavwqT6;6A0_PJmL zWFAo+1^nMbTfha!Qm*vp+_AV8Wx2LxtH0XYUSXZtMRnoVxic@K*B`nn3u=Dc)4E=C z`7)b!e1E9ViuE~Fvpw3f_mxJQ8ua9!=6U1WZO=w4oPSVauw-WyDOi5%4$Le0Ak(l2 zRfFjLz{7B>VJ^nR5@dW@<}1PU`Xn0`iw~T_Eou}?z*U$vd-}5VBFM8GsxLV%eDe_W|94M_gBwq z?c*2zZlX+98qN3V0)Hd-5=TO3q%=r^6y{u%6Wad4|eftLw)KaL-okN;NQhpKreCd0c zIno%)<0AS55=hOfX6wb=_=&mv`_q@LfBz|0<)&6P-{blV92Iq0=v;jfSoQW z1UuXUtE+49T~loA8xs3Np*C2CqSOIZKm|}&K`Wzaic(bi$pj3460{9=bEwTb2>^Wb zouTZ1I*6XGGn%H6zt+wRM=3k;n8Y^YW)#P$wgl!B3rCI(#Vlt$_-sm&bz7jz6aOGx z_Yvm6?j)JS7fwQms)AO7?vN)iVpc}8uW~&Zq$oOcyCb-HFuKdg+GT!Me%NtIe}!14 zw-K^CSk1AeO{F~0`;S)^2ON33ZZ9WGX!NQQg36P+kSN=c=@-{)BtK+T@qQ9wo&za$ zt-o`g-(A!m)j9p8I}b^YS4*oBIq3dm#4;w2Sos)naOXmj^e{iP-9MJ(!#3iHS%{M; zu91ALxscE}P>+n55plmUe@RCe-(Ygm*<8FuKPF@dkG~lc`<@H&hIV4}SsU=RbtBAoO&7!BUBn`#D1q4`|o zY{#tJO|Wp5O1y5w8X2?;^8mw5w9qF%G5B1ux8$8UvNdtC@63JYi0$I61R-$Ingwz_ z$Xh2~n#3YY?%FIcL4f**w9XEqoD&oVyXxRfE(8``6(Z#78;!J0bnuIV&HvmnGh3s>1T7l6Sk$DVz&0c!gNK$$vNTB{d;gwO+8n zuw%YHWNV#6=;B-qQ&jhX5e*U6jBNssmu$K2pkFoaJ9MI}aObmx_M<&AzpqbqB9{(A z*vCxzd#;YM-%ndwJ^z4537Pd}dvI1s@Pb*g{T&mtXcbn6yG;^qskY657Oumpi)GWMoxo8{-5rQ)soJX(2&@}USG4zUH^TIw{Dk?Ns(J+P9 zpmhM~Zzh2MOH7FaVjDmdU>whzq~lGJXAI@(t&Y4e$>U$3$qjIBpp4~vO8z6lCX~-# zf!2oimGwJ4eJ+}nD2R6D6!aD}*lwe+Rb^FGZ6tD--+0@hkmAGYMqjBbbILt;beuAZ zY96i`hgF}D4Rz=7g4nwYXPLPG<-kDdla~M?unhtf{%s8MeCn_ z*St-kKlibXfb}gYto?*zggzhnZrJY}9fgh{m$vS+#I=HfD&5*{$m@$~Ee45h^*kQ^ zPql_j?fhH$AgC^NKE=igD=SCuqG1{4Hibro3yPO7k1s-TDbV#0Go8GQqn$R$h)F<7 zsw||;lTaWOTZl3+YCo}6m6AoJI^4GBwZ71=g|2uZ%V}G1Z8i8=^^DD(UXBffQNS*= zOgS>zKoJxS0)PN+CRUeNBXI2EelVC0Af^X^(jQYCFiGB>7JdXDEEXeXNbn($XqTUx z7?waH6G&ou1X3W;ortH+{X|B`vd|%K_IL3`m?z_8(}4>Ir)6^h>kTrR0j7~#eud88 zfIRvC?s}xqu2*^o`vaZu{*50Y0pkU>FtO}n0>k0VQ1Fit1i;hXxnYigJq77a2nfJ= z5adX{$7$C(MUYl?I6tC%0MXmei{M7^_WeQTK(vV$=#Q$Uj@>%pAE(2*EScvW&2HlU@TLPCXl7~GP5@5?@J^=8DdrgPA0qr!M$S#sgA#BgcSAxVu- z)%YIWXG77)A0?CRq^f4X(!cfhQgAIR+0%-a=6mh(XIIiboE42cW!+@Fy&`2dB>TKo zvHcUSUHddK9sLoq_)$XzR0b^9eSu(%5~j`r;X}7g$=#0Ab9ROQP_Dj|>N)Cwye9te z>#I*~*2g==LT>HVKg0K7`c*RK)sX{TGsWx@(hFCENBVErZ67fxK<)>kv>$oRV;T73 z#o>tmhFsih6VgA(1?L4Qa2^`DzJ4PY)25XE9pq9(Yp7`aL9PuGu=z`JeQT%?>|C^y z>Cm1Z74t8^Vh7kZfCZ(w{YO@{q-ybh8cnx2#m=3x9+_8ad||L~RnMW(Lo+0@E+p=X zk;qbYQbW~4W(Q$imCJ^Cw$y`T32)$OpD!u;HLgU}@>8RN2lm%F4|bYM7?_yODKzmv zP@Z5JS#_midG?a2+2Nn3&kNwex4El+6ks!A`#`@Ua}*sPN~lPWU4vucT!srkQ`RrME)s(S-sI1Gy`Y>acis&T7So%#P@ zRn+nZtfFRts3{7|_wu6f(MP|cln{O4-yuwpzIgoCA4)JH5^yB^(Eu9PiFm><W+S?BKvhBtagK? zywBZz*U1kbAgjQqc=XrL@SPURX6FyMfo~MMXx`Mkg*$fdAfFOG#-KstH}X zr|<2NRlZojDZY#*c8n8Nm?k3&Y#W1jshoV~dLX9ZADng$(VQ=%5-JY{2BeG>Ju1DS z#1DIP!Q`c+y6w3daqdGd8UyFBje+%7s9q2o>Lh8BWh6)NOkP{1{WDKsiZb>#!z1d; N8`FEAT_yH${S$Z-vnv1q literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/fproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..9eec841aa2c1243b5ca3e22b0b116e5bca2afd49 GIT binary patch literal 2214 zcmcJQXHyf35{AvG`{CJ{ot=GmXP3T7-vj^vpko357Sz|n&7RYU`$h=up~Z`{XDvR*`$ zzz#)47haP~tv|D6mK5}zGvJ;XTcs8(8BRtSutt0nY_g%MoRa|;|Md5m6Fh;Jq2N{Y z_@3}C$JB}YtUs*Za?s`JeoMO1+r=63TnZY#qy*QgQqWyhEkSt;6nsS%)@q-fP~E0k z;;U!hctBy*u?73i4m--P-{w7I}r@otzjdND9D8ErKeeYe+W~WR6XoY%67E(c zKG2?clD{PU%-x8D{xsDjm8_i!Iz*!~sprgz-pbd|wD(J^B61Y&c8N|WjVZ|w(#tL3 z);vAKL47*5^D&KRS;w=+hJbeg9DS27bTdLTKaF?v@IGVZYIWHjnM2&;#FbO!hU2qE z+bdse`Ua`*ZDSbQ2`zDZPe8T@&;k+)>fplIw{8rpK#w_^oyy@JG-<*ytx4iE#yxnm0w= zsQ3mhmsjlZsqDe$)4tZiZ8RyqHRA(V@Z-;JVxjT&?A7`G1xSuj{d4T^ z`)2$ClX^CNSj2ZA7>6eiBWnlCZ#_k7+R{j3Zs3k}#59ZG%&egH70h}?*UV&AM*Nux zftp}&{@Bu4uYsw@OI5B^W#l8Gva3CRE@@gldvhn`*Zk<$Y0#?*w(wKl@IPPerG#ew zF#ma(&R;XYX7qXa!7I*7ye&-MlMsvA*gq!(+D7brD%esfz4f5p*wqG`A;*o|ZZ!I} z+5PP#v@U?VeeENz+c5~Ar}mueC$HJKfJ&S_*{uz6VF>tC@l@c(g?Mr?%9Bnz=F$N% zGJwGPmUyvf1q#=GQSz;4>Y0n!PhQ=nPlaG+ZKuVDSYCSTCB@@0XY72sTWR}GFu0sM zuJU)M7B9no2}*V)H*Q$sZ4bK=uc;9Z#*YlOBsxVL(zz4`vhyg-qhWGi7huPU<11)Y5*UN!14#^-uFzS7BV58VKr zEA@&jM5+va6#HX6u>AXmQdEdZs8yblX}kfBR64HCf0!aQRy-pc`BR7Bd{w0`La7pI zkm=yi-+ve=rYfwtttUgeMdb|Jcjx%UI#bu~NFgHk+;KiDl~>v4d7X3w z9rc55$0f!7n&sJ9{L+P^xOe}Ks>QqeF)(&V{YCm!er2w>_iX(t_Tivuge8N>R-3qr~xQviRhIz7E zmF2Mnc|_>mPq`r8ijUH>?@90qr{15OW~Xm0vAh-gzs|zfiNZj${Gzru|mOS5GWjURRewE_Y};HIkp*=k2hBQiz7ez0-g*`J z;kBFnkU1$tF0Q3m>%h|VsX%2p1>*X`1iB_Xsp#U?;-t;1ook?X4d(qVk*{RR6P$!( zp1b3J(1hT0hDnnDpuGp1ZS=|N6}7K@$PGzIw|!Z2!?d{VA_xow0CUArqA20xnF@14 z_#iwJi$B9~LoCv7gCyLen@bi+ATHT|ns~f5$0h;+Rx~^Phbuh2WcIpC_L=IRX6m;L zysyK_ECDymj03FucK5@FeBsQGhhk{RwcU?BM=B2vJs7~^Rk^HuniMI0TX6bN0{i~@uuQZjr@ z0~JCi^gFuj9Za{klpnkui<5%Dg>7HPFqAv?53G&aN9E0RU&+ronb{ED1*wh|l;Zsh_>tSL literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..9a08348b0d --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..071d407de519f9703d1ae5431205dfe60694ff25 GIT binary patch literal 4291 zcmY+EbyO387REAjKlULLn$za1j)ae{EYZ0x#tM zB0LXV1Rm_K?ew?p@QMF@MM8vyjY8mFgAuqFU;%uh|JZ+@Gvm@&vu>v&6Aj&zW_PY9 z9E>Qte+Y77;{duKxCq=nAKApJC-P`1i}tGS4RfWydv;-$-YgRKGj8)?0oz&rd-w9Y zSN$|}>cze{_jSmj13;=d!JjW~2?gXqtMpC-``HmcWV@57?*x{JDTfF!ML7pjWyv#g zyM1(~bG2SRMtnuAf=6FUlJ?>B7p1lor~PK6Q%VAlXtJ7N!~L`5g#sQ~~bK_-L4tMesucvnOfR zUy#H;Oux6;87_fWDD3_*-}Xt0SQT`gQGCVnq+e@R*_CG4=iUXeGo?1LjWc0G<;u0C zHU%I_!*4u4D%P#EmfsxH-7rRO0x>FBbY&(ZA z5^2CwYPa@k`3s^+t5-YQHc~(gSbuy;u{cvJ`I!Z>Ger_-IgS9Q(+Rp3!YHT3W8W$w}9OvEFr)#u3C0*!%WU3MJjX%3D zs3;yh?jh^SBRj&T^6Mp=xpj@rY?_MEGU3y|FC4^sN~@PADudliE|E=l015CGe4po% zy~Qm%B$t&ZHpv4`{e51SM@PvYs|Z>x9SM${t+pnnvX;m+csO#1-f^O@;< z)MKrVfJaEIF$0{ZTKw{mq0p=MV}5MUjI#itJpB|bg#(KYm)=R+?Rf)5l)eTGLUK*{ zN4gIUNGnH-tl@;i{(D)l5lxn*g6$Y1GbWX<D`I+O2f2ppK9K1T{LB+H@@m!Yd^E7-7<~G!?l(U( z1p0!yeQGf#ljOa}pW95Usf{DQWn*3<04&iCahddevay7$MSr0w zm=<;8J$?cC3}sUsD{CZgUQ?vw*T|cR)Dv^i)Pi5cjUO)q_V$9%yJBY!9PAhV z-|9MovpedKTfLWlFh5wX$)Aq=3}h*2J-9n}X{7D}+)L2-^SSh@51zXMuP8eA$v7k5VvQ3-KTaTys28L*_d z6c|A?_unM~d=!Fc_^;KEjRp8CU;me2{U3Gl|4Chjiuuvwu}hY2-p?4#But{G%cH4( zQ8yex6t}9IH^%mB9g1+ygy+(C7y)y#TEiDH337boivYIXr z3ou&|_coXlu$`y{dR3@Emy2;?#Cp@YPEQ=nF@NA99qNCMZd=e zG?GNNhhD<6v^c7Ba@$P!mX(Mmk{pl_=(LUJyhRgVQ^PL{P<%p+NM?6tz0r ze)fBv)n!V0sNVOf;W^O!R@KZwAqFv8>a4*r$McQQ1;e4npy~&0LhrHpT|71!yRFSY zVu{#M_tG79GI~3uzhNn^V&YHSRFtil`uD)i019%+!M zGRhBp=DV+O=bb@3nG{fJkVnu2VMv*xz%EXU&IH1r`zBOvj0N7#E}jhgYxFm(Yg&8Y z6$4~y!b<^Olj7;s^TX(b{z;{%W6`)=+=_**45Mo{KMvwKr2xGH9 zAC7XFtX=)Mm@w?pq}M;OOJ`E&n;6x)xYAe6%j>@SDMqrUU_l?_Hd{HF{1hsdWFCnU z@^aMJq~cOtWF0Ne#(AV@H7wn=5@;< z?>yA9`3Y}R-11O`lM&Kbz@=q#wq~u*&W{KxXJIbxTa-Q8A9+pBEIClBxSvqZm~rh- zHr;nAG$pYY5I%7ka(J3cHr@jVyS`#3;fmD|4Pp@>UTRvJ{5X{a5$v(Z<>Av#yd-Xt z*L(byBabPamOu!8wIx#=on*nj-f5SJo7QK1PKb=my-%joE} z87{+e*|>4#Dl=hl(r2<%)@+Vb$I8kfbyKg76thkJd8``jeie5xf2+ledYsO5^4cLt zY@C3&u8z;g;ZCHIfN0z8mPN-}b>A+=FDsX@@j%Hz^8u6lLhz|PKVv%GPl}wf8(OJ>a42@T9H^LFI zCGIoBEjy($cHFiCgMK8~U1zZa-z_-p@VK5B(Yq&HMeX-Qo>K~aE?^v}ta8*Fd2><{ zYJNDqDU?z~S`$ucImMV)YaU-C}76>6T=$q2QurZI|U( zif7BI&O0oxPCM&QcID`ha@MLCNO1F6rum+wQ@nDDQhfIPL`!$#s}11lvD%_E@z*Aw z=K_8h7JH!dvLOy`%ZoI40(&SO)*x*kIVkoGRVM9ONQm`*<}8wFyY;r*?(ox#CMPy@ z4dtdAiyVUwmaBOj3%1;lsQpx_wkz5`cWb-3Nk6GiJ6a(V;F*-X5}IrW!+h`48&TdB9qcVdmPI|%Pp_p zc&Gby)S9A~Pofw|#4AosUd@q)f`Gbd{3I`IuOFkILDkJ|*bsoBD{sz9DLUt5`Zs8*t3)A+ zW%$K<@D@kYs2ol|Z$scYfA*nt`ZjKMzVFm{Ty;rMWS$-ck2DmlqgWg0{D+0$Q%ZVZ z;UaZ0@GQg($40WNEcDrFSwujFiQyIf7l|h)PqsK}tVq;blh{bzOvP=du9P*$)TvgG zdfgx=2{(qbtYzV(*R8&gDg-|usroGvLonV4PJm&a`}=cZTj zQE6%@7bHe;+l8koJY;cwZ&_B?b8ry7@?2H`Y{kFUMeed(KiVCm?~A9ue3t>msc z0exllCO3ElZ>#TyJm?^ylRK6_O#?KY`D9YAqe-^dtE5KO`;g{5V|H@CH0JZTJr`1LGIlj&{aD^gV}%g2XPC+MJg2Ue z9xaIwml#{J;1*8{ar!o2F**d;#vJL;1?PNwlOjY%G%MmAS=Hdf10b!njFa;BVy6}% z=5m$boRVq8S~7JI229lq0`U#XW(m47chdQ&*J} z)GPcxQgD8170%u;x%NFDoIW}9iI-gXg4h2Iz@tU zqWTHi)*_X###*zU+Q(0-rFL{bM;g5oQn~jvSJl=1X55CO)5qO~RZ!)iU00)g-S;(e z0?Sjy@vt392ptAM(bN2LG0CfrSq3@3gfPK5ZeF% literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/org.onap.aai.p12 new file mode 100644 index 0000000000000000000000000000000000000000..023e2eaac62d7c00404e3a326f03edc553ef6ccd GIT binary patch literal 4158 zcmY+Gbx;%xx5jsY1s3TJ>0CfrmXKEI?vNCuRuGU*71t$2Lb_oA>F&h^C4>bLmhM(M zq(k8Io%!y4@0~Me&Y9;qbN+nh2SrfI-~sWW2uc7USTI~Y{EQ4p1k6KF{3bw9>_QO~ zn@|La$G;X~9)iU7uVjS>1pFN)|2jbET|$!oejo)BLdgk;)%p?|io1Uo;o%VjLJ=ea z4L9L|LI;dX=^pyY9i%r%o8K({2dFp1pWy>uy#-EtXl3sdYo|B{4amZ_)Ay~yUC-#3 zuy!s)ktn|lD+cP5@$5BZv%jfeXQufZW0GHN%1X0y1R%M?Js&q$l2lC8U>yS;Z(=oo z^=@9`yA0YO_O`ey*#qQw%K~`qW{z zTr>PfEi8%T=}j|Cu$$fV*f5>zUQGg55@#Zj1m)e_Lg4%gxi6PfWJN!AZs~hwl8syG zgm93zxkAj>1%0ZM823)h=oB}&*OZ3;7O z%ZiG@@Vq$SxhRoO9a79^$dhZHmnVMJCl?4W#nYCl!viU5!#3`_`*W|}0oX@!STcA& z9t7*VY0;A9w-bz8fC?|C{nC%FjYc@B@25|-3)0Wtj==9nw6AN~3CliJyB$QSIp|!9Zr#KX-6xoe6lEWe?-?&_YRHoSLLpG`4Q) z9LI)zp}BDz$+Vh7RuY4HzvwT&Zm{oUn=T5Gp};oH13V}o3&Z76Q;l{T85J8e>XIy? zPH<)$Mf@gnD3Nn}g${W}6p+x@|BaIB5RxwN5!n#S8`beGc{NU!q+4nwMZc9#3iy)Q zQr}mgF_mHRpxDFk7?K25u72(yP=dT{L5(s$Jdj{F{87Gz{4_*g8dX^@pSHsbu99js zUUMpKTI8rXAsm=C$YAqImg>Dby=bn!;Pd2TW_4Ea8GZShkpuXy!>?;U`4$a_wX9rV zw=KE60EQM5sN=uP@#r(zt{W>6gYuDl(5R7zl!No&TlOgF?-Iu%d}J5f?xyOMxP!M6 zIbp zv@s|Cw1jK{O9^8xgZ9Q1LSx?_&L4(FFhUhC?UumNgMJ@{Ht{5Iodqw1yC*l{6WB3i z1~!mU|H*!m#0TMFRcDKNK7!y2P;E#vdA)^QNXD&4lI~=9wxi9Ao#|sqycgjrJhbyS z{W4!lV2(BDI;)VUT^d@xXCoBxl*THK-Y@9~J7LG}!WJ%iRAB_cvhiVI$&=ipOVQ!{ znkw&}pW>Ax$Zrxk{LFPInaJ+bMm(hpwkIob@vktkz3n#FU#bW=>t?lq{c@_4{eI%E zjo)Of8+k_j@Q1a8H@~)CeBmc^Yq0$?UOAZ>KYd*+*>!sG{6wN8@q1T;CnUDN2RItW zjOuo1Nvw<=kVn@SLqR1fQej9rc%#JJ5V6=JF5KSYkn`#-r9mqYR`(?au>{QxY)xlY^z!~^MK7DzFodugGDLoa;ea*!r)2D0JIud^T$s&LzWR~vC=60R(kaWk;_bB~HGJ zq1$Hp=jtt;1rLuhD5y&lnv0^I0Qv0<512NfM`OCtCmxFsoCjneT+LH?W=w3H=2dVo z2~qjB^#;o{EGFf9us`HYvm#fM!YRu@>$yjW-C6Uw@LYdFq%^N;4W&aZ<^7wr#DOu4 z=x|q16Rt4qoF+%YAREvl{hl*ZqJ1pmq$Y8$5eNT`mUw#MH=jmnF zw?D(GyEYeW-5Jxkvk&>u))`Qq6a>z*ZBlrRbje{ z&-ME8+V0HtIl3LYieia7MHxF{3h5?#$*{~I<7olt$>I;Dp!c&qd||~dF?aUR>EHYX zB{RU#r##jRBG<237t*Q-Wzu#-do3~hx3bF?S?Ws=s)k^hw}K3Z92G$Zz}@F=QDv24 zo^h=pBg@XIlJHp%0b}BiEG9sI(_u-|@xFJNI0xi`V}6EC_%|z`Qs19)0lU)6-H*p& z@u@-_wTNT~q%u$Fx^CXXX}D)K2U--vIh53GaZr-YO1Nn-uPX6ADVMCJm)i2y=ofDf z_CU&IJZj=f4J!I%7w5EmOMVXa)wwD2wz^cm9}-TzPC3Y0f%3^uy2$k@ny#x;5s-g6NZ+b*tD znA4@WE`M3o_!ff5?0A~cKjYohHKIJX4c}GfKcVuNuu3;Gw}o~7@qA$3WoQLo7+$ee z)01Wn+_MFB=mRGOB?${!g=%!0DLvN(8Vgk=)oGVd5boOh!tv-D+~d`)L*ym;VfQmn zAuJXfwJy$v>om#iLWO$509NOw=z#M=%Dk~!7z;$VwoWjT4k^)Rm$+}V4t;>1LB z<1F!7_$Q017p-8jAq6$fRQE|^{tS(a4j1=0s@W@h?B%y-;- zAQ42gJ$^FVFPz2-3TLqsl(aB#bj;S}-}Wc)6DLk#;C@$TG$Yy}vS<7md-VKX?GACQ zpSvN*2EpLc7n8!b;y2%z11R3EYtvuI@!_5VQoD6Mb4<9c;7hNLCtOh+ihQp|H#&nk z#O1A#U+5+byho<;@%M;$2VJw1M(Xq+>mQp~qR>N7zPAtRSL>M2nrVBq(RQz(2$0wR z0n0oD$esWJdiqzk{M%-Pcm4-6Nq~5H2!cH*f?(_a(I@^t^qKo@QTSxnFYO=tBtQ`K zEm)UnTWv;Zi9-xg4hm#WX&yVT5f|B1QiysciNnNc5IY1AIiu_x+ zSbu$>-XF3OXkk;WPt%>~OkQwO6KJL7$FrFv&~YC;r{8xCcXHR?GOzVvn=Dn@I#Xr5tBA%)^Nje8E6m*(7^l(Jrbf|)iKw&}%+z`8 zM(fety8C9c@RO!mx#W7*$)AElWnVf zj-PW4!~$541Pch5zhxLBb98c+3a`y0e9!yVFuX*2HZ8AJvXL@^xdK@a+*E?ajY-YE ztxM6liM^g?C&!%}WU)nl37xvbb}wEI{p&Y$Hyrx9*vm6>{Vx>NSQt#LdgQkr+n2)+ z5<-=D+V0JFDy4~9QJw0sZ#BfecKhDEa;4>OX2y#?L1JEjlh1N5>sot?d%#lmxmZQC zQeAd~7|n<9g{gsQyH^Gn!Hv{-j`>mwBw1kjA9jJNw<~+WX&(wO9`*voBiW?8(CfF? z;31-q;jT<8R@(-{5Yjw3!8cZODUv?2@-x-#cbrSw{(xQmsFGpyG zf8`9C>O@@3XE&|CFI=d_Ny#>x*yEV$C`>lCFFGfkbx-IbdZQ@yR*_}@ZZ~YH zYk1${DQ5bNS|N!AG`4$pO5Qv_tl&!g>Q(G%LMy{JG2gX`FDq-jJ#y3aqna^|DM-%t z4ky0Vk82?ba=Zskwl*I#%MrRN6|C!Hh4YERO7y5m0dHqn`;tio7LRBZh_huiV5%u4 zDtx9cWO7M3S4=GlROv7hh%orMq`G2RuqQ8 zoFi!lBYJo`7<2lh=&nS8euw6j0lxQm>Uc25!d3ZA!(?7JGp`$bHVK6Hw5CEX@?D1u zD?r8Q`_RXM%>L@Vu@6)y_GPfaF^nTwsu)7LTPr$d_a;f^k@t%*72Qzh?O4wV>P#Ob zEb4P#4SFhQiyZGxO-ruco$SN&H7`BVEPG0eA7Bz)(|8F{i=|t%XXhq<@Sz?ukUkq&A zYifO__Ay(&8c>mck7z}?*f;=of9pBm(SPTCfCs?+@BR|-&*lYihKfQtp(23Um9FDOvBopkB9>SD1eVdHmjuKktVvT9$vJcX#Oi+l-?`Y= literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..6ad5f51ad32b4e98bc42492c5611f2cd290778d4 GIT binary patch literal 4943 zcmcIoXH*nj5}m{lh9H7NmLy39dKi(MB}i5zD4+~50!q%J2#jPw1SBXqOOzZXOOT96 z&XPd^K_m)0p!==+t!K~KAN!+Ezj{?&@AW%%tMBc@FNa@1AP@w9K~L_)7|dNqtb?No z1_T0QhdvX%0}<%)2?8P@5P>X!Baj4eP|ids1Pp-?gW~hP)Ma#)!~tY*;`6>rzT0GA zFoFOCTttxrq;RM<3_(hup(P`ufFc7B$2JKmOha8p6NLbXk4-ogL|Y3uOGAbd1}*`D zs7ok80pVLTWN2XkjYj=4|Ho`N2;1-50TY0rI0yv@z(GhLI0zV2Cz7s2SyY6fwLaSz zW?sn{eNTy2i}e*X1j#DZYSbFy zy+60b&c(RZdeyj^iVAZ($}t_)POo#fraT0>n44vr;kXp1mZ^g|9>!8$81bo4NW-1p zyQZ?YxjV|Ds{NW4u_2S^Wn-}s7xj9A(nK$>dCH#&?XE zLd@LXDcNW*d^rU6){G@+BqbvDp`hHI^_F&0#w_mJHTB4r+G~N&+>dm)$7e!qHp&a- zz1977GOA15g8b^kjwrAtQ^T4A1y5Nr8l~TMDDQDRvR%W4KagR^Jd=oQIGv@TeVKt* zb+4eK?ghuX?2}DWU%h(YvIoplMx}zDKawf0b;-XLvMd_O7|@;7fZkQ@6BJ&o*_d5V z$GzO9*KDwa_l!fLr~}8gdf)fHj}k0!pQ6&;CXekwXS*X}$aT+Q$lhh2&&szME>`Xo zHh@(l+k&K=kQmY|GRJ}lX<7>piIFu5wOaKhPgfBrRau^au zt)-3LP+94@R#5Nys-7G5aBca^Re<@}%?_glke+`Ipg0bo0)vlW1OOC&1IUjjD2^v! zc!2o+UWRy7;L8vUl45Q(f8&~d{+-V4-*A2WMT@dag%cmb%ySjJC$y&u?ZC<@96{~66-6ybN|Lx7Y zq%ZApDh+p|w(@}IFCTQA5f;;DI`FW%Sn!%J(u89fh8(sab4;SyZ zhR|jY<^;yMlr)}o3*gjNep6AcqS#@>3jW$!s?ZljKIszhU9gfKR;-$u;CGMU{G*3r zodS=z4F@R5zm0#N@;o!=!+UE2Mo{2ljghR=3Vkl(8(Et}k$(Qr)5Awbhx5YMjvc4x zIn>HG5vkHTp4~2$#9_V2>q&7d>f<1$+@y79 zqq0R>a~xyufT-?ToV4A`?>F3grtJ$e)C|t`1h7@T+M$SP$(bH!j9d{Q3N4nkymF{1 zRsO0L$@8 zA#Ux%pamn1lP|us65JP{**nfQlMJWiFBHp5C?h@2%m!7mIxIb?S~I;$-C7!aqoalV$ulmv?~Evw zQqiTW3z9j2J$=S1-|GrRjv>j7`J3`36PY$}L`g`-wz=u1cxq|dQ)2R2Y-m|uaKE72 zizt-AWZ>Nn^^d#VI=lXSTt01n%;l@dcWvw~bcfubx00yGS&38%3|$qd~up4$M@V_zwoXY$w-OB&7nh>Okrf(xlyc0eQ zHnp93N=#92vGH+|?jE^V{y2YMSQ2w%Vdxjf$I{<7&_^5LbGH)3n0{=<6@9r-?9d!JQWfplD&z;Ka`>x zaA{9)l4#xR;KgnpI^cV@`TRh)UhV!~Mdsi|0_mi~zO#-viP@|ikef@~gik^r>{@d@ z84=nI?5w>+5%$WFVe;s6#tyCZ^V=S1vE)0J0(VC~2_yCxI9sBsmv71&?YF$RCWYA@ zJWx|$Yd&ilOCds^lvZ5ZuRWbOQ*LhVOg_fdK^3IiT*01)_~yuFHLgab&1WTBpG+Oa zSC1J@EAp?gKqbkBNe1i(IcPP?7n&J=N4bmj88GG~kJ*w?Ufd z^)OYj;M_rJn*C_5f$T9}{~aZaxtv6$pJ*YUYJ#b0SJ%E9izL&P4P~A~Bro~P0n}@h zG&8?itpzbS*_)u={Pej+tk}BsM?i(V zwbK#W_@FCGrN}AIQtTZ`mqfmev;vDEr;s_>xPCz9()^VsfjA?lq`WNh`029?0YYvd zz1Y=?u!E)9__tdnHM4!EEJb1s#I|40((&^7*peFLr4c>0@w<9I`XXz+e1Nh^TezL? z`2FEg(!;eGqErSwD)CnvX}kPgN0<8#;tzjB-YQlu3*xJ~UFh;w7;*c^j_)E}_zi8E zuDO@9A*i$5!4P9uo^gDfz}jZ3%t>ebC)I=+;%VkhJZF>nNi|{em@)RheNO?y-)N+q z4C>U$_ZLP)MW|uzh_Sb@K~dnJz_Uz3D!7KDBgO^u7Yn8O$wGgTQpCTT(4XcBEfoST z2?z-QfFN4vn3f6wD3ri2^Z&g(4*Z`y7JSTO!FV1E27_Wwr2`MN6bnq90(B+|C`7#A zr$0eP_ho9)1^JAu;a|(M*<3%_hZ;3l9QkKdp53h#jXOj{XLZKlg7VR35$g3%YRedP zs$y1ddTk&?7``)ZQr%iKaPr(oh-oI51^!V%y=8aVz%u#p5lU80fNs#_9R<)*TuSFG4aoo!J9c)y z$GV#-{*fz)6z7jy@wt0LET4&c2>dPyjX+S9wE)QHMRA-Pyz&NB@$2NWAPj zjmP8OPb`Are>+k@@i!o9YyE|?Us~_)QjiXyIYuRv^wjTb%gNk9{ZfLL@k&qtB_b$- zha5@-k3Br-PE0`izb^DEF@p3I{>`NE7oUwa#+J{<-t0f*C@Dbla}Q8_7#>pp9cpb6 z;M!fQw$k?YRLE;__=lgA*b74;&VD?m%xRaSlYbsX^&-D zY>tV|^u8xjm$6;Wf5t`Y>cy@%n}q$-v+E-%6+325@XG~*&H_rwl<`^#9_OBw#QlUC z4!ny$sjU;`&O`-+03d)8PHg0>1oqvL1%r<@54;XQ|7(g2#)&+qVT-la(o$tn#9CwR z@ik`3qJ_10#@e&UVeK6)?pok^F!nbD*M=#Tk2v^{DQ1;uUrpH)q7*C(0B#)XDt4F} zpyEkQ|54Z8R=LkCb7gwW7**)kbGVk31f=r)Z+{7JV939#HG-+1o8W*U0ctoAo`w?; z5JJI!jUa&6{_!p-VP2bn*E){qpXG(4IUYG!SlL=)O|e!sf7Kk0;n;z({j-z)*y;3V zAIC{XEXLl%+yQ@97ADv~=4Uz%GdIRK{Mmhy#mpXSWoco3oCa(E$1EpdSWAq9qlJmX z$(nx(`y1jBrYEg1M|hDkl1A31*xH3D!@`9|h3(u_ThxI^>x&u)I)j zd`C^`E3r1(E9wkmU$nSpj`pu9lF(oN7(o7&Vd(5ve!G;{rUvcnYzwhTSJN2JN^uzW zt1Yus(dqdRZh9=JTxt=IZU~mQ&=aYl8sW=NMt5NtHH50de{=8J-lYW iMzoYnACTHp8sjdLHg{xN{XRUB%h~qD8>*_&t$zUUC>5vx literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..e23c03d833 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,99 @@ +[ + { + "uri": "\/not\/allowed\/at\/all$", + "permissions": [ + "test.auth.access.ifYouLikedItYouShouldHavePutAPermissionOnIt" + ] + }, + { + "uri": "\/one\/auth\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/multi\/auth\/required$", + "permissions": [ + "test.auth.access.aMultipleAuth1", + "test.auth.access.aMultipleAuth2", + "test.auth.access.aMultipleAuth3" + ] + }, + { + "uri": "\/one\/[^\/]+\/required$", + "permissions": [ + "test.auth.access.aSimpleSingleAuth" + ] + }, + { + "uri": "\/services\/getAAFRequest$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/admin\/getAAFRequest$", + "permissions": [ + "test.auth.access|admin|GET,PUT,POST" + ] + }, + { + "uri": "\/service\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/services\/aai\/webapp\/index.html$", + "permissions": [ + "test.auth.access|services|GET,PUT" + ] + }, + { + "uri": "\/$", + "permissions": [ + "\\|services\\|GET", + "test\\.auth\\.access\\|services\\|GET,PUT" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions$", + "permissions": [ + "test\\.auth\\.access\\|rest\\|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+$*", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read" + ] + }, + { + "uri": "\/aai\/v10\/cloud-infrastructure\/cloud-regions\/cloud-region\/[^\/]+[\/][^\/]+\/tenants/tenant/[^\/]+/vservers/vserver/[^\/]+$", + "permissions": [ + "test.auth.access|clouds|read", + "test.auth.access|tenants|read", + "test.auth.access|vservers|read" + ] + }, + { + "uri": "\/backend$", + "permissions": [ + "test\\.auth\\.access\\|services\\|GET,PUT", + "\\|services\\|GET" + ] + }, + { + "uri": "\/aai\/.*", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + }, + { + "uri": "\/aai\/util\/echo", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } +] diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..4980071db6 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..1b58d4235c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..799fd8689b --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,45 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..2c89d28180 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 8447 diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile new file mode 100644 index 0000000000..3416d4a737 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/resources/rproxy/config/security/keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file diff --git a/kubernetes/aai/components/aai-resources/templates/configmap.yaml b/kubernetes/aai/components/aai-resources/templates/configmap.yaml new file mode 100644 index 0000000000..1a1192abfc --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/configmap.yaml @@ -0,0 +1,159 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-keycloak.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aai-policy-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/auth/aai_policy.json").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-fproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/fproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/security/*").AsSecrets . | indent 2 }} +{{ end }} diff --git a/kubernetes/aai/components/aai-resources/templates/deployment.yaml b/kubernetes/aai/components/aai-resources/templates/deployment.yaml new file mode 100644 index 0000000000..ae328f5911 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/deployment.yaml @@ -0,0 +1,1484 @@ +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + msb.onap.org/service-info: '[ + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v11", + "url": "/aai/v11/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v12", + "url": "/aai/v12/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v13", + "url": "/aai/v13/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v15", + "url": "/aai/v15/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v16", + "url": "/aai/v16/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v17", + "url": "/aai/v17/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v18", + "url": "/aai/v18/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/cloud-infrastructure" + }, + { + "serviceName": "_aai-cloudInfrastructure", + "version": "v19", + "url": "/aai/v19/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/cloud-infrastructure" + }, + { + "serviceName": "_aai-business", + "version": "v11", + "url": "/aai/v11/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/business" + }, + { + "serviceName": "_aai-business", + "version": "v12", + "url": "/aai/v12/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/business" + }, + { + "serviceName": "_aai-business", + "version": "v13", + "url": "/aai/v13/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/business" + }, + { + "serviceName": "_aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/business" + }, + { + "serviceName": "_aai-business", + "version": "v15", + "url": "/aai/v15/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/business" + }, + { + "serviceName": "_aai-business", + "version": "v16", + "url": "/aai/v16/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/business" + }, + { + "serviceName": "_aai-business", + "version": "v17", + "url": "/aai/v17/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/business" + }, + { + "serviceName": "_aai-business", + "version": "v18", + "url": "/aai/v18/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/business" + }, + { + "serviceName": "_aai-business", + "version": "v19", + "url": "/aai/v19/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/business" + }, + { + "serviceName": "_aai-actions", + "version": "v11", + "url": "/aai/v11/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v12", + "url": "/aai/v12/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v13", + "url": "/aai/v13/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v15", + "url": "/aai/v15/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v16", + "url": "/aai/v16/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v17", + "url": "/aai/v17/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v18", + "url": "/aai/v18/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/actions" + }, + { + "serviceName": "_aai-actions", + "version": "v19", + "url": "/aai/v19/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/actions" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v11", + "url": "/aai/v11/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v12", + "url": "/aai/v12/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v13", + "url": "/aai/v13/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v15", + "url": "/aai/v15/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v16", + "url": "/aai/v16/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v17", + "url": "/aai/v17/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v18", + "url": "/aai/v18/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/service-design-and-creation" + }, + { + "serviceName": "_aai-service-design-and-creation", + "version": "v19", + "url": "/aai/v19/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/service-design-and-creation" + }, + { + "serviceName": "_aai-network", + "version": "v11", + "url": "/aai/v11/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/network" + }, + { + "serviceName": "_aai-network", + "version": "v12", + "url": "/aai/v12/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/network" + }, + { + "serviceName": "_aai-network", + "version": "v13", + "url": "/aai/v13/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/network" + }, + { + "serviceName": "_aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/network" + }, + { + "serviceName": "_aai-network", + "version": "v15", + "url": "/aai/v15/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/network" + }, + { + "serviceName": "_aai-network", + "version": "v16", + "url": "/aai/v16/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/network" + }, + { + "serviceName": "_aai-network", + "version": "v17", + "url": "/aai/v17/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/network" + }, + { + "serviceName": "_aai-network", + "version": "v18", + "url": "/aai/v18/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/network" + }, + { + "serviceName": "_aai-network", + "version": "v19", + "url": "/aai/v19/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/network" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v11", + "url": "/aai/v11/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v12", + "url": "/aai/v12/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v13", + "url": "/aai/v13/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v15", + "url": "/aai/v15/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v16", + "url": "/aai/v16/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v17", + "url": "/aai/v17/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v18", + "url": "/aai/v18/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/external-system" + }, + { + "serviceName": "_aai-externalSystem", + "version": "v19", + "url": "/aai/v19/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/external-system" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v11", + "url": "/aai/v11/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v12", + "url": "/aai/v12/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v13", + "url": "/aai/v13/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v14", + "url": "/aai/v14/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v15", + "url": "/aai/v15/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v16", + "url": "/aai/v16/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v17", + "url": "/aai/v17/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v18", + "url": "/aai/v18/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-cloudInfrastructure", + "version": "v19", + "url": "/aai/v19/cloud-infrastructure", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v11", + "url": "/aai/v11/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v12", + "url": "/aai/v12/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v13", + "url": "/aai/v13/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v14", + "url": "/aai/v14/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v15", + "url": "/aai/v15/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v16", + "url": "/aai/v16/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v17", + "url": "/aai/v17/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v18", + "url": "/aai/v18/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-business", + "version": "v19", + "url": "/aai/v19/business", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v11", + "url": "/aai/v11/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v12", + "url": "/aai/v12/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v13", + "url": "/aai/v13/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v14", + "url": "/aai/v14/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v15", + "url": "/aai/v15/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v16", + "url": "/aai/v16/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v17", + "url": "/aai/v17/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v18", + "url": "/aai/v18/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-actions", + "version": "v19", + "url": "/aai/v19/actions", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v11", + "url": "/aai/v11/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v12", + "url": "/aai/v12/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v13", + "url": "/aai/v13/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v14", + "url": "/aai/v14/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v15", + "url": "/aai/v15/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v16", + "url": "/aai/v16/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v17", + "url": "/aai/v17/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v18", + "url": "/aai/v18/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-service-design-and-creation", + "version": "v19", + "url": "/aai/v19/service-design-and-creation", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v11", + "url": "/aai/v11/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v12", + "url": "/aai/v12/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v13", + "url": "/aai/v13/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v14", + "url": "/aai/v14/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v15", + "url": "/aai/v15/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v16", + "url": "/aai/v16/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v17", + "url": "/aai/v17/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v18", + "url": "/aai/v18/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-network", + "version": "v19", + "url": "/aai/v19/network", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v11", + "url": "/aai/v11/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v12", + "url": "/aai/v12/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v13", + "url": "/aai/v13/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v14", + "url": "/aai/v14/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v15", + "url": "/aai/v15/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v16", + "url": "/aai/v16/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v17", + "url": "/aai/v17/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v18", + "url": "/aai/v18/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-externalSystem", + "version": "v19", + "url": "/aai/v19/external-system", + "protocol": "REST", + "port": "8447", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + } + ]' + spec: + hostname: aai-resources + {{ if .Values.global.initContainers.enabled }} + {{ if .Values.global.installSidecarSecurity }} + hostAliases: + - ip: {{ .Values.global.aaf.serverIp }} + hostnames: + - {{ .Values.global.aaf.serverHostname }} + {{ end }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-create-db-schema + {{ else }} + - /app/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-resources/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-resources/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-RES + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-resources/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-resources/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-resources/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + {{ if .Values.global.installSidecarSecurity }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/aai_policy.json + name: {{ include "common.fullname" . }}-aai-policy + subPath: aai_policy.json + {{ end }} + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-resources/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.onap.aai.props + - mountPath: /opt/app/aai-resources/resources/aaf/org.osaaf.location.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.osaaf.location.props + - mountPath: /opt/app/aai-resources/resources/aaf/permissions.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: permissions.properties + - mountPath: /opt/app/aai-resources/resources/cadi.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: cadi.properties + - mountPath: /opt/app/aai-resources/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-resources/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/aai-resources/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + - mountPath: /opt/app/aai-resources/resources/application-keycloak.properties + name: {{ include "common.fullname" . }}-config + subPath: application-keycloak.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-resources/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/aaf_truststore.jks + subPath: aaf_truststore.jks + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + - name: {{ include "common.fullname" . }}-rproxy-auth-config + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.sidecar.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.sidecar.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-config + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-aaf-properties + configMap: + name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-aai-policy + configMap: + name: {{ include "common.fullname" . }}-aai-policy-configmap + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-fproxy-auth-config + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-resources/templates/service.yaml b/kubernetes/aai/components/aai-resources/templates/service.yaml new file mode 100644 index 0000000000..68d767b380 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-resources/values.yaml b/kubernetes/aai/components/aai-resources/values.yaml new file mode 100644 index 0000000000..4b77e31084 --- /dev/null +++ b/kubernetes/aai/components/aai-resources/values.yaml @@ -0,0 +1,123 @@ +# Copyright (c) 2018 Amdocs, Bell Canada, AT&T +# Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-resources:1.7.2 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# default number of instances +replicaCount: 1 + +# Configuration for the resources deployment +config: + keycloak: + host: localhost + port: 8180 + + # Specifies crud related operation timeouts and overrides + crud: + timeout: + # Specifies if the timeout for REST GET calls should be enabled + enabled: true + # Specifies the timeout values for application specific + # Its a pipe seperated list where each element before comma represents + # the X-FromAppId and the comma after specifies the timeout limit in ms + # If the timeout limit is -1 then it means for these apps no timeout + appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAIRctFeed,-1|NewvceCreator,-1|IANewvceCreator,-1|AAI-CSIOVALS,-1 + # Specifies what is the maximum timeout limit in milliseconds + limit: 100000 + + # Specifies configuration for bulk apis + bulk: + # Specifies for a bulk payload how many transactions in total allowed + limit: 30 + # Specifies if the bulk can be override and if it can the value + override: false + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +# application configuration +sidecar: + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +service: + type: ClusterIP + portName: aai-resources-8447 + internalPort: 8447 + portName2: aai-resources-5005 + internalPort2: 5005 + +ingress: + enabled: false + + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-schema-service/.helmignore b/kubernetes/aai/components/aai-schema-service/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-schema-service/Chart.yaml b/kubernetes/aai/components/aai-schema-service/Chart.yaml new file mode 100644 index 0000000000..8894701465 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/Chart.yaml @@ -0,0 +1,19 @@ +# Copyright © 2019 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: v1 +description: ONAP AAI Schema Service +name: aai-schema-service +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties new file mode 100644 index 0000000000..2172d715de --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/config/aaiconfig.properties @@ -0,0 +1,43 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2019 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=false diff --git a/kubernetes/aai/components/aai-schema-service/config/application.properties b/kubernetes/aai/components/aai-schema-service/config/application.properties new file mode 100644 index 0000000000..a639c41343 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/config/application.properties @@ -0,0 +1,71 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-schema-service +info.build.name=schema-service +info.build.description=Schema Service Microservice +info.build.version=1.1.0 + +spring.application.name=aai-schema-service +spring.jersey.type=filter + +spring.main.allow-bean-definition-overriding=true +server.servlet.context-path=/ + +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.jersey.application-path=${schema.uri.base.path} +server.tomcat.max-threads=200 +server.tomcat.min-Spare-Threads=25 +server.tomcat.max-idle-time=60000 + +server.local.startpath=aai-schema-service/src/main/resources/ +server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties + +server.port=8452 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +schema.query.location=${server.local.startpath}/schema/${schema.source.name}/query/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }}/schema-service +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} diff --git a/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml new file mode 100644 index 0000000000..447f2390b1 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/config/localhost-access-logback.xml @@ -0,0 +1,58 @@ + + + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + + + + diff --git a/kubernetes/aai/components/aai-schema-service/config/logback.xml b/kubernetes/aai/components/aai-schema-service/config/logback.xml new file mode 100644 index 0000000000..9cfffe9c37 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/config/logback.xml @@ -0,0 +1,295 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + 1000 + true + + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + 1000 + + true + + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + + WARN + + + ${errorPattern} + + + + + 1000 + + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-schema-service/config/realm.properties b/kubernetes/aai/components/aai-schema-service/config/realm.properties new file mode 100644 index 0000000000..988bb2411b --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/config/realm.properties @@ -0,0 +1,22 @@ +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml new file mode 100644 index 0000000000..9b7ea73181 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/templates/configmap.yaml @@ -0,0 +1,78 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-localhost-access-log-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/localhost-access-logback.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaiconfig-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/aaiconfig.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-springapp-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/application.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-realm-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "config/realm.properties").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml new file mode 100644 index 0000000000..c6e8e1bf76 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/templates/deployment.yaml @@ -0,0 +1,155 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-schema-service/resources/etc/appprops/aaiconfig.properties + name: aaiconfig-conf + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-SS + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/app/aai-schema-service/resources/logback.xml + name: {{ include "common.fullname" . }}-log-conf + subPath: logback.xml + - mountPath: /opt/app/aai-schema-service/resources/localhost-access-logback.xml + name: localhost-access-log-conf + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-schema-service/resources/etc/auth/realm.properties + name: realm-conf + subPath: realm.properties + - mountPath: /opt/app/aai-schema-service/resources/application.properties + name: springapp-conf + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-schema-service/resources/etc/auth/{{ . }} + name: auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . | indent 12 }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + volumes: + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-log-conf + configMap: + name: {{ include "common.fullname" . }}-log + - name: localhost-access-log-conf + configMap: + name: {{ include "common.fullname" . }}-localhost-access-log-configmap + - name: springapp-conf + configMap: + name: {{ include "common.fullname" . }}-springapp-configmap + - name: aaiconfig-conf + configMap: + name: {{ include "common.fullname" . }}-aaiconfig-configmap + - name: realm-conf + configMap: + name: {{ include "common.fullname" . }}-realm-configmap + - name: auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-schema-service/templates/service.yaml b/kubernetes/aai/components/aai-schema-service/templates/service.yaml new file mode 100644 index 0000000000..68d767b380 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-schema-service/values.yaml b/kubernetes/aai/components/aai-schema-service/values.yaml new file mode 100644 index 0000000000..7c29fd46f4 --- /dev/null +++ b/kubernetes/aai/components/aai-schema-service/values.yaml @@ -0,0 +1,88 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for resources. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-schema-service:1.7.13 +pullPolicy: Always +restartPolicy: Always +flavorOverride: small +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 60 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-schema-service-8452 + internalPort: 8452 + portName2: aai-schema-service-5005 + internalPort2: 5005 + +ingress: + enabled: false + + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # + # Example: + # Configure resource requests and limits + # ref: http://kubernetes.io/docs/user-guide/compute-resources/ + # Minimum memory for development is 2 CPU cores and 4GB memory + # Minimum memory for production is 4 CPU cores and 8GB memory +#resources: +# limits: +# cpu: 2 +# memory: 4Gi +# requests: +# cpu: 2 +# memory: 4Gi +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-search-data/.helmignore b/kubernetes/aai/components/aai-search-data/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-search-data/Chart.yaml b/kubernetes/aai/components/aai-search-data/Chart.yaml new file mode 100644 index 0000000000..b05b354512 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI search-data +name: aai-search-data +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json new file mode 100644 index 0000000000..5fc135df5a --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/analysis-config.json @@ -0,0 +1,32 @@ +[ + { + "name": "whitespace_analyzer", + "description": "A standard whitespace analyzer.", + "behaviours": [ + "Tokenize the text using white space characters as delimeters.", + "Convert all characters to lower case.", + "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents." + ], + "tokenizer": "whitespace", + "filters": [ + "lowercase", + "asciifolding" + ] + }, + { + "name": "ngram_analyzer", + "description": "An analyzer which performs ngram filtering on the data stream.", + "behaviours": [ + "Tokenize the text using white space characters as delimeters.", + "Convert all characters to lower case.", + "Convert all alphanumeric and symbolic Unicode characters above the first 127 ASCII characters into their ASCII equivalents.", + "Apply ngram filtering using the following values for minimum and maximum size in codepoints of a single n-gram: minimum = 1, maximum = 2." + ], + "tokenizer": "whitespace", + "filters": [ + "lowercase", + "asciifolding", + "ngram_filter" + ] + } +] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json new file mode 100644 index 0000000000..bbbe52f5b5 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/config/auth/search_policy.json @@ -0,0 +1,18 @@ +{ + "roles": [ + { + "name": "admin", + "functions": [ + { + "name": "search", "methods": [ { "name": "GET" },{ "name": "DELETE" }, { "name": "PUT" }, { "name": "POST" } ] + } + ], + + "users": [ + { + "username": "CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA" + } + ] + } + ] +} diff --git a/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore b/kubernetes/aai/components/aai-search-data/resources/config/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..e280b3181a46af7781291e28416b1d85d90956b9 GIT binary patch literal 3844 zcmb`JcTiK?_Q#Wu&>=v8P^2n~lyE{X3IveekzOP~Kstmd2IUHYM^n7g5v3zVu^^W& z0wP6_CS5>4X#znh3Q}L9^LyjFKi~Z3&HVn@bI$jywbxo__S&Dl56OpQ5C{aJ4DgS^ zhQ)eoQU)q802_n~#CuT;!Q3J7Xb=bn0!Yw(fR&a}k`@dFOF-DcU>FEWf-dn4M-SbV z_>0_M)7cy$7i%jU9elk_T@_wVgnwQ&>HzY_8b6X^bZIv|3KaId0D(-U?Hbi`;lP1+ zJcIf;p>FHHMjVgvE^mb<8RumRn|@gs8?A=0@|Ety+b4xsRhT|#a8t1-dKeYJITZ@YUOs z701x#$Ub^(E}v`EL1z%(pKui_aZ$~m=G5# zLH+W8cZaulvI5=aiFp)As`e;}wPfib(wfVX+7yli!Q+II(Uv&;3F zh*UJUV;ZzP#K+YM@xEo#V%u5FJNVGHq%o87_5CIxy5W1S+1?+(vm?86u!3QEr>J}b zb%$#@6Efn}@C3&DoCE_0?zhXJ!iPJcgCNP9nXTJ{X)7BA`~#ZSU?Ua=m=hz46WAFAoek%R!4pp)?x!Oy;01OW5{(Abf2(rXH>V@aeFa- z>;M#VC#{ZWd1G_pTKwLVd;N|;#5UPr&X7gsa)Osulqy#w|3T#`!6@Gt`9IdP=PeNu zp+Sm&-EIxmuNv;TjLo!)loapSuo$ikzy48_B-s+Wk7qt9t*XGI5RGZ5*aFsF_l8b6 z+@D{P4m=NimiZLvSVh=3tn6;*?Hti3rwJQhx2?$U+?Bh@slBPX5dl$Q8c5!7U`j!Z ztFE4q z_z{7z`qr0eqY!dCFF-SN5J$G@Jobm-XU^@O8U*br1<~lE6q%?*HSxMKtr-DBo#wFk z_cd(E722C#ExGYw+eN$UNOA3L)=$ zsH^Inv-w|{|5n(qMFS+T=&!#;;XVxs45u6jU`7ZD3+QEGkDn`;F*b6brizWr%;6`z*pElm+#EeWgp7N; zB4~mT^J^C;)@F7hDs$uGeyH|nT=`FS*V)dy+Y z)B_;h=;vr0~QH3aq4&J_p|<}6-2wX^l&;cX}&5zXc3e%5||DUphjhdazi(bu^(mutP~;9g5J56!OR7eNi4Le{2BO3y0SX!UYET;ZT7gSga??JV)5w%||s{`mOEP%|c-SWwU@mHsWygc7aXFV~+Exy&2Q6UdyFUMHbKz=`{H5 z?Da!SiTuYt#)%tr#_)WO;`WSaPfBnbN$Rr*b#f zPRh52*6vr$U667fH2Zi-9Q}c*#HxtYjZzL|p2wcUNCvdp;ZdBy%;8|M9o}J8u)?LV zUDrs2 zV<+lxezIb_@d7^l(?=_(OFX)VI?)f;>v%1AjLTL)VQ1j81r?==u5?Cei4V+;lXlpp znfKh6+{fS>ON2{3gY~WD!?X->p#LE!lt`iGCCW~5{z*qDI*txr?tXm*h6@ z1SND%K)uyvM_4hB2PL7}L@a-ly^hjC}d&dUolNTTpn90*3(it6X60enV%CPP$y5S@z0$8o@KF z%)RDK?-q|UeDhq_!27*}-NOO*D{5u>@3hNVNAIzM4cTFVVZ;UdKuOo!*RuZ2_`P|- zk7Mv^hAQAfS1Qx#{^svLDHs_8L`MAroZmqV5c)|u9)LT7)5=gQ#$0l-0ZKu|$R571H`5HR@PVG54zHMKl=Q{VW-b*Hw5*uU01k@)WV(JyKLV zAtOX;M$AHo%jwy%aoFk&_1(<&tsZO(xHn(rRh@~#QOclI){v87Ii_r~qO$h}RwuleyWF3sm1-H#;fj zq4}J}Z*17SdV9WFDMKdK#AVE+Kf{cBRCagj-NVQM-YM(C-UOZ-v1PRGNYh=E<1DUg z8#ppV1aA@ogga{tNJ%+b7`thnCT-&dX`&#u^-~w#JZXba@yrU8m)ta3PzB> + + + + + + + + + + + + + + + + + + + + + + + + + + ${errorLogPattern} + + + + + + + + + + + ${logDirectory}/${generalLogName}.log + + ${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + + INFO + + 256 + + + + + + + + ${logDirectory}/${auditLogName}.log + + ${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${auditMetricPattern} + + + + 256 + + + + + ${logDirectory}/${metricsLogName}.log + + ${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + + ${auditMetricPattern} + + + + + + 256 + + + + + ${logDirectory}/${debugLogName}.log + + ${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.log.zip + + 60 + + + ${errorLogPattern} + + + + + 256 + + false + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties new file mode 100644 index 0000000000..f512fb71a6 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/fproxy.properties @@ -0,0 +1,2 @@ +credential.cache.timeout.ms=180000 +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml new file mode 100644 index 0000000000..edac199968 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/fproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json new file mode 100644 index 0000000000..595d484c37 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/auth/uri-authorization.json @@ -0,0 +1,11 @@ +[ + { + "uri": "\/services\/search-data-service\/.*", + "method": "GET|PUT|POST|DELETE", + "permissions": [ + "org\\.onap\\.aai\\.resources\\|\\*\\|.*" + ] + } + + +] diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties new file mode 100644 index 0000000000..4980071db6 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/cadi.properties @@ -0,0 +1,39 @@ +# This is a normal Java Properties File +# Comments are with Pound Signs at beginning of lines, +# and multi-line expression of properties can be obtained by backslash at end of line + +#hostname is used for local testing where you may have to set your hostname to **.att.com or **.sbc.com. The example given below +#will allow for an ATT cross domain cookie to be used for GLO. If you are running on Windows corp machine, your machine name +#may be used automatically by cadi. However, if it is not, you will need to use hostname=mywebserver.att.com and add mywebserver.att.com +#to your hosts file on your machine. +#hostname=test.aic.cip.att.com + +cadi_loglevel=DEBUG + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 + +cadi_keyfile=/opt/app/rproxy/config/security/keyfile +cadi_keystore=/opt/app/rproxy/config/auth/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/rproxy/config/auth/tomcat_keystore +cadi_truststore_password=OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +aaf_env=DEV + +aaf_id=demo@people.osaaf.org +aaf_password=enc:92w4px0y_rrm265LXLpw58QnNPgDXykyA1YTrflbAKz + +# This is a colon separated list of client cert issuers +cadi_x509_issuers=CN=ONAP, OU=ONAP, O=ONAP, L=Ottawa, ST=Ontario, C=CA diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties new file mode 100644 index 0000000000..55a9b4816f --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/forward-proxy.properties @@ -0,0 +1,4 @@ +forward-proxy.protocol = https +forward-proxy.host = localhost +forward-proxy.port = 10680 +forward-proxy.cacheurl = /credential-cache diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml new file mode 100644 index 0000000000..289fe7512c --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/logback-spring.xml @@ -0,0 +1,48 @@ + + + + + + + + + + %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable + + + + + + ${LOGS}/${FILEPREFIX}.log + + %d %p %C{1.} [%t] %m%n + + + + + ${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log + + + 10MB + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties new file mode 100644 index 0000000000..5fddcb240a --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/primary-service.properties @@ -0,0 +1,3 @@ +primary-service.protocol = https +primary-service.host = localhost +primary-service.port = 9509 diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt new file mode 100644 index 0000000000..79cf29e73c --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/readme.txt @@ -0,0 +1 @@ +Relevant configuration files need to be copied here to successfully run this service locally. \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties new file mode 100644 index 0000000000..8d46e1f429 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/resources/rproxy/config/reverse-proxy.properties @@ -0,0 +1 @@ +transactionid.header.name=X-TransactionId \ No newline at end of file diff --git a/kubernetes/aai/components/aai-search-data/templates/configmap.yaml b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml new file mode 100644 index 0000000000..0ef6aa9b10 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/configmap.yaml @@ -0,0 +1,83 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-service-log + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/logback.xml").AsConfig . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-fproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/fproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-log-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/logback-spring.xml").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + namespace: {{ include "common.namespace" . }} +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/uri-authorization.json").AsConfig . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/components/aai-search-data/templates/deployment.yaml b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml new file mode 100644 index 0000000000..83e8f1fd15 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/deployment.yaml @@ -0,0 +1,259 @@ +# Copyright © 2017 Amdocs, Bell Canada +# Modifications Copyright © 2018 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + {{ if .Values.global.installSidecarSecurity }} + initContainers: + - name: {{ .Values.global.tproxyConfig.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.tproxyConfig.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + securityContext: + privileged: true + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: /opt/app/search-data-service/config/ + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: KEY_MANAGER_PASSWORD + value: {{ .Values.config.keyManagerPassword }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/search-data-service/config/filter-config.json + subPath: filter-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/elastic-search.properties + subPath: elastic-search.properties + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/analysis-config.json + subPath: analysis-config.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/es-payload-translation.json + subPath: es-payload-translation.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/dynamic-custom-template.json + subPath: dynamic-custom-template.json + name: {{ include "common.fullname" . }}-service-config + - mountPath: /opt/app/search-data-service/config/auth/tomcat_keystore + subPath: tomcat_keystore + name: {{ include "common.fullname" . }}-service-auth-config + - mountPath: /opt/app/search-data-service/config/auth/search_policy.json + subPath: search_policy.json + name: {{ include "common.fullname" . }}-search-policy-config + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /opt/app/search-data-service/bundleconfig/etc/logback.xml + name: {{ include "common.fullname" . }}-service-log-conf + subPath: logback.xml + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-service-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-service-filebeat + + {{ if .Values.global.installSidecarSecurity }} + - name: {{ .Values.global.rproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.rproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/rproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.rproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/forward-proxy.properties + subPath: forward-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/primary-service.properties + subPath: primary-service.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/reverse-proxy.properties + subPath: reverse-proxy.properties + - name: {{ include "common.fullname" . }}-rproxy-config + mountPath: /opt/app/rproxy/config/cadi.properties + subPath: cadi.properties + - name: {{ include "common.fullname" . }}-rproxy-log-config + mountPath: /opt/app/rproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + mountPath: /opt/app/rproxy/config/auth/uri-authorization.json + subPath: uri-authorization.json + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + mountPath: /opt/app/rproxy/config/auth/org.onap.aai.p12 + subPath: org.onap.aai.p12 + - name: {{ include "common.fullname" . }}-rproxy-security-config + mountPath: /opt/app/rproxy/config/security/keyfile + subPath: keyfile + + ports: + - containerPort: {{ .Values.global.rproxy.port }} + + - name: {{ .Values.global.fproxy.name }} + image: "{{ include "common.repository" . }}/{{ .Values.global.fproxy.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: CONFIG_HOME + value: "/opt/app/fproxy/config" + - name: KEY_STORE_PASSWORD + value: {{ .Values.config.keyStorePassword }} + - name: TRUST_STORE_PASSWORD + value: {{ .Values.config.trustStorePassword }} + - name: spring_profiles_active + value: {{ .Values.global.fproxy.activeSpringProfiles }} + volumeMounts: + - name: {{ include "common.fullname" . }}-fproxy-config + mountPath: /opt/app/fproxy/config/fproxy.properties + subPath: fproxy.properties + - name: {{ include "common.fullname" . }}-fproxy-log-config + mountPath: /opt/app/fproxy/config/logback-spring.xml + subPath: logback-spring.xml + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/fproxy_truststore + subPath: fproxy_truststore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/tomcat_keystore + subPath: tomcat_keystore + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + mountPath: /opt/app/fproxy/config/auth/client-cert.p12 + subPath: client-cert.p12 + ports: + - containerPort: {{ .Values.global.fproxy.port }} + {{ end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: {{ include "common.fullname" . }}-service-config + configMap: + name: {{ include "common.fullname" . }} + - name: {{ include "common.fullname" . }}-service-auth-config + secret: + secretName: {{ include "common.fullname" . }}-keystone + - name: {{ include "common.fullname" . }}-search-policy-config + secret: + secretName: {{ include "common.fullname" . }}-policy + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-service-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-service-log-conf + configMap: + name: {{ include "common.fullname" . }}-service-log + {{ if .Values.global.installSidecarSecurity }} + - name: {{ include "common.fullname" . }}-rproxy-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-config + - name: {{ include "common.fullname" . }}-rproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-log-config + - name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + configMap: + name: {{ include "common.fullname" . }}-rproxy-uri-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-config + secret: + secretName: {{ include "common.fullname" . }}-rproxy-auth-config + - name: {{ include "common.fullname" . }}-rproxy-auth-certs + secret: + secretName: aai-rproxy-auth-certs + - name: {{ include "common.fullname" . }}-rproxy-security-config + secret: + secretName: aai-rproxy-security-config + - name: {{ include "common.fullname" . }}-fproxy-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-config + - name: {{ include "common.fullname" . }}-fproxy-log-config + configMap: + name: {{ include "common.fullname" . }}-fproxy-log-config + - name: {{ include "common.fullname" . }}-fproxy-auth-certs + secret: + secretName: aai-fproxy-auth-certs + {{ end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-search-data/templates/secret.yaml b/kubernetes/aai/components/aai-search-data/templates/secret.yaml new file mode 100644 index 0000000000..1ae4f4d61d --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/secret.yaml @@ -0,0 +1,53 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-keystone + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/tomcat_keystore").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-policy + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/auth/search_policy.json").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-rproxy-auth-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/rproxy/config/auth/*").AsSecrets . | indent 2 }} +{{ end }} + diff --git a/kubernetes/aai/components/aai-search-data/templates/service.yaml b/kubernetes/aai/components/aai-search-data/templates/service.yaml new file mode 100644 index 0000000000..889807930a --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/templates/service.yaml @@ -0,0 +1,53 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{ if .Values.global.installSidecarSecurity }} + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.global.rproxy.port }} + name: {{ .Values.service.portName }} + {{- end}} + {{ else }} + + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} +{{ end }} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-search-data/values.yaml b/kubernetes/aai/components/aai-search-data/values.yaml new file mode 100644 index 0000000000..a8089d6c16 --- /dev/null +++ b/kubernetes/aai/components/aai-search-data/values.yaml @@ -0,0 +1,78 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for search-data. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/search-data-service:1.6.2 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# application configuration +config: + elasticsearchHttpPort: 9200 + keyStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + keyManagerPassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + trustStorePassword: OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-search-data + internalPort: 9509 + +ingress: + enabled: false + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 750Mi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 1Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-sparky-be/.helmignore b/kubernetes/aai/components/aai-sparky-be/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-sparky-be/Chart.yaml b/kubernetes/aai/components/aai-sparky-be/Chart.yaml new file mode 100644 index 0000000000..a817934444 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI sparky-be +name: aai-sparky-be +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties new file mode 100644 index 0000000000..67a22f71f7 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-default.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.apiVersion=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties new file mode 100644 index 0000000000..5c733e852b --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-override.properties @@ -0,0 +1,16 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.apiVersionOverride=v14 +oxm.apiVersionList=v8,v9,v10,v11,v12,v13,v14 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties new file mode 100644 index 0000000000..c7f6bbc1d3 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-oxm-schema-prod.properties @@ -0,0 +1,28 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +oxm.schemaNodeDir=/opt/app/sparky/onap/oxm +#schemaServiceTranslator is used to define whether to retreive the oxm from schema service microservice or read from the disk, possible values are schema-service/config +oxm.schemaServiceTranslatorList=config +# The end point for onap is https://:/onap/schema-service/v1/ +oxm.schemaServiceBaseUrl=https:///aai/schema-service/v1/ +oxm.schemaServiceKeystore=file:${CONFIG_HOME}/auth/aai-client-cert.p12 +oxm.schemaServiceTruststore=file:${CONFIG_HOME}/auth/tomcat_keystore +oxm.schemaServiceKeystorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o +oxm.schemaServiceTruststorePassword=OBF:1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o + + + +# Schema Service need this variable for the time being +spring.applicationName=sparky diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties new file mode 100644 index 0000000000..cdd3d480b1 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-resources.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +resources.hostname=aai +resources.port=8443 +resources.authType=SSL_BASIC +resources.basicAuthUserName=aai@aai.onap.org +resources.basicAuthPassword=1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek +resources.trust-store=tomcat_keystore diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties new file mode 100644 index 0000000000..50e843249a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-ssl.properties @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +server.port=8000 +server.ssl.key-store=file:${CONFIG_HOME}/auth/org.onap.aai.p12 +server.ssl.key-store-password=OBF:1cqc1l4h1qhu1j751p3j1kmy1ncw1o6g1hf418571g7i1d9r1dan1ga8185f1hfy1o461ncu1kjo1p671j7x1qjg1l8t1cne +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.trust-store=file:${CONFIG_HOME}/auth/truststoreONAPall.jks +server.ssl.trust-store-password=OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties new file mode 100644 index 0000000000..4fb10a21f7 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application-sync.properties @@ -0,0 +1,6 @@ +aggregationSyncEnabled=true +historicalEntitySyncEnabled=true +autoSuggestSyncEnabled=true +vnfAliasSyncEnabled=true +geoSyncEnabled=true +viewInspectSyncEnabled=true \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties new file mode 100644 index 0000000000..108f9ef7b5 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/application.properties @@ -0,0 +1,35 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# +# disable the default thyme leaf icon on web-pages +# +spring.mvc.favicon.enabled=false + +# +# to switch to http, remove ssl and put http +# and in the values.yaml change the internalPort to 9517 +# + +spring.profiles.active=camel,ssl,fe-prod,oxm-schema-prod,oxm-default,resources,sync,portal + +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +portal.cadiFileLocation={{.Values.config.cadiFileLocation}} +searchservice.hostname={{.Values.global.searchData.serviceName}} +searchservice.port=9509 +searchservice.client-cert=client-cert-onap.p12 +searchservice.client-cert-password=1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10 +searchservice.truststore=tomcat_keystore + +schema.ingest.file=${CONFIG_HOME}/schemaIngest.properties diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 b/kubernetes/aai/components/aai-sparky-be/resources/config/auth/client-cert-onap.p12 new file mode 100644 index 0000000000000000000000000000000000000000..aa4ae742721c1f4e88f1cbaec06a8ceee9dabf5d GIT binary patch literal 4117 zcmV+w5bEzRf)Eh`0Ru3C57!0>Duzgg_YDCD0ic2p$OM89#4v&nz%YUecLoV6hDe6@ z4FLxRpn?i$FoFtX0s#Opf(l&*2`Yw2hW8Bt2LUh~1_~;MNQUE$RiNx{Y1&xtJVXu5s;?ZJ#`5#nR@KV;5YSmCM>{4i0C2DwnV6Eh2Cn8oC z>aB+2u_`r>u&>Xu>kO+q3s-7=tj1K#EUSU{%X;oT4BF;O9_9xyn1B9kd9@EFTKpV* zp_J@*Z_Wn6AsRN{zoPam^qIr{*Bjc|epOz=UU~z%YJIGH zILGy4X#u}BXVW4Lq+2zw8oUs4MEj+1Uy*C)Ilh_7^12_%)~F(Cd@n7_?+L}8GBmx^ z_oDYI@Nanb!jLi&L8od4xe{9LR71+mI|TW+5-WsX(|rYtT%x)#Z!)cs5eNLc81 zVVMIz8#JL{6}_r%4e@17Hc%$-Sy}k()7{K$e#tDZlW{7y`iQ16xq`i5wGjUD|I}_8 ze%2S5WexRy;{cz^Q+Zp!@xlN22lD&K_j6oA&eOD-Qf z7rEOWjDk(>s3QK4xjY@NS=%~vH%qKRaG&rz5O|8zkiYUbO+TsQ-*<q;mdL+w`6As4!*~RM_rbr(nrp4G7L9@kgS>1 z{#z9^0RJT}z!(j*#A%kHN(lMwE|ZG_Fg9=~ik_I0_HW9Fs#?$tS2r828IP=>SfnBZ z>?wo6*+nq%ft($wuOgHZl`tY?HOvkPE5fl_2~Wvs92fKkIXJNf=r3qD+QuiB+k~lm zYp8$QPU(G((fouA4pe2^4?&;tDuX3zp0dgc4-klt1CIu<8yd%o5El%9J+*%#J<3$* zE9$riE&(#5BQQWvz}gY#)qgeMP0GQ9}vOWb|d=X`Iabz z-XzpnIK1n*LY~@tZZ=*FxMO2S|>*Y)Ark-*U1^dzf*SFZUVd{WJT3PIp<5u(J;3kyOKA97nCsTZxQkxqZ0~@14pL{rYvj7=p~?c^J@( z7Fc^zb9|xWVKv8K#H(Mu@a9Jk9GcdH9XrC&wn-=NDw>jZ-1bjP_tryR13*yhXl;(D z^Ql-4DdjsZ{r#lu-)S;0)^lbzUW%)U7zZMuD~*z-f2&j3^xqKJfQZg5bdmINHkoB7 zy5XFIDEhQr-JZw+yp;*<^(aQQn0JHZ){pct84^8_f#ADwwi*ok=^nGwz5UDu5V)lC zAdD(%;t~9^(EEC;-7wK=P5v4W(J}=#24CUa+@_7E6x6^Xh?4TsYeBJB!~7LXRy9A} zdzQf^_y(d8&A>~g9Fvg-si{sSmdj%}fFiPf_=*u%ej~{H=}uLH>qop-(+#vZgo!YE<9DxC?x0H(VZn<{R_qD7crd$kMleBw zSn1lpic7s$D3fZp+lO3q$v**yBlvudue35GwA*DZX?h&TNjY9kRP2OrO26priUemc zZl~D~^xa!(zNBU9&+2LJ#wa*j0WVb9Gg1%Cja#DqfnW9)g3jqHx29GF&GvfGD|k!>+Ve6=$JnZ2jr`QD6s$^eJvm!ZD*z>64*x=iI~ZY{%;C7B4I z*ArN9$TZwGrvW4NXj7!OJj)94ddG~(FNwXp89J`ZqTOsJdd~XaU4fl>6YpyP#X`@u zE$c>;*#486d)*d>2(N5%o{{uX|}hOs$}*EevCI1aP-kZWQS82f$)>L)KA$F(Mk zG`!+L2k%AYSz}no1lVEhR_{4Ib=uYI0(g$Q0$P<6T84$**-Yr%f*y>$w3i3BQ#Q%I3j<@-*{n#=93zjlI?^~m`-;GEJ`|Merci_V7#39Q=>VZ4SUkT z;+;NWWd(z7ovYOMS|qiNIDZv)weqTqR^d6k%QktX=fW(RU&>Jxwq_Z#vtEgh+!>c+ zLHrH+mH5#&M{{luUW(0UQe8S2ILPQkJjeCDUfzi^G2okS17+BK!oS&COP55*q#~jR zw7a5>Phd^tBq#+;1oIm-{d!SCJS&LNQUz9WL??@pNa-{7miHr0t0YpiKCQyru($Ls-J@Z5>V%Ai_K zjw@||5T*48w7#PyC0qGQj@9E=BW`9UIOjnKH$0pZd#}`M47-a>Cv51^`bjs}e`YB* zH6=sbuc7RtZSSv8c96hVp#k&S8MHTEGscj|d28ZZIfN{kVn1i?wUyF`~;lQ_3H5_=N#-*w!hNoDKU%hiKu=$WIrQs8^_N>JQvgvSkl^)Jm827^!Xb z+y;SEKpb=9<(#GF0%FpsZ!x}ijI5N>OI{qI^5t<+bo!29ZIxk*pHFGjC+>6VUd2!@YP0F$oi%AV`-C=I2TPa?**^8oO@R8fp6L_Ab1=wF`8G2BHT>$22@c>>GZ z&23{Xn0g8<(pAr%Q)yyRmfV~OWwhInv=~70e%jfi^}*{LeIv|pht^IA7ok0v#tbi} z>X6t|X zM3qSLnM*PYF@{D5BqW}exM&5ja4$b~aKCVJ-!V1DQg62_D4fgpBmwZ&mON?^r+KFG zlr%iS(}z0}b<+Ct16hitKVSZDLN6#`HXL{D?IBEq6c&Ra-+ZK5x%Ig`*VLk7AHZ#2 zK15m;J|MbM{BN>WiLObe-5t%~I@b`{^|vh&Y>+iDbmY64_z5@0X)$C-8YZYv;vBpd z>7$3f-O0?f;lIRbXj-Lgh67pK6WHyh&$RGynKBH2YnvrKcP#VK!(Ff=K2rxjIi$5%)ms(yxX7u%a0n9-gc9%hVLBtqq`QKGmZ? z#SLR4gByaA2i1u@Zydq0-K9y(e^B#MXCTXMw7xp)DGPy4Z6wMa3Kv_VB8g57ll-w2 zus145a>rkMr4E*dp&QpErIT^!*LPo(j3mP!6QmiP;imPo2ZUMBU3y46Zdb2TE1+&|A;2$J*~69Wr^ByGUK=Z;Z}xhBTI#VA3NmSQ7G3;)u&5F{|< z|4BekY$VY2FAe|Ob~uFpb`cR^V3r`U?;uF*YX}z(!T-^JkJDp=MH&apPe9LC&M7)l zR)5i+me`1gU}6FKb+M7y!!+sN%Jw8=6UB4%R|B;)?gwfV+**qLZ#)aAJ}KRaC)sIy z^Ppop-Obpjvy&@UO2C!N6`$E0q>+Iy_81B?EuiM0;D);5}Lgm1l-c+MMH zXlhOyv;=$qX3%(IzOjC0@MvK%@VggFPp5g)QjoyRPM1Si(pd-PmIYWORw1IL$mZMI z{?hN`=Ep;&)orJ^UPW15tYD@w+(;d(wKW@!yeT-zoJ`(7uGJhd z8ZltB`O)BgAnwSak{l5~IQBk9O@2XAhe^y#6NkKQDTM}q%)vZNyP{ZzN|H;bAGngH za!h|zS)fc?{;uXdh&~$v#C3)puuBVxen_+VC@vK=V6pcS7ttDrOCM!nL-cZ-vM1?| zHsa=Fx)OC!kn*tOD@!3QyiZ22uD5-3@-*@*6OvtI6rNT}c)r9_KTAua>R7X<)}IuL z)i<0swj-?bn!iwYR8Gzm#?PFoH(e0267glXb+qWG)kcMlSaj5Lq<>aM)z^MY@J?3W z*hpFu`Wq^HW^S~o7Yl7&u6%CXn2<p z#6~h=*PlF|7tsG%yt0*zA#`M$e9`p%XO|wc<^`VS4g#0igF9PVX|Cx9)6&6CTbwo7 zd|Q^^*C&E`&DUf2y4$xN%kL6%GsmP#47yM#_F?zj>a)-_-%WG*VXoKS)gT-VHyd#UWesOrPl$F=&VQXJf@>O%y(bj;0-~&;EY&-NgWhzat$yJG&^=Dis6^ zKni*bIr7AE=R*5KMkm{&VZ6+Pv*SM7_VxE4pi#)Vm(V=t1kAV6zb_p_E#1_Ae>W{4 zGU~4CrK%kkJ;Zx%<|Tm!y_;$z;VC@pynCVCkv&?G&lC zP4Hu!)p_41P8Hknq3LRLH5U)^ZdcjJP!P%=)hI7g>*N$|TgIxyGXIEfO<3ygDxw;c{k>Y4tZ^zm@kQil~QTT?JZ`u zUB=Sk(ohXq1Tu3}ytPlbtAKmsv0@_KFp7gvtMpIQ?_Vj~hJ(m$JkI`?muC<$HPsRC z?S*<{pH4ztl1(%dzJka8dxkAj{uhabjtSwwt17Yf@^jp_=NVjHaXvWS4$o`_ZcSv8 z@hGx^Spt*5`NI5}jiRY8f1iMM{8ptwl}YK8)f{S+6!h4tano=f3R1_4@GEok2p~JZ zQpBuCYzMdR>)LJG9a7$8e}2MBqPB zi4TUdK4Avf{w)`P+`lJ3zzg8{7kdN#g?s@{5SITMD4}3%azhsnM`oyqxUjI8sDzNH z2vh`uBn1Cw2^XgXNeKK)VPIkaAV`AS|0)>&FLiPLmAd1*!=hFbBtY(ZJ#!Xz^*KYL zQ`7%V-Ebs9kAOok0g-jii=Z+rkkdyM$p5uTXS0e_n;ru!Rzd}!Y*R|XqeB!a)G~vuSVt!_ib~2L;woWFHdK@ znX*&TT&%GSfhcYP$>7;jJF(nv6tev>x$^N^ZLYdCale#f>E%Z@<!~1 z2lWAQq{Axhy*q2BZ~dbDNm30H1h3SBt#WYM=rnUAcvgH!(xyFS;DKrQV*+Y^u{P@> zreKYwn~+A}$>*h|L+JgAMn@D$Y_18TTJ|C?lR!h0t&8_3lBIzrV#UGD6Fvpz7I%?O zU(>V5n+?3*mXpserpbp^Vc6L7e8k&@N`Wm9H12u9H0P^7^ogUik`-sNwD;QCf+De^ zEQzb#TF+(eDYwLyx*sPBIYr;*@g9mH9FJAke|{nNqq`HP7d~N z{=oodqOC0Kd5J+1ya~6Fze%{73DA1gWB?+uss0t~mZT$N;T%_s?KN^aEJm3j?ptp0I6~Pde?A+Cs_Ovl=&=#_=(zCQw-f)z&Bl|Wi zMg_7`J?KA5mAW zD}CJ-FED8@W$U^TNpwJMStGheS5UD`gEN3Yb$&)Rf1JHZ-oSJwy4Hy4m+P6<(HaG9K4VbRwIo!KL|f2}np?H~m3(5&;w zVR1mMvm#(dWf{YDJj9PTMNCe4Y)r+%Ep5%g3n^EHvs*Ss@>MOHL!|I*<^|c)w^l+~ z?(+{uO8(tP>x{bKbptqyfA(W>`8O`a8b%6=s?+|nz*(I!Xm29S$-aMqv^dK3_NAMA z^#DlJyA;!KO3|j3tufDWSzP2uH`32cN(Pai&?p0z8y*{MrHx;4fB56TtJ5|VjvgTI zRZRBEeIqn=fE4eb(Y6BcL8+f1dS^F#>M04a>4rem@x@65PL4?OMZ$J5om6Nm=J9HI zgWs8cQ*<8*p}X6GOt4nWdPY7XdvU-a=lS`5r}v$gtE!Nx!tF)&@yfpE3`C$OcuS~M zN4l9^9okvAukMqalVE&|<6mSw@D4ZB=Z;KS?;i#_*eHb5qkyPv+wp}GoGv=$0lL*w z?!rl-3p%kf9K7zxR(#E<-18gv^H-C|`-Sm_lTZ)YLw`bg>h^KvgjW9uO#~lMpFly> zy3)U#Xm{c%@)O12!sf2CJ8fHa9Hxea)BsUz1sT+K<lzIeKLZ=b>b~>0@&()XVdoTl_(25Y{+;a>j~alpW$|i7nWFaa z9xGU>Nd^&Yd|YKCmhh&L9Vd3~UJpOdY0auHar1gi>N9;PzT0Q_$QAt_&-RDMUnY$P z!5O?{lLO<=I5)eb%9@pYhSp+^vunYU61#~&x4pG0$Gy(}t8^@Oc-*M`Cun&!wsKx2 z)^1~RTV*Fo-*UD@#Czg_wXPs`EFLRfKrGNpuRPkSw54{|8rqcud#W0&F#9W6Ld{L7 z{CC6LT=Cby4!Y4p{mQP$URq=24107O_2F-0aH%pHt~7Rv01NY>t0veH6mq&*LBv%j zao;j8C|`pbEN+x+0261{gdME%GO*jV*XH>aoD>L_h}ouRn-t?BiCm_cF^m`*p6M<3 z?UUM_^EkYIDb}uvCx_v}89&7?pP1o0FDQ?>2q#$hy+B>qiK${*+w92;mID`Ht2hUaYI+OA2M9!H9w*;@coEvlx;qq z3H%_Ng{VS4h1>(kOt9A(Rl3D&j^A;5`LCxXC zwHt1Qrr^{#^u4iO;94W^6?miZ@DQMB*OPdzbSMyL+uq{i@n*Yq&kEpCP0c_x${-b> zO)ng>Iy3vlXGT`S#B*YM=;d|1d*6tTm-ef$(X`s&W#vz+V88@!;oUogCcGYuo0`mh zShCTAK{g{}P?i92KtT9D=&7@$noOg@mLsSN38<-B1>YYvZ#DBB#(u7oLje%jcdq5P z{T>rh*vu7M7CH8`eUJnKg!$Vq%^Y(0mATZlR|PN4W=#VAG&{xjP>Z^+nyj-L{GOa{ zIa)3M^TEXH&N^_)mopzkq!>PyS(Wl`QizCgczZt1GZqE)7ZE!wC(up2I8ZBEWlsE) zwtHMnDSvbL-VR5hHmLI|19Ktz&p#f{Pc;c%z>A_oQUhAq?#-vjnbgt(z6qQQ1ieOU z6Nga1n>n7p+y+xy2uu@?MMfDYU8 zH8}xodbGNpVIRRg1N>FB-rU1zj)APJ?^`h8Gr9${l?q-#miW7-)C;v-!*emY{4Xub zyk*|&!Vkj<_CxL%b*T?dF`B}QCSjcAPH8tH^i&4tTqVf6`NM z9*k|5nPYklhS558e9bL8bPTv3CPJS3##e1fn!1RpcrYKKmGQI#hGv4D>I47wRFTc?#8}D6P&-TtNeqINO@ayCzdmOX4Z?JeQ@XN{$XC-oKOv4=>XS&E7J7O{K>OtG@9PxA3CF;E ztlEOeKv*F7I6xi{7A74KfDP7z78Hule%OV2HC9xj7$0f0!C2T}>(J9`9Wui#i_FB8 Sk_|*CjxSL#CKg6a$^QVck|7}g literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties new file mode 100644 index 0000000000..67268e33e2 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/key.properties @@ -0,0 +1 @@ +cipher.enc.key=AGLDdG4D04BKm2IxIWEr8o==! diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties new file mode 100644 index 0000000000..e18585d576 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/BOOT-INF/classes/portal.properties @@ -0,0 +1,47 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################################ +############################## Portal properties ############################### +################################################################################ + +# Java class that implements the ECOMP role and user mgt API +portal.api.impl.class = org.onap.aai.sparky.security.portal.PortalRestAPICentralServiceImpl + +# Instance of ECOMP Portal where the app has been on-boarded +# use insecure http for dev purposes to avoid self-signed certificate +ecomp_rest_url = https://portal-app:8443/ONAPPORTAL/auxapi + +# Standard global logon page +ecomp_redirect_url = https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm + +# Name of cookie to extract on login request +csp_cookie_name = EPService +# Alternate values: DEVL, V_DEVL, V_PROD +csp_gate_keeper_prod_key = PROD + +# Toggles use of UEB +ueb_listeners_enable = false +# IDs application withing UEB flow +ueb_app_key=ueb_key_7 +# Use this tag if the app is centralized +role_access_centralized=remote + +# Connection and Read timeout values +ext_req_connection_timeout=15000 +ext_req_read_timeout=20000 + +#Add AAF namespace if the app is centralized +auth_namespace={{.Values.config.aafNamespace}} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties new file mode 100644 index 0000000000..1f154b6101 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/cadi.properties @@ -0,0 +1,45 @@ +# Configure AAF +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 +aaf_url=<%=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 + +#aaf_url=https://DME2RESOLVE/service=com.att.authz.AuthorizationService/version=2.0/envContext=TEST/routeOffer=BAU_SE +# AAF Environment Designation + +#if you are running aaf service from a docker image you have to use aaf service IP and port number +aaf_id={{.Values.config.aafUsername}} +#Encrypt the password using AAF Jar +aaf_password={{.Values.config.aafPassword}} +# Sample CADI Properties, from CADI 1.4.2 +#hostname=org.onap.aai.orr +csp_domain=PROD +# Add Absolute path to Keyfile +cadi_keyfile={{.Values.config.cadiKeyFile}} + +# This is required to accept Certificate Authentication from Certman certificates. +# can be TEST, IST or PROD +aaf_env=DEV + +# DEBUG prints off all the properties. Use to get started. +cadi_loglevel=DEBUG + +# Add Absolute path to truststore2018.jks +cadi_truststore={{.Values.config.cadiTrustStore}} +# Note: This is the ONLY password that doesn't have to be encrypted. All Java's TrustStores are this passcode by default, because they are public certs +cadi_truststore_password={{.Values.config.cadiTrustStorePassword}} + +# how to turn on SSL Logging +#javax.net.debug=ssl + +# Use "maps.bing.com" to get Lat and Long for an Address +AFT_LATITUDE=32.780140 +AFT_LONGITUDE=-96.800451 +AFT_ENVIRONMENT=AFTUAT +AFT_DME2_CLIENT_IGNORE_SSL_CONFIG=true +DME2.DEBUG=true +AFT_DME2_HTTP_EXCHANGE_TRACE_ON=true + +cadi_latitude=32.780140 +cadi_longitude=-96.800451 + +aaf_root_ns=com.att.aaf +aaf_api_version=2.0 diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile new file mode 100644 index 0000000000..921ce6714a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/keyFile @@ -0,0 +1,27 @@ +77E_fh-8gTjeg8egAo-JgNkXYm1FGEBPMo44vKPgKyGCJj9Dn0xJqIBct2Ko35X4_HSU3wPq3I2q +YHIvJCjmzXTVu2zvu4rIGTlwycTtLGDkgPyhOYFytv4GgazbpSs9331MPUeVVrdpkDCQmjtHSB4m +DThhfEe2lkbZ35ljX3sVSf3JDy4ngRot0ktQwnnY4vxFdgVUl7LzVinXWgFLoqMyXmKh_bGw9aUH +VMgqFsF_YmqLZY5ZARAraeywktvrU5kXYh5SnfXoJy7XIk0TBjHKqO-1mW-TcIgS3_v6GIGkZnpq +e1FyE8cS21gTPFlc1KDoWUZE2yoEsQKJc4RFWfjid_mE6nckxym1TOsEn3G2_TlkZvliN_QMDB_c +RuFLDB9HCChm4YYHpSn-RBqtJFz29bMTHQX8VNVfZ_Zhh-4dWOlEfpSzJvAqm_boo-8y8YDGIusx +mvKyPXEKVCuBOljHaKhYg0d43nAXIFsssKpjmtQizA2L_TP1Mo_lDFIlCsPcRlHKTvzkTstEAhRj +JnepzA--olBMwBkPxjm1Y5XQBGZH72i_o4Hr7_NqHb9sP486I2Nd1-owjHkhacGrLO1oORnuBUxp +_SnaXYywe9tTz3BcfFupXSoDv4Sj7g9B53yPIWmjGggigidql3SNJsui6qOtwDHOejzEDFm23Lj7 +fXD6sb52U_ul9ahi4CoLTzpvMsPRYOqyRCk8K8FVBauZbG5D42oaFPn0S0rCSHOCU1TXbRdTF-Cs +I2R0pEHNgb33yx6vtInaTSYIQ5cxa3XDA_50AQearV5SuYSlp8dK0BkpVCKgvSQdTn-2WiaV_hvO +KzG7D2adT1kYY6TjYMXIaUiJ33y1XSNDG0s6r4NG5dNE6Jj7thdpnV-AAZoi0uZh1_bsHKLVmHRr +NCXAc6DZm1D4N9y5lOJwUprUlJisZXLFTQThGMRY5dtiY_eK9Xjj4FQygXXhuhFXHz2-e4YApORv +lXDcT29IZuuI1j26bxdNdhNr1wZsqqievBN6l6OQMiP21eIrxAUu1BEmiVOrfOzaEjxldDN2gFum +4-zf9gsQT9UT8KEuOje64wVeHr09JpWuddV9HOAMvqc6mKTWmvUv_QiLgtK_b39QccMrOfOA1usM +biRJ9wuTYIr584Q9CjHEcm5e2YufcbF-IDZ4IDui8gNXyYJuusTYdspeKzrtiLKfgI56ZWA3it9G +SOkN18YyUmhk7HFkx9qEifb4UEbUQPb0dyXBRotf-91c5CPkct-36uV4sZBA_AR1tX3-aRKKB_SQ +B0zaG-eaEdEqKv-ZYHqk23ZxiEsCX3ZdY7VSMWztE3_D5n8UgEl4et5LVfnjvU-arVVO93WUbXk0 +zi2QrOwytOZ0StAvFdF1nVwWllPg4EYcn8qLJIaaBRvLMlpHixtwRhltwJeMmJl3ExImOxNhVbhF +6LxVXW6JK8JfMIwb_TE4EShDBjemq76BojQOwrO4OAyPG7B5iUtefdY-Zu1EtjXPhrUgljI_A1tg +5_2WNjNTCT7Bvig3saFsIRi3cvgIcMAF2H7kJYw3UDvCFnx4LIom2u6vSeyatPxEOhRfpP0KvgEU +koM9DFJW7VWQ11mB_DcU2NoYHdFKFy_cM62kIvoRwZTADGryEtkLSWEDT8MLpVrGXP2RjSZ3HHqC +vVpVqQHC2VIqNKi2uHtYCiTEfj81Z0rCrnH3hYIRoOSe5W6m17xyb0RloG0G44uK0oNCfDYLwK0L +TJaBdWSIBYI__ISsKx8o8r-3XLtbwQPPhv4-LpGwJYd7sIcqnpTYAyNGSrbEM4ECzHCH9Hwf9Duy +cAQGWqXIbTV9i8ryw8OhcCZPTf3noPZyhzzdegiv6KNT-BBbxsgtDehtP-jvpd9eAhjlfUV_hoFJ +rBUVMFrIOEDnnItVqBDmnavRdhn6N9ObVjVMv_4inhkvtpBCEVxtVQT2kFuBmZvPu_uHHbXi7_g8 +SVs3AjJ2ya3pZraK6gH3IOYoGtTAH3rKl7XdTMjqWnUCbhepuJqeEOF-DhpsEW7Oo0Lqzbjg \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties new file mode 100644 index 0000000000..97b5399f54 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/portal/portal-authentication.properties @@ -0,0 +1,31 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +##################################################################################### +############################## Portal Auth Properties ############################## +##################################################################################### + +############################## Auth ############################## +username={{.Values.config.portalUsername}} +password={{.Values.config.portalPassword}} + +############################## ############################## +# +# ONAP Cookie Processing - During initial development, this flag, if true, will +# prevent the portal interface's login processing from searching for a user +# specific cookie, and will instead allow passage if a valid session cookie is discovered. +onap_enabled={{.Values.config.portalOnapEnabled}} +onap.user_id_cookie_name={{.Values.config.portalCookieName}} +cookie_decryptor_classname={{.Values.config.cookieDecryptorClass}} +app_roles={{.Values.config.portalAppRoles}} diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config new file mode 100644 index 0000000000..ee131d8414 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/roles.config @@ -0,0 +1,20 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +[ + { + "id":1, + "name":"View" + } +] diff --git a/kubernetes/aai/components/aai-sparky-be/resources/config/users.config b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config new file mode 100644 index 0000000000..ce69e88918 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/resources/config/users.config @@ -0,0 +1,20 @@ +[{ + "orgId": null, + "managerId": null, + "firstName": "Demo", + "middleInitial": null, + "lastName": "User", + "phone": null, + "email": "demo@email.com", + "hrid": null, + "orgUserId": "demo", + "orgCode": null, + "orgManagerUserId": null, + "jobTitle": null, + "loginId": "demo", + "active": false, + "roles": [{ + "id": 1, + "name": "View" + }] +}] \ No newline at end of file diff --git a/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml new file mode 100644 index 0000000000..9e0a5726bd --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/templates/configmap.yaml @@ -0,0 +1,72 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-prop + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-resources.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-ssl.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-default.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-override.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application-oxm-schema-prod.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/roles.config").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/users.config").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-portal + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/portal/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-portal-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/portal/BOOT-INF/classes/*").AsConfig . | indent 2 }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml new file mode 100644 index 0000000000..a4fe4e2195 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/templates/deployment.yaml @@ -0,0 +1,206 @@ +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - aai-elasticsearch + - --container-name + - aai-search-data + - --container-name + - aai + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/sparky/config/auth/client-cert-onap.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: client-cert-onap.p12 + + - mountPath: /opt/app/sparky/config/auth/csp-cookie-filter.properties + name: {{ include "common.fullname" . }}-auth-config + subPath: csp-cookie-filter.properties + + - mountPath: /opt/app/sparky/config/auth/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-auth-config + subPath: org.onap.aai.p12 + + - mountPath: /opt/app/sparky/config/auth/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + + - mountPath: /opt/app/sparky/config/portal/ + name: {{ include "common.fullname" . }}-portal-config + + - mountPath: /opt/app/sparky/config/portal/BOOT-INF/classes/ + name: {{ include "common.fullname" . }}-portal-config-props + + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + + - mountPath: /opt/app/sparky/config/application.properties + name: {{ include "common.fullname" . }}-properties + subPath: application.properties + + - mountPath: /opt/app/sparky/config/application-resources.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-resources.properties + + - mountPath: /opt/app/sparky/config/application-ssl.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-ssl.properties + + - mountPath: /opt/app/sparky/config/application-oxm-default.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-default.properties + + - mountPath: /opt/app/sparky/config/application-oxm-override.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-override.properties + + - mountPath: /opt/app/sparky/config/application-oxm-schema-prod.properties + name: {{ include "common.fullname" . }}-properties + subPath: application-oxm-schema-prod.properties + + - mountPath: /opt/app/sparky/config/roles.config + name: {{ include "common.fullname" . }}-properties + subPath: roles.config + + - mountPath: /opt/app/sparky/config/users.config + name: {{ include "common.fullname" . }}-properties + subPath: users.config + + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: aai-sparky-filebeat + resources: +{{ include "common.resources" . }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + + - name: {{ include "common.fullname" . }}-properties + configMap: + name: {{ include "common.fullname" . }}-prop + + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }} + + - name: {{ include "common.fullname" . }}-portal-config + configMap: + name: {{ include "common.fullname" . }}-portal + + - name: {{ include "common.fullname" . }}-portal-config-props + configMap: + name: {{ include "common.fullname" . }}-portal-props + + - name: {{ include "common.fullname" . }}-auth-config + secret: + secretName: {{ include "common.fullname" . }} + + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: aai-sparky-filebeat + emptyDir: {} + - name: modeldir + emptyDir: {} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml new file mode 100644 index 0000000000..292e03571a --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/templates/secret.yaml @@ -0,0 +1,27 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-sparky-be/templates/service.yaml b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml new file mode 100644 index 0000000000..5c939ae48e --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/templates/service.yaml @@ -0,0 +1,38 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} diff --git a/kubernetes/aai/components/aai-sparky-be/values.yaml b/kubernetes/aai/components/aai-sparky-be/values.yaml new file mode 100644 index 0000000000..10448b7520 --- /dev/null +++ b/kubernetes/aai/components/aai-sparky-be/values.yaml @@ -0,0 +1,120 @@ +# Copyright (c) 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for sparky-be. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + aai: + serviceName: aai + aaiElasticsearch: + serviceName: aai-elasticsearch + gizmo: + serviceName: aai-gizmo + searchData: + serviceName: aai-search-data + readinessImage: onap/oom/readiness:3.0.1 + +# application image +repository: nexus3.onap.org:10001 +image: onap/sparky-be:1.6.2 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +dockerhubRepository: registry.hub.docker.com +ubuntuInitImage: oomk8s/ubuntu-init:2.0.0 +# application configuration +config: + elasticsearchHttpPort: 9200 + gerritBranch: 3.0.0-ONAP + gerritProject: http://gerrit.onap.org/r/aai/test-config + portalUsername: aaiui + portalPassword: OBF:1t2v1vfv1unz1vgz1t3b + portalCookieName: UserId + portalAppRoles: ui_view + aafUsername: aai@aai.onap.org + aafNamespace: org.onap.aai + aafPassword: enc:xxYw1FqXU5UpianbPeH5Rezg0YfjzuwQrSiLcCmJGfz + cadiKeyFile: /opt/app/sparky/config/portal/keyFile + cadiTrustStore: /opt/app/sparky/config/auth/truststoreONAPall.jks + cadiFileLocation: /opt/app/sparky/config/portal/cadi.properties + cadiTrustStorePassword: changeit + cookieDecryptorClass: org.onap.aai.sparky.security.BaseCookieDecryptor + +# ONAP Cookie Processing - During initial development, the following flag, if true, will +# prevent the portal interface's login processing from searching for a user +# specific cookie, and will instead allow passage if a valid session cookie is discovered. + portalOnapEnabled: true +# + +# override chart name (sparky-be) to share a common namespace +# suffix with parent chart (aai) +nsSuffix: aai + + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-sparky-be + internalPort: 8000 + nodePort: 20 + +ingress: + enabled: false + service: + - baseaddr: "aaisparkybe" + name: "aai-sparky-be" + port: 8000 + config: + ssl: "redirect" + +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 0.25 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 0.5 + memory: 2Gi + unlimited: {} diff --git a/kubernetes/aai/components/aai-traversal/.helmignore b/kubernetes/aai/components/aai-traversal/.helmignore new file mode 100644 index 0000000000..daebc7da77 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/kubernetes/aai/components/aai-traversal/Chart.yaml b/kubernetes/aai/components/aai-traversal/Chart.yaml new file mode 100644 index 0000000000..80ff28ef54 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/Chart.yaml @@ -0,0 +1,18 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +description: ONAP AAI traversal +name: aai-traversal +version: 7.0.0 diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv new file mode 100644 index 0000000000..60a8fb5f0b --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/bath_config.csv @@ -0,0 +1,33 @@ +# AAI -> aai@aai.onap.org +Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ModelLoader -> aai@aai.onap.org +Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# AaiUI -> aai@aai.onap.org, +Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# MSO -> so@so.onap.org +Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 + +# SDNC -> sdnc@sdnc.onap.org +Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# DCAE -> dcae@dcae.onap.org +Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# POLICY -> policy@policy.onap.org +Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# ASDC -> sdc@sdc.onap.org +Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# VID -> vid@vid.onap.org +Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 + +# APPC -> appc@appc.onap.org +Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 + +# OOF -> oof@oof.onap.org +Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 + diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties new file mode 100644 index 0000000000..2b19da9f6f --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=INFO +cadi_prop_files=/opt/app/aai-traversal/resources/aaf/org.osaaf.location.props:/opt/app/aai-traversal/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000000..4c14bc37f1 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +VoVoSXQrAveX2NBnoAGs7p5q5Zn5vWkVXC81HQrzers30k7OzSy5rfCRSUVO13wuo-wzJQ4GGn4e +ZSOZrtTCenFwunUX6mirkIlip8W2TLNVH6O3VN-F7JS6t_6EFF5z1y7amr9MCWQ8p72Ig9uHMUWC +uPLjD6GUWAEw0BIGtCbXgJDs6v2EOCv0TV8Mq1uYSaiAOZgMlehwt1tWcE3iSRfZscjIp4Kjpe4e +QsZ9Bc5ATTnY3Tc5Mtmubc-1cwGDQQWFIo5k_cWfxhtpMAsNSidwp-zBjCKEWC465BKSSiUHwp4M +YW_6xrmN1FobnFqLCNoUEoXH3Mcgeze74dXmaN8_JyQ6T5pT1EtETsitnktrfFh-XsLKGf8vE1m8 +pfAtq4hPeq1jMdG0D8SRVGFxJlHa9VsmYpbUj_4I3GGsaBt_EBl9ZUtL0b3Vnx5fnqS1OZ1amL0z +94rQfQMf2UAnbI1j2j5oV6Hy2eBmSiLft2aNxs1VPmmZLQsm5dXDKF1eJ6twNmaZvzmQaSHTpN4b +YqPonSwlYK1ZARaKzx1SivpRWzRP-nqqFazfAnPlLdvCBpCK0g_SjwLvlifozVmH2j0Vd6E9F9XE +NzJSfUY6NsX6_7t10yDYtBKbFKID3jIKmSj7yn5PKNbEWBwmgvkBh4PIKTRij11udR8S8PnYsfTT +PyC52LH37LL5Me3Y443zOUXtYWwN6wfCi9H4pDQGmg7mcnpKV0Z-Iw59AuLKypTriG3-9DxYgMSa +_GCDiCIXhcWSEYieRV45qHoeVdgrPGN8iy9leO_JmikGsjcIKl0-mGrojsV0zHrqeP-fyvgpFD1x +NXLKeqErqSw_KMFOxCa0-cUQHgrVvrs5wDYeetZ4TRafKEYkojZhq6mbM5V2zScQTxU_VEHK0PIs +BJ6xHzcw9DLUjPTVtHXXbag9ly9ReoHXRLD5O9RZUvLH9pGRIkn_tMrVD1scMiS4ln9QplyGRF1_ +AAXysVgCna3-xuOIYo8zG74d29eNcuEpejPR8CiSWKiKNqp0zMYB5Jpv2dlf0XMucMne-6WV1-gg +EETogBbymFC6rcc31TjPwqnqyLY0XP7Gy1trJ47aI9zBXS3IZLmGaKW1d12ELDRsWctujcjHyt1_ +Vp3hrny5w7BNWD8SIueUzke3-OuEhOmu0o84TGvfHc6fmKCggRBn_oXee4OeCnt2HzNSlLvOV9AZ +g5e1UKuzl2dODQCZHNNdj-7f25LIVSV44m0SVNsDwboQ4s7T5HOTn3NM2KpklwBnB6w5ze2FFBzb +5XNzyXOpDgHEnszN1U90WrpoFvJ0LFJ5XeX8mH0q9lpcKZXbOqP383_dBXyEd237m2OF6WVG4VVm +4dqB98pBLiGpCR1K6ocdcZE6mAMQn-OdDaLIJLcXt77i1j2MNlODeax-MJnxMW8EjPAzNJzrdq5e +21spFMZJT9vthdl0qqiiduuTazaXGrmvnB85uvRCXVqJOesVG3HebubWrQuuuePxVTSL18R_PhId +0hmqho-MOZUHHTxGzqFDR0iOO8Y4hZfiAipHAd49IkkmYJUrEAb258in8W4__vJ5UcIdq2Rd8L9l +vtIzf7AKcFCyx7Woi95GpEJ2Kr_f6aG1_04hbFY_LHP3EHPcOxsDHjz-8FYreze_LUdsYx-fBMft +mcFmbFAblk8Jz7GYQ7c4XwULt2BbMr9rsuGuZHL3Ap6lX1eI0-6d8ZZ3DIXIWubTTqHG_mRNd5XW +b0x5nlEbnvw4t4DdjGsEONpQfllnnmkr25tPQBncPjlsA3oso6h5QM4psvkkKi8yd0N6t-yyLwra +w1B3p9YQFzK2hGA24Seo83baLRgIK6YvEsNnXdI7fmVEOetIslQue__6S6GupdqgUFx9xrtDLN-d +TbdxpezKWfkjCxEBxXyAhOttb3qqP0-jtZV7OEsZmmz0T9DG4hYnNfs-clD7rrD3Va7znzDru2sq +PtgpapahbNjM9pbx9_fU7M35aEYnGtEwG9BVGVxsWmIBMTc05ncru4qE0fLkjsDSnCMQ54e0 \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.p12 new file mode 100644 index 0000000000000000000000000000000000000000..b2449c6a54285b5285d4921c786e38e59d09f117 GIT binary patch literal 4347 zcmY*bbx;(J)?H$0mRcI5MS7QJ=|;Lcq?T@2`60Qqlyr9pxCjVJNF&{i(jn3!5|aD* zzIoq!^Ua+*_slu>+&|A;2$J*~69Wr^ByGUK=Z;Z}xhBTI#VA3NmSQ7G3;)u&5F{|< z|4BekY$VY2FAe|Ob~uFpb`cR^V3r`U?;uF*YX}z(!T-^JkJDp=MH&apPe9LC&M7)l zR)5i+me`1gU}6FKb+M7y!!+sN%Jw8=6UB4%R|B;)?gwfV+**qLZ#)aAJ}KRaC)sIy z^Ppop-Obpjvy&@UO2C!N6`$E0q>+Iy_81B?EuiM0;D);5}Lgm1l-c+MMH zXlhOyv;=$qX3%(IzOjC0@MvK%@VggFPp5g)QjoyRPM1Si(pd-PmIYWORw1IL$mZMI z{?hN`=Ep;&)orJ^UPW15tYD@w+(;d(wKW@!yeT-zoJ`(7uGJhd z8ZltB`O)BgAnwSak{l5~IQBk9O@2XAhe^y#6NkKQDTM}q%)vZNyP{ZzN|H;bAGngH za!h|zS)fc?{;uXdh&~$v#C3)puuBVxen_+VC@vK=V6pcS7ttDrOCM!nL-cZ-vM1?| zHsa=Fx)OC!kn*tOD@!3QyiZ22uD5-3@-*@*6OvtI6rNT}c)r9_KTAua>R7X<)}IuL z)i<0swj-?bn!iwYR8Gzm#?PFoH(e0267glXb+qWG)kcMlSaj5Lq<>aM)z^MY@J?3W z*hpFu`Wq^HW^S~o7Yl7&u6%CXn2<p z#6~h=*PlF|7tsG%yt0*zA#`M$e9`p%XO|wc<^`VS4g#0igF9PVX|Cx9)6&6CTbwo7 zd|Q^^*C&E`&DUf2y4$xN%kL6%GsmP#47yM#_F?zj>a)-_-%WG*VXoKS)gT-VHyd#UWesOrPl$F=&VQXJf@>O%y(bj;0-~&;EY&-NgWhzat$yJG&^=Dis6^ zKni*bIr7AE=R*5KMkm{&VZ6+Pv*SM7_VxE4pi#)Vm(V=t1kAV6zb_p_E#1_Ae>W{4 zGU~4CrK%kkJ;Zx%<|Tm!y_;$z;VC@pynCVCkv&?G&lC zP4Hu!)p_41P8Hknq3LRLH5U)^ZdcjJP!P%=)hI7g>*N$|TgIxyGXIEfO<3ygDxw;c{k>Y4tZ^zm@kQil~QTT?JZ`u zUB=Sk(ohXq1Tu3}ytPlbtAKmsv0@_KFp7gvtMpIQ?_Vj~hJ(m$JkI`?muC<$HPsRC z?S*<{pH4ztl1(%dzJka8dxkAj{uhabjtSwwt17Yf@^jp_=NVjHaXvWS4$o`_ZcSv8 z@hGx^Spt*5`NI5}jiRY8f1iMM{8ptwl}YK8)f{S+6!h4tano=f3R1_4@GEok2p~JZ zQpBuCYzMdR>)LJG9a7$8e}2MBqPB zi4TUdK4Avf{w)`P+`lJ3zzg8{7kdN#g?s@{5SITMD4}3%azhsnM`oyqxUjI8sDzNH z2vh`uBn1Cw2^XgXNeKK)VPIkaAV`AS|0)>&FLiPLmAd1*!=hFbBtY(ZJ#!Xz^*KYL zQ`7%V-Ebs9kAOok0g-jii=Z+rkkdyM$p5uTXS0e_n;ru!Rzd}!Y*R|XqeB!a)G~vuSVt!_ib~2L;woWFHdK@ znX*&TT&%GSfhcYP$>7;jJF(nv6tev>x$^N^ZLYdCale#f>E%Z@<!~1 z2lWAQq{Axhy*q2BZ~dbDNm30H1h3SBt#WYM=rnUAcvgH!(xyFS;DKrQV*+Y^u{P@> zreKYwn~+A}$>*h|L+JgAMn@D$Y_18TTJ|C?lR!h0t&8_3lBIzrV#UGD6Fvpz7I%?O zU(>V5n+?3*mXpserpbp^Vc6L7e8k&@N`Wm9H12u9H0P^7^ogUik`-sNwD;QCf+De^ zEQzb#TF+(eDYwLyx*sPBIYr;*@g9mH9FJAke|{nNqq`HP7d~N z{=oodqOC0Kd5J+1ya~6Fze%{73DA1gWB?+uss0t~mZT$N;T%_s?KN^aEJm3j?ptp0I6~Pde?A+Cs_Ovl=&=#_=(zCQw-f)z&Bl|Wi zMg_7`J?KA5mAW zD}CJ-FED8@W$U^TNpwJMStGheS5UD`gEN3Yb$&)Rf1JHZ-oSJwy4Hy4m+P6<(HaG9K4VbRwIo!KL|f2}np?H~m3(5&;w zVR1mMvm#(dWf{YDJj9PTMNCe4Y)r+%Ep5%g3n^EHvs*Ss@>MOHL!|I*<^|c)w^l+~ z?(+{uO8(tP>x{bKbptqyfA(W>`8O`a8b%6=s?+|nz*(I!Xm29S$-aMqv^dK3_NAMA z^#DlJyA;!KO3|j3tufDWSzP2uH`32cN(Pai&?p0z8y*{MrHx;4fB56TtJ5|VjvgTI zRZRBEeIqn=fE4eb(Y6BcL8+f1dS^F#>M04a>4rem@x@65PL4?OMZ$J5om6Nm=J9HI zgWs8cQ*<8*p}X6GOt4nWdPY7XdvU-a=lS`5r}v$gtE!Nx!tF)&@yfpE3`C$OcuS~M zN4l9^9okvAukMqalVE&|<6mSw@D4ZB=Z;KS?;i#_*eHb5qkyPv+wp}GoGv=$0lL*w z?!rl-3p%kf9K7zxR(#E<-18gv^H-C|`-Sm_lTZ)YLw`bg>h^KvgjW9uO#~lMpFly> zy3)U#Xm{c%@)O12!sf2CJ8fHa9Hxea)BsUz1sT+K<lzIeKLZ=b>b~>0@&()XVdoTl_(25Y{+;a>j~alpW$|i7nWFaa z9xGU>Nd^&Yd|YKCmhh&L9Vd3~UJpOdY0auHar1gi>N9;PzT0Q_$QAt_&-RDMUnY$P z!5O?{lLO<=I5)eb%9@pYhSp+^vunYU61#~&x4pG0$Gy(}t8^@Oc-*M`Cun&!wsKx2 z)^1~RTV*Fo-*UD@#Czg_wXPs`EFLRfKrGNpuRPkSw54{|8rqcud#W0&F#9W6Ld{L7 z{CC6LT=Cby4!Y4p{mQP$URq=24107O_2F-0aH%pHt~7Rv01NY>t0veH6mq&*LBv%j zao;j8C|`pbEN+x+0261{gdME%GO*jV*XH>aoD>L_h}ouRn-t?BiCm_cF^m`*p6M<3 z?UUM_^EkYIDb}uvCx_v}89&7?pP1o0FDQ?>2q#$hy+B>qiK${*+w92;mID`Ht2hUaYI+OA2M9!H9w*;@coEvlx;qq z3H%_Ng{VS4h1>(kOt9A(Rl3D&j^A;5`LCxXC zwHt1Qrr^{#^u4iO;94W^6?miZ@DQMB*OPdzbSMyL+uq{i@n*Yq&kEpCP0c_x${-b> zO)ng>Iy3vlXGT`S#B*YM=;d|1d*6tTm-ef$(X`s&W#vz+V88@!;oUogCcGYuo0`mh zShCTAK{g{}P?i92KtT9D=&7@$noOg@mLsSN38<-B1>YYvZ#DBB#(u7oLje%jcdq5P z{T>rh*vu7M7CH8`eUJnKg!$Vq%^Y(0mATZlR|PN4W=#VAG&{xjP>Z^+nyj-L{GOa{ zIa)3M^TEXH&N^_)mopzkq!>PyS(Wl`QizCgczZt1GZqE)7ZE!wC(up2I8ZBEWlsE) zwtHMnDSvbL-VR5hHmLI|19Ktz&p#f{Pc;c%z>A_oQUhAq?#-vjnbgt(z6qQQ1ieOU z6Nga1n>n7p+y+xy2uu@?MMfDYU8 zH8}xodbGNpVIRRg1N>FB-rU1zj)APJ?^`h8Gr9${l?q-#miW7-)C;v-!*emY{4Xub zyk*|&!Vkj<_CxL%b*T?dF`B}QCSjcAPH8tH^i&4tTqVf6`NM z9*k|5nPYklhS558e9bL8bPTv3CPJS3##e1fn!1RpcrYKKmGQI#hGv4D>I47wRFTc?#8}D6P&-TtNeqINO@ayCzdmOX4Z?JeQ@XN{$XC-oKOv4=>XS&E7J7O{K>OtG@9PxA3CF;E ztlEOeKv*F7I6xi{7A74KfDP7z78Hule%OV2HC9xj7$0f0!C2T}>(J9`9Wui#i_FB8 Sk_|*CjxSL#CKg6a$^QVck|7}g literal 0 HcmV?d00001 diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props new file mode 100644 index 0000000000..ef78622641 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.onap.aai.props @@ -0,0 +1,15 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_9, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=/opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile +cadi_keystore=/opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:dgVjUeXy3cuR7nJ3TFVrXFfAu19gn6rie-RsS96-0fmeZwMsXlNIgK_rHd2eRY_p + +#cadi_key_password=enc:9xs_lJ9QQRDoMcHqLbGg40-gefGrw-sLMjWL40ejbyqdC7Jt_pQfY6ajBLGcbLuL +cadi_alias=aai@aai.onap.org +cadi_truststore=/opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:nF3CZ7w_swzgWJX8CtEOsKWA50x-Da_HbiYlXPWrQym +cadi_loglevel=INFO +cadi_bath_convert=/opt/app/aai-traversal/resources/aaf/bath_config.csv diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props new file mode 100644 index 0000000000..b9ec6b4641 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/org.osaaf.location.props @@ -0,0 +1,23 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +aaf_locate_url=https://aaf-locate.{{.Release.Namespace}}:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.service:2.1 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.token:2.1/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/onap.org.osaaf.aaf.introspect:2.1/introspect + + diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties new file mode 100644 index 0000000000..d4956f577c --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaf/permissions.properties @@ -0,0 +1,2 @@ +permission.type=org.onap.aai.traversal +permission.instance=* \ No newline at end of file diff --git a/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties new file mode 100644 index 0000000000..0f23eda515 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/aaiconfig.properties @@ -0,0 +1,94 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +aai.config.checktime=1000 + +# this could come from siteconfig.pl? +aai.config.nodename=AutomaticallyOverwritten + +aai.server.url.base=https://aai.{{ include "common.namespace" . }}:8443/aai/ +aai.server.url=https://aai.{{ include "common.namespace" . }}:8443/aai/{{ .Values.global.config.schema.version.api.default }}/ +aai.global.callback.url=https://aai.{{ include "common.namespace" . }}:8443/aai/ + +{{ if .Values.global.config.basic.auth.enabled }} +aai.tools.enableBasicAuth=true +aai.tools.username={{ .Values.global.config.basic.auth.username }} +aai.tools.password={{ .Values.global.config.basic.auth.passwd }} +{{ end }} + +aai.truststore.filename={{ .Values.global.config.truststore.filename }} +aai.truststore.passwd.x={{ .Values.global.config.truststore.passwd }} +aai.keystore.filename={{ .Values.global.config.keystore.filename }} +aai.keystore.passwd.x={{ .Values.global.config.keystore.passwd }} + +aai.notification.current.version={{ .Values.global.config.schema.version.api.default }} +aai.notificationEvent.default.status=UNPROCESSED +aai.notificationEvent.default.eventType={{ .Values.global.config.notification.eventType }} +aai.notificationEvent.default.domain={{ .Values.global.config.notification.domain }} +aai.notificationEvent.default.sourceName=aai +aai.notificationEvent.default.sequenceNumber=0 +aai.notificationEvent.default.severity=NORMAL +aai.notificationEvent.default.version={{ .Values.global.config.schema.version.api.default }} +# This one lets us enable/disable resource-version checking on updates/deletes +aai.resourceversion.enableflag=true +aai.logging.maxStackTraceEntries=10 +aai.default.api.version={{ .Values.global.config.schema.version.api.default }} + +# Used by Model-processing code +aai.model.delete.sleep.per.vtx.msec=500 +aai.model.query.resultset.maxcount=50 +aai.model.query.timeout.sec=90 + +aai.model.proc.max.levels=50 +aai.edgeTag.proc.max.levels=50 + +aai.logging.trace.enabled=true +aai.logging.trace.logrequest=false +aai.logging.trace.logresponse=false + +aai.transaction.logging=true +aai.transaction.logging.get=false +aai.transaction.logging.post=false + +aai.realtime.clients={{ .Values.global.config.realtime.clients }} + +#timeout for traversal enabled flag +aai.traversal.timeoutenabled={{ .Values.config.timeout.enabled }} + +#timeout app specific +aai.traversal.timeout.appspecific={{ .Values.config.timeout.appspecific }} + +#default timeout limit added for traversal if not overridden (in ms) +aai.traversal.timeoutlimit={{ .Values.config.timeout.limit | int }} + +#timeout for traversal dsl enabled flag +aai.traversal.dsl.timeoutenabled={{ .Values.config.dsl.timeout.enabled }} + +#timeout app specific -1 to bypass for that app id, a whole number to override the timeout with that value (in ms) +aai.traversal.dsl.timeout.appspecific={{ .Values.config.dsl.timeout.appspecific | join "|" }} + +#default timeout limit added for traversal dsl if not overridden (in ms) +aai.traversal.dsl.timeoutlimit={{ .Values.config.dsl.timeout.limit | int }} + +# Threshold for margin of error (in ms) for resources_with_sot format to derive the most recent http method performed +aai.resource.formatter.threshold=10 +aai.dsl.override={{ .Values.config.dslOverride }} diff --git a/kubernetes/aai/components/aai-traversal/resources/config/application.properties b/kubernetes/aai/components/aai-traversal/resources/config/application.properties new file mode 100644 index 0000000000..4a025bacd2 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/application.properties @@ -0,0 +1,99 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# The following info parameters are being referenced by ajsc6 +info.build.artifact=aai-traversal +info.build.name=traversal +info.build.description=Traversal Microservice +info.build.version=1.3.0 + +spring.application.name=aai-traversal +spring.jersey.type=filter + +spring.main.allow-bean-definition-overriding=true +server.servlet.context-path=/ + +spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration + +spring.profiles.active={{ .Values.global.config.profiles.active }} +spring.jersey.application-path=${schema.uri.base.path} +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +# If you get an application startup failure that the port is already taken +# If thats not it, please check if the key-store file path makes sense +server.local.startpath=aai-traversal/src/main/resources/ +server.basic.auth.location=${server.local.startpath}etc/auth/realm.properties + +server.port=8446 +server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 +server.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +server.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +server.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +server.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) +server.ssl.client-auth=want +server.ssl.key-store-type=JKS + +# JMS bind address host port +jms.bind.address=tcp://localhost:61647 +dmaap.ribbon.listOfServers=message-router.{{ include "common.namespace" . }}:3905 +dmaap.ribbon.transportType=https + +# Schema related attributes for the oxm and edges +# Any additional schema related attributes should start with prefix schema +schema.configuration.location=N/A +schema.source.name={{ .Values.global.config.schema.source.name }} +schema.nodes.location=${server.local.startpath}/schema/${schema.source.name}/oxm/ +schema.edges.location=${server.local.startpath}/schema/${schema.source.name}/dbedgerules/ +# Location of where the stored queries are +schema.queries.location=${server.local.startpath}/schema/${schema.source.name}/query/ + +schema.ingest.file=${server.local.startpath}/application.properties + +# Schema Version Related Attributes + +schema.uri.base.path={{ .Values.global.config.schema.uri.base.path }} +# Lists all of the versions in the schema +schema.version.list={{ .Values.global.config.schema.version.list }} +# Specifies from which version should the depth parameter to default to zero +schema.version.depth.start={{ .Values.global.config.schema.version.depth }} +# Specifies from which version should the related link be displayed in response payload +schema.version.related.link.start={{ .Values.global.config.schema.version.related.link }} + +# Specifies from which version should the client see only the uri excluding host info +# Before this version server base will also be included +schema.version.app.root.start={{ .Values.global.config.schema.version.app.root }} +# Specifies from which version should the namespace be changed +schema.version.namespace.change.start={{ .Values.global.config.schema.version.namespace.change }} +# Specifies from which version should the client start seeing the edge label in payload +schema.version.edge.label.start={{ .Values.global.config.schema.version.edge.label }} +# Specifies the version that the application should default to +schema.version.api.default={{ .Values.global.config.schema.version.api.default }} + +schema.translator.list={{ .Values.global.config.schema.translator.list }} +schema.service.base.url=https://aai-schema-service.{{ include "common.namespace" . }}:8452/aai/schema-service/v1/ +schema.service.nodes.endpoint=nodes?version= +schema.service.edges.endpoint=edgerules?version= +schema.service.versions.endpoint=versions +schema.service.custom.queries.endpoint=stored-queries +schema.service.client={{ .Values.global.config.schema.service.client }} + +schema.service.ssl.key-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.keystore.filename }} +schema.service.ssl.trust-store=${server.local.startpath}/etc/auth/{{ .Values.global.config.truststore.filename }} +schema.service.ssl.key-store-password=password({{ .Values.global.config.keystore.passwd }}) +schema.service.ssl.trust-store-password=password({{ .Values.global.config.truststore.passwd }}) diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties new file mode 100644 index 0000000000..1db2774d52 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-cached.properties @@ -0,0 +1,100 @@ +# +# ============LICENSE_START======================================================= +# org.onap.aai +# ================================================================================ +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +#caching on +cache.db-cache = true +cache.db-cache-clean-wait = 20 +cache.db-cache-time = 180000 +cache.db-cache-size = 0.3 + +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties new file mode 100644 index 0000000000..36cbc4201d --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/janusgraph-realtime.properties @@ -0,0 +1,94 @@ +# +# ============LICENSE_START======================================================= +# Copyright © 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +# +# ECOMP is a trademark and service mark of AT&T Intellectual Property. +# + +query.fast-property=true +query.smart-limit=false + +{{ if .Values.global.config.cluster.cassandra.dynamic }} + +storage.backend=cql +storage.hostname={{.Values.global.cassandra.serviceName}} +storage.cql.keyspace=aaigraph +storage.username={{.Values.global.cassandra.username}} +storage.password={{.Values.global.cassandra.password}} + +storage.cql.read-consistency-level=LOCAL_QUORUM +storage.cql.write-consistency-level=LOCAL_QUORUM +storage.cql.replication-factor={{.Values.global.cassandra.replicas}} +storage.cql.only-use-local-consistency-for-system-operations=true + +{{ else }} + +{{ if .Values.global.config.storage }} + +storage.backend={{ .Values.global.config.storage.backend }} + +{{ if eq .Values.global.config.storage.backend "cassandra" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cassandra.keyspace={{ .Values.global.config.storage.name }} + +storage.cassandra.read-consistency-level={{ .Values.global.config.storage.cassandra.readConsistency }} +storage.cassandra.write-consistency-level={{ .Values.global.config.storage.cassandra.writeConsistency }} +storage.cassandra.replication-factor={{ .Values.global.config.storage.cassandra.replicationFactor | int }} +storage.cassandra.astyanax.cluster-name= {{ .Values.global.config.storage.clusterName }} +storage.cassandra.astyanax.local-datacenter= {{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "cql" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.cql.keyspace={{ .Values.global.config.storage.name }} + +storage.cql.read-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.write-consistency-level={{ .Values.global.config.storage.cql.readConsistency }} +storage.cql.replication-factor={{ .Values.global.config.storage.cql.replicationFactor | int }} + +storage.cql.only-use-local-consistency-for-system-operations={{ .Values.global.config.storage.cql.localConsistencyForSysOps }} +storage.cql.cluster-name={{ .Values.global.config.storage.clusterName }} +storage.cql.local-datacenter={{ .Values.global.config.storage.localDataCenter }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ else if eq .Values.global.config.storage.backend "hbase" }} + +storage.hostname={{ .Values.global.config.storage.hostname }} +storage.hbase.table={{ .Values.global.config.storage.name }} + +storage.connection-timeout={{ .Values.global.config.storage.connectionTimeout | int }} +cache.tx-cache-size={{ .Values.global.config.storage.cacheSize | int }} +log.tx.key-consistent={{ .Values.global.config.storage.keyConsistent }} + +{{ end }} + +{{ end }} + +{{ end }} + +storage.lock.wait-time=300 +# Setting db-cache to false ensure the fastest propagation of changes across servers +cache.db-cache = false +#load graphson file on startup +load.snapshot.file=false diff --git a/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml new file mode 100644 index 0000000000..4cf6c74333 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/localhost-access-logback.xml @@ -0,0 +1,63 @@ + + + + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log + + ${AJSC_HOME}/logs/ajsc-jetty/localhost_access.log.%d{yyyy-MM-dd} + + + + %a %u %z [%t] "%m %U%q" %s %b %y %i{X-TransactionId} %i{X-FromAppId} %i{X-Forwarded-For} %i{X-AAI-SSL-Client-CN} %i{X-AAI-SSL-Client-OU} %i{X-AAI-SSL-Client-O} %i{X-AAI-SSL-Client-L} %i{X-AAI-SSL-Client-ST} %i{X-AAI-SSL-Client-C} %i{X-AAI-SSL-Client-NotBefore} %i{X-AAI-SSL-Client-NotAfter} %i{X-AAI-SSL-Client-DN} %D + + + + + + diff --git a/kubernetes/aai/components/aai-traversal/resources/config/logback.xml b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml new file mode 100644 index 0000000000..f24e86d8d0 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/logback.xml @@ -0,0 +1,344 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + %clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx} + + + + + + ${logDirectory}/rest/sane.log + + ${logDirectory}/rest/sane.log.%d{yyyy-MM-dd} + + + %d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n + + + + + + 1000 + true + + + + ${logDirectory}/rest/metrics.log + + ${logDirectory}/rest/metrics.log.%d{yyyy-MM-dd} + + + ${metricPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/debug.log + + ${logDirectory}/rest/debug.log.%d{yyyy-MM-dd} + + + ${debugPattern} + + + + + 1000 + + true + + + ${logDirectory}/rest/error.log + + ${logDirectory}/rest/error.log.%d{yyyy-MM-dd} + + + WARN + + + ${errorPattern} + + + + + 1000 + + + + + ${logDirectory}/rest/audit.log + + ${logDirectory}/rest/audit.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + 1000 + true + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/rest/translog.log + + ${logDirectory}/rest/translog.log.%d{yyyy-MM-dd} + + + + ${transLogPattern} + + + + + 1000 + true + + + + + + WARN + + ${logDirectory}/dmaapAAIEventConsumer/error.log + + ${logDirectory}/dmaapAAIEventConsumer/error.log.%d{yyyy-MM-dd} + + + + ${errorPattern} + + + + + + + DEBUG + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/debug.log + + ${logDirectory}/dmaapAAIEventConsumer/debug.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log + + ${logDirectory}/dmaapAAIEventConsumer/dmaap-transaction.log.%d{yyyy-MM-dd} + + + + ${auditPattern} + + + + + INFO + ACCEPT + DENY + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log + + ${logDirectory}/dmaapAAIEventConsumer/metrics.log.%d{yyyy-MM-dd} + + + + ${metricPattern} + + + + + WARN + + ${logDirectory}/external/external.log + + ${logDirectory}/external/external.log.%d{yyyy-MM-dd} + + + + ${debugPattern} + + + + + DEBUG + + ${logDirectory}/auth/auth.log + + ${logDirectory}/auth/auth.log.%d{yyyy-MM-dd} + + + + %d{yyyy-MM-dd'T'HH:mm:ss.SSSZ, UTC}[%thread] %-5level %logger{1024} - %msg%n + + + + 1000 + true + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/kubernetes/aai/components/aai-traversal/resources/config/realm.properties b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties new file mode 100644 index 0000000000..0499b34f1c --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/resources/config/realm.properties @@ -0,0 +1,37 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# format : username: password[,rolename ...] +# default username/password: AAI/AAI, MSO/MSO, ModelLoader/ModelLoader... +AAI:OBF:1gfr1ev31gg7,admin +MSO:OBF:1jzx1lz31k01,admin +SDNC:OBF:1itr1i0l1i151isv,admin +DCAE:OBF:1g8u1f9d1f991g8w,admin +POLICY:OBF:1mk61i171ima1im41i0j1mko,admin +ASDC:OBF:1f991j0u1j001f9d,admin +VID:OBF:1jm91i0v1jl9,admin +APPC:OBF:1f991ksf1ksf1f9d,admin +ModelLoader:OBF:1qvu1v2h1sov1sar1wfw1j7j1wg21saj1sov1v1x1qxw,admin +AaiUI:OBF:1gfr1p571unz1p4j1gg7,admin +OOF:OBF:1img1ke71ily,admin +aai@aai.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +so@so.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdnc@sdnc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +dcae@dcae.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +policy@policy.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +sdc@sdc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vid@vid.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +appc@appc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +oof@oof.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +pomba@pomba.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin +vfc@vfc.onap.org:OBF:1fia1ju61l871lfe18xp18xr18xt1lc41l531jrk1fek,admin diff --git a/kubernetes/aai/components/aai-traversal/templates/configmap.yaml b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml new file mode 100644 index 0000000000..08bd2b3cbc --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/configmap.yaml @@ -0,0 +1,64 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaiconfig.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/application.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "common.fullname" . }}-aaf-props + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.osaaf.location.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/permissions.properties").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.props").AsConfig . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/cadi.properties").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.fullname" . }}-aaf-keys + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.keyfile").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/org.onap.aai.p12").AsSecrets . | indent 2 }} +{{ tpl (.Files.Glob "resources/config/aaf/bath_config.csv").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/components/aai-traversal/templates/deployment.yaml b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml new file mode 100644 index 0000000000..a864ea9de4 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/deployment.yaml @@ -0,0 +1,812 @@ +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "common.name" . }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + msb.onap.org/service-info: '[ + { + "serviceName": "_aai-generic-query", + "version": "v11", + "url": "/aai/v11/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v12", + "url": "/aai/v12/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v13", + "url": "/aai/v13/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v14", + "url": "/aai/v14/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v15", + "url": "/aai/v15/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v16", + "url": "/aai/v16/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v17", + "url": "/aai/v17/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v18", + "url": "/aai/v18/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/search/generic-query" + }, + { + "serviceName": "_aai-generic-query", + "version": "v19", + "url": "/aai/v19/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/search/generic-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v11", + "url": "/aai/v11/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v12", + "url": "/aai/v12/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v13", + "url": "/aai/v13/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v14", + "url": "/aai/v14/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v15", + "url": "/aai/v15/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v16", + "url": "/aai/v16/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v17", + "url": "/aai/v17/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v18", + "url": "/aai/v18/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/search/nodes-query" + }, + { + "serviceName": "_aai-nodes-query", + "version": "v19", + "url": "/aai/v19/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/search/nodes-query" + }, + { + "serviceName": "_aai-query", + "version": "v11", + "url": "/aai/v11/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v11/query" + }, + { + "serviceName": "_aai-query", + "version": "v12", + "url": "/aai/v12/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v12/query" + }, + { + "serviceName": "_aai-query", + "version": "v13", + "url": "/aai/v13/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v13/query" + }, + { + "serviceName": "_aai-query", + "version": "v14", + "url": "/aai/v14/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v14/query" + }, + { + "serviceName": "_aai-query", + "version": "v15", + "url": "/aai/v15/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v15/query" + }, + { + "serviceName": "_aai-query", + "version": "v16", + "url": "/aai/v16/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v16/query" + }, + { + "serviceName": "_aai-query", + "version": "v17", + "url": "/aai/v17/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v17/query" + }, + { + "serviceName": "_aai-query", + "version": "v18", + "url": "/aai/v18/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v18/query" + }, + { + "serviceName": "_aai-query", + "version": "v19", + "url": "/aai/v19/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/v19/query" + }, + { + "serviceName": "_aai-named-query", + "url": "/aai/search", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1", + "path": "/aai/search" + }, + { + "serviceName": "aai-generic-query", + "version": "v11", + "url": "/aai/v11/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v12", + "url": "/aai/v12/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v13", + "url": "/aai/v13/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v14", + "url": "/aai/v14/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v15", + "url": "/aai/v15/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v16", + "url": "/aai/v16/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v17", + "url": "/aai/v17/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v18", + "url": "/aai/v18/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-generic-query", + "version": "v19", + "url": "/aai/v19/search/generic-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v11", + "url": "/aai/v11/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v12", + "url": "/aai/v12/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v13", + "url": "/aai/v13/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v14", + "url": "/aai/v14/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v15", + "url": "/aai/v15/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v16", + "url": "/aai/v16/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v17", + "url": "/aai/v17/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v18", + "url": "/aai/v18/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-nodes-query", + "version": "v19", + "url": "/aai/v19/search/nodes-query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v11", + "url": "/aai/v11/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v12", + "url": "/aai/v12/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v13", + "url": "/aai/v13/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v14", + "url": "/aai/v14/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v15", + "url": "/aai/v15/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v16", + "url": "/aai/v16/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v17", + "url": "/aai/v17/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v18", + "url": "/aai/v18/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-query", + "version": "v19", + "url": "/aai/v19/query", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + }, + { + "serviceName": "aai-named-query", + "url": "/aai/search", + "protocol": "REST", + "port": "8446", + "enable_ssl": true, + "lb_policy":"ip_hash", + "visualRange": "1" + } + ]' + spec: + hostname: aai-traversal + {{ if .Values.global.initContainers.enabled }} + initContainers: + - command: + {{ if .Values.global.jobs.migration.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-migration + {{ else if .Values.global.jobs.createSchema.enabled }} + - /app/ready.py + args: + - --job-name + - {{ include "common.release" . }}-aai-graphadmin-create-db-schema + {{ else }} + - /app/ready.py + args: + - --container-name + {{- if .Values.global.cassandra.localCluster }} + - aai-cassandra + {{- else }} + - cassandra + {{- end }} + - --container-name + - aai-schema-service + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + {{ end }} + containers: + - name: {{ include "common.name" . }} + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + env: + - name: DISABLE_UPDATE_QUERY + value: {{ .Values.config.disableUpdateQuery | quote }} + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GQ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/aai/logroot/AAI-GQ/misc + name: {{ include "common.fullname" . }}-logs-misc + - mountPath: /opt/app/aai-traversal/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/etc/auth/realm.properties + name: {{ include "common.fullname" . }}-config + subPath: realm.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.keyfile + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.keyfile + - mountPath: /opt/app/aai-traversal/resources/aaf/bath_config.csv + name: {{ include "common.fullname" . }}-aaf-certs + subPath: bath_config.csv + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.onap.aai.props + - mountPath: /opt/app/aai-traversal/resources/aaf/org.osaaf.location.props + name: {{ include "common.fullname" . }}-aaf-properties + subPath: org.osaaf.location.props + - mountPath: /opt/app/aai-traversal/resources/aaf/permissions.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: permissions.properties + - mountPath: /opt/app/aai-traversal/resources/cadi.properties + name: {{ include "common.fullname" . }}-aaf-properties + subPath: cadi.properties + - mountPath: /opt/app/aai-traversal/resources/aaf/org.onap.aai.p12 + name: {{ include "common.fullname" . }}-aaf-certs + subPath: org.onap.aai.p12 + - mountPath: /opt/app/aai-traversal/resources/aaf/truststoreONAPall.jks + name: aai-common-aai-auth-mount + subPath: truststoreONAPall.jks + - mountPath: /opt/app/aai-traversal/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + - containerPort: {{ .Values.service.internalPort2 }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{ if .Values.liveness.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end }} + readinessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + # side car containers + - name: filebeat-onap + image: "{{ .Values.global.loggingRepository }}/{{ .Values.global.loggingImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /usr/share/filebeat/filebeat.yml + subPath: filebeat.yml + name: filebeat-conf + - mountPath: /var/log/onap + name: {{ include "common.fullname" . }}-logs + - mountPath: /usr/share/filebeat/data + name: {{ include "common.fullname" . }}-filebeat + resources: +{{ include "common.resources" . }} + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-misc + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-aaf-properties + configMap: + name: {{ include "common.fullname" . }}-aaf-props + - name: {{ include "common.fullname" . }}-aaf-certs + secret: + secretName: {{ include "common.fullname" . }}-aaf-keys + - name: aai-common-aai-auth-mount + secret: + secretName: aai-common-aai-auth + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: {{ .Values.global.restartPolicy | default .Values.restartPolicy }} + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/components/aai-traversal/templates/job.yaml b/kubernetes/aai/components/aai-traversal/templates/job.yaml new file mode 100644 index 0000000000..4d6b0ddc66 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/job.yaml @@ -0,0 +1,142 @@ +# Copyright (c) 2017-2018 AT&T +# Modifications Copyright (c) 2018 Amdocs, Bell Canada +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +{{ if .Values.global.jobs.updateQueryData.enabled }} + +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "common.fullname" . }}-update-query-data + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +{{ if .Values.global.jobs.migration.enabled }} + annotations: + "helm.sh/hook": post-upgrade,post-rollback,post-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": before-hook-creation +{{ end }} +spec: + template: + metadata: + labels: + app: {{ include "common.name" . }}-job + release: {{ include "common.release" . }} + name: {{ include "common.name" . }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - aai + {{ if eq .Values.global.aafEnabled true }} + - --container-name + - aaf-locate + {{ end }} + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }}-job + image: "{{ include "common.repository" . }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + command: + - bash + - "-c" + - | + set -x + if [ ! -d /opt/aai/logroot/AAI-GQ/misc ]; then mkdir -p /opt/aai/logroot/AAI-GQ/misc; fi + until nc -w10 -z -v aai.{{.Release.Namespace}} 8443; do echo "Retrying to reach aai on port 8443"; done; + bash -x /opt/app/aai-traversal/docker-entrypoint.sh install/updateQueryData.sh + env: + - name: LOCAL_USER_ID + value: {{ .Values.global.config.userId | quote }} + - name: LOCAL_GROUP_ID + value: {{ .Values.global.config.groupId | quote }} + resources: +{{ include "common.resources" . }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-realtime.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-realtime.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/janusgraph-cached.properties + name: {{ include "common.fullname" . }}-config + subPath: janusgraph-cached.properties + - mountPath: /opt/app/aai-traversal/resources/etc/appprops/aaiconfig.properties + name: {{ include "common.fullname" . }}-config + subPath: aaiconfig.properties + - mountPath: /opt/aai/logroot/AAI-GQ/ + name: {{ include "common.fullname" . }}-logs + - mountPath: /opt/aai/logroot/AAI-GQ/misc + name: {{ include "common.fullname" . }}-logs-misc + - mountPath: /opt/app/aai-traversal/resources/logback.xml + name: {{ include "common.fullname" . }}-config + subPath: logback.xml + - mountPath: /opt/app/aai-traversal/resources/localhost-access-logback.xml + name: {{ include "common.fullname" . }}-config + subPath: localhost-access-logback.xml + - mountPath: /opt/app/aai-traversal/resources/application.properties + name: {{ include "common.fullname" . }}-config + subPath: application.properties + {{ $global := . }} + {{ range $job := .Values.global.config.auth.files }} + - mountPath: /opt/app/aai-traversal/resources/etc/auth/{{ . }} + name: {{ include "common.fullname" $global }}-auth-truststore-sec + subPath: {{ . }} + {{ end }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: filebeat-conf + configMap: + name: aai-filebeat + - name: {{ include "common.fullname" . }}-logs + emptyDir: {} + - name: {{ include "common.fullname" . }}-logs-misc + emptyDir: {} + - name: {{ include "common.fullname" . }}-filebeat + emptyDir: {} + - name: {{ include "common.fullname" . }}-config + configMap: + name: {{ include "common.fullname" . }}-configmap + - name: {{ include "common.fullname" . }}-auth-truststore-sec + secret: + secretName: aai-common-truststore + items: + {{ range $job := .Values.global.config.auth.files }} + - key: {{ . }} + path: {{ . }} + {{ end }} + restartPolicy: OnFailure + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" +{{ end }} diff --git a/kubernetes/aai/components/aai-traversal/templates/service.yaml b/kubernetes/aai/components/aai-traversal/templates/service.yaml new file mode 100644 index 0000000000..68d767b380 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/templates/service.yaml @@ -0,0 +1,44 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + {{if eq .Values.service.type "NodePort" -}} + - port: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }} + name: {{ .Values.service.portName2 }} + {{- else -}} + - port: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + - port: {{ .Values.service.internalPort2 }} + name: {{ .Values.service.portName2 }} + {{- end}} + selector: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + clusterIP: None diff --git a/kubernetes/aai/components/aai-traversal/values.yaml b/kubernetes/aai/components/aai-traversal/values.yaml new file mode 100644 index 0000000000..e7ffdb91a8 --- /dev/null +++ b/kubernetes/aai/components/aai-traversal/values.yaml @@ -0,0 +1,118 @@ +# Copyright (c) 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for traversal. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + readinessImage: onap/oom/readiness:3.0.1 + + +# application image +repository: nexus3.onap.org:10001 +image: onap/aai-traversal:1.7.2 +pullPolicy: Always +restartPolicy: Always +flavor: small +flavorOverride: small +# application configuration +config: + + # Specifies timeout information such as application specific and limits + timeout: + # If set to true application will timeout for queries taking longer than limit + enabled: true + # Specifies which apps (X-FromAppId) header should get overridden and (-1) no timeout + appspecific: JUNITTESTAPP1,1|JUNITTESTAPP2,-1|DCAE-CCS,-1|DCAES,-1|AAI-FILEGEN-GFPIP,-1 + # Specifies how long should it wait before timing out the REST request + limit: 180000 + + # Disables the updateQueryData script to run as part of traversal + disableUpdateQuery: true + + # Override of the DSL Timeout Limit + dslOverride: 'ZV4V7E3N77SKIB6MR9MHQ6M4P6Q99Z7M76RBODA' + + dsl: + # Dsl timeout configuration + timeout: + # Whether or not the dsl is enabled + enabled: true + # Default time limit of the DSL query + limit: 150000 + # App Specific Timeout Limit for each of the X-FromAppId + appspecific: + - JUNITTESTAPP1,1 + - JUNITTESTAPP2,-1 + - AAI-TOOLS,-1 + - DCAE-CCS,1200000 + - DCAES,1200000 + - VPESAT,-1 + - AAI-CACHER,-1 + - VidAaiController,300000 + - AAI-UI,180000 + +persistence: + mountPath: /dockerdata-nfs + mountSubPath: aai/aai-traversal + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 60 + periodSeconds: 60 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: false + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: ClusterIP + portName: aai-traversal-8446 + internalPort: 8446 + portName2: aai-traversal-5005 + internalPort2: 5005 + +ingress: + enabled: false + +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 3Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 4Gi + unlimited: {} diff --git a/kubernetes/aai/requirements.yaml b/kubernetes/aai/requirements.yaml new file mode 100644 index 0000000000..af99382bdc --- /dev/null +++ b/kubernetes/aai/requirements.yaml @@ -0,0 +1,69 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +--- +dependencies: + - name: common + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + - name: cassandra + version: ~7.x-0 + # local reference to common chart, as it is + # a part of this chart's package and will not + # be published independently to a repo (at this point) + repository: '@local' + condition: global.cassandra.localCluster + - name: aai-babel + version: ~7.x-0 + repository: 'file://components/aai-babel' + condition: aai-babel.enabled + - name: aai-data-router + version: ~7.x-0 + repository: 'file://components/aai-data-router' + condition: aai-data-router.enabled + - name: aai-elasticsearch + version: ~7.x-0 + repository: 'file://components/aai-elasticsearch' + condition: aai-elasticsearch.enabled + - name: aai-graphadmin + version: ~7.x-0 + repository: 'file://components/aai-graphadmin' + condition: aai-graphadmin.enabled + - name: aai-modelloader + version: ~7.x-0 + repository: 'file://components/aai-modelloader' + condition: aai-modelloader.enabled + - name: aai-resources + version: ~7.x-0 + repository: 'file://components/aai-resources' + condition: aai-resources.enabled + - name: aai-schema-service + version: ~7.x-0 + repository: 'file://components/aai-schema-service' + condition: aai-schema-service.enabled + - name: aai-search-data + version: ~7.x-0 + repository: 'file://components/aai-search-data' + condition: aai-search-data.enabled + - name: aai-sparky-be + version: ~7.x-0 + repository: 'file://components/aai-sparky-be' + condition: aai-sparky-be.enabled + - name: aai-traversal + version: ~7.x-0 + repository: 'file://components/aai-traversal' + condition: aai-traversal.enabled diff --git a/kubernetes/aai/resources/config/aai/aai_keystore b/kubernetes/aai/resources/config/aai/aai_keystore new file mode 100644 index 0000000000000000000000000000000000000000..d1ebae8e23f6bf764d9c830e01c5ab3a7aac4c63 GIT binary patch literal 7544 zcmeI1XHZky+Q*X+IwTYcy$VPtlu$&9C`bqC9U=q-Dbl-0kY1#Uf`Al(2#84URX~~` z3WA{>0g)0RR99cY(j( z!S1fEo&W&Qq2AJF4}fnhgn&x}0QibPat!xO(V0puI{EACDu@5AcWI&CKz#nwM(&!0G;R6J##eA%Tz50 zCZ{MZ8)>-Jj-De2hvJFdmA1dQoDzPR?mjZ6XFQh8ZLsc^>(TK+r-nR} zpAua+YhNne(~2}KY^w5)jc7|cg`%ov#&t%^W7rBi6dL>04!8nuucMRwE}uun%RXqQ zdZuk4!6>M4P~P8~!u3@#bc-z9xGlWKk9Een8gchHm-70cQjw%n#YEw#(VRA(oyG`4 zYO#59?rQ=1(Jq5dyA#3CBq;4%G5|lps7H0GMY3N5YwL zDaZ@~!@%eC48%6omxr#GxA~^G@rVShFRiM=Sd+-a{V(=L1R-c}NoDlaOHbZmaer2BYX(56hFo6ot$lw5%PRaI-hCx!i18lYgvp z`^|{xru%kTXU=M0rh21)!O{%niDGe#y*{;< zc-U5QA6=ua5)=MpH*GC{>1shfhTVvIxY=HD{^k=PX0P|tgnV@?@BX0rlX2q*x;dH4 zT9W|g(wwi})-{WCH_=SPqZf_VGZow(ebWybnst9!sAzBauD#@=~v>eh9XiG7&D;3xUu;~TL?m#B8=0#DRS2Ft_F>n7wO+L`LH z0p8FrF#5pHnd@)I9GGam!oTB{%)!MIX9n{w5HA;8jXQQbY!O$n9NXbxrL@&GWu*_;^#?rV=HIb5uCgGe5x!e3uHdTla29 z_k099$cc_M&x+TfGrq-Um{oH|{FeBpu~jXGnC-H>{QbAAnR(0ftJ<|Wa~uPsbotjj zm@<>1X1j0otu_qs>-i0S7$!wd-eS~3fRv{_aTLThXK;7J1@pA_`m z2}-eoYix;g#!0@){A-W3NU7#rcgUjelF2+*G-&yJh+e|j8Ek&RwkFNXSSXIVlSt3K zrhm}K6RFnUsI2NRWoleJY~w3~QJJ_>0vUS@0jg2ryZZYrn7Hy=XTKJ8ZgoGLXZiF2 zT1{L9x9UwH|3RLRaCk`QU)U3}`^b!41=E|AmS$g;^PzI0sr^~`YEZt(+NuLp3W9mW?!?$G3*~+&S&S^ z9_#5Q6$dOjj4B)+bRx=$dvCr@5yPT_?DeI|mkF}4>CJ9^lwa86b8zvsX9X*?tCLga z1!*-_O}BR1WlPsUL4x#fzTr{BbzOCKbtUoyL&v~(Y7W%p=GopqWB?8(?Daw>Vwh;mQWjIcqs%N|@{YFjX5 zw>C>P5p5D3tk^b_b&(Vqz&>ofUnajmNUP^5+Ldqm0197n?OnOyA2JvXZ|*8FdUYht z%hPgsbt8&l_%%K&HhWW6vE6Qd>7z@oM^3WfzzG>CRqR@X(1>i8vXQ`4qvdvDU_+=* zT2i9&1$IKq=vyft8fjRF_J%#2B_4-^N3|49}LDck>kvu?A%ec%}1^DC(VOB%xL~C;+Rs2)A zSLB=A=10YDIH}3*Wh899(yS%qUUgK~jbtG%%?0U=xL+Cf7mjVqhF527XmfMfDm0Qi zeR!`^y*pnmnI;^eY575OC`}tSCVDVAQ5-T%KWUIR7)=)wfg!M=)jAL|n??2R!cWzx z-L^bk*m`PI(TQ1#myM_CTCQj;2>P)gJHFuP1O!kZkq!#DOUTs)d0WWU-5%HICV*(N z!zn=AW(FVO5{(3xPhcP)h!Tj?S70=FF(p%WhxS#m_NZ4mK||M-He08XD_`jaxxu38 zm5Bo#+pz$qV#&zL9eKcF3g%IkR&*(m*+}Pacij}lXg9Aed`cVw3Y@p}sn;vmEP-u6 z=PnhjVn9>3U%pMR7m~!hj2~lD54gn^^iaK{=^9|0&D2t;yGLxjO}IKl%zl?Sde5Kd zxw)G+d!`xKyGYiS*DL&JSDU#yc<94=X*6WYC}#p!^LLZDC(?u-k_f0P;I&$=rY}f*IHoYP&dC_c8G(6Ibb( z=dE$^;(66E_pK*aCJaX8DPu(esths0)Im zpJG+CA5`5F&uE4ZNYWNpy7_eM86M{iz4u+dpTXuzZYn&4SSt3AX?UG5(xh;Yd#u{Y z)CHYJwxPGVuEkO2^*Dv(PAF#}N3UHsMjzyj;{IlpFI~M!NVO)k%1+jiwy1Lx6e20bRB69D2Lgx%KWSL(VVk37hNHp+7Vy;ro<93Sw}Ul6YAcb z&t|QQYFLwP4C+i?#MBB2;MLfPc|YE70<00s2Q}6b-(jXleApMH%?pe^$!H=N;7I?Z z6zTntT~|^|b9|$ac4AhT-vpxga^AeIAVy!P{Cxx=Euo$sgG2cHC9Coy|6-Y#6B5%> zlLDPrrJ2dYj0b(EX{}&-Y5s_<-B@Mru~4Fk^H)RcU_2bSc|wVMRZs-*~A@ z;%kl$*L4=;!pJObwL_ejw0^XCS7QU7>`;Jat=HjUOB8}> zCHIbzQf9}&*U$60Wmp5IrNI|6ej_K=%51;M)2hX{lQgs$hs<%vq&f~`cKeh@dfQ9l zKUg6XDic3GIH|daNkfb=ph9#(P{IqUqazRX7WyZy2&`EeCTOam`|XH7ZnqEEfyHB; z(1~xdh%zYF0+(3_rG>#%&GO{aTqk{WrFnNw3@bfq!KInXmk$d1M~S4b(&0H{J2E^T zyDx;lE}>c7XXxIPf7_*i^4es5HHmnBQDFF0Y5Gx31Y&QUcgO@@x``TIQc8WGX))01 z2%UausW0`!7(1Xjp&VSnTvH)igy-aWf@DCm9fimgva2_-CuokJYIf)m7!=#bnK&5$ z@Gj)LMpZbHT)4Fd#8Y-Pmng0&dPOr5O8Q>RQy9)6o1x1zM`Iu*olkJwKsF&x$k+`w zoj!^XJMz&NQ;ec{%oY9=V@Sf;_J-QX0VI493}2fu?QF1w89Ng!G$LBZ{wMkUXA z5lRszl{+~!EVAUO`U2w)g(kKLi|}WKO-Z_k(uKnoh5?~(gk;Ig{C1lmMSON#9o+%8 z=JL)5Dd8OVI2mXp-RknXD3Lj-v%9@=t# zMxp{0#gbk}^Kzex8^9*}9c_XKhL56*(~@EL#SdsNThni6I3m((d$K9M<)!Z*q5KYn z1w5~ENPM1AyuGOVMg4=h!AY$4+Qkq?J~FW}GZpW~d$6kC1dTdI%yJz1J;(1B56ZfH z_B4!?%OE;RuY86GBW2xxGWWZ$M1u%%${p`}d4ri641xpxQI_G)z}e2E8`qgj{8!3M z|7^s0uqIsn?zvyd!yI_N(BCrwXq<`o)9#-7nn0>=(7w%pCy){2MXzK zb5qb3>52TV8qieVTW{kg@Dsd&dj_W@(2Te?A>?fbArA*<+(fo0XV*U@2Ab=v6Xk^T z@N}^GG26c$X77%2c5-m>K)HLP+XN<}VJWP2&&hF7`-}15VMrz_+u(C%Sw& z&mA@5HVHMLIaCE*Y4_|nj3Ek6SQ3Ycj{fnjkK4!s1|N`++AWOayqKL-AI)C!w}y_s z&emQ~37rV#cwr>bu@>J7yFg4473~w-L(|bTaJ6Y^r0UGcNP)4t=?Y7^WnP!EIy=>; zY2%#Wpma}NcG(n?S2-V@Og5=`)ip=fY@KSdcJ1Pd#_OZv&snjvQ1s-^MS(tW)}fq4 zxelV39T}%jmw5|q``-146mQhgU#HW+ECc*6L1%NzizKWG)l=i1>1ZVGQ3{eB+AP|9 zfNm~&dJT-!ca*#*AddX6$NjIz{jbOUugCp=_P8Jbfvb}(u735s_GTS8`zM!-acWK< zcY7>eKy?Ek&?HfVmqgd;3=NVSui zd`XT=;~o)tt^ryzchxs8IbMIr)4Ipa=d#@wLeH^y-q=A4M$(#sKIJjL9-YOY6CR%dUZaW+dDOh>f03S?vg5hC|+Od>hM$ct=ZS)G+JV^?bP= zmhVvAO{&AW8_%;yhd1mN?(RbJ<(9^7B-gWg?h%>YnD$RCkUN{qcF%VnC@|TysRdhU zar7#M`7PMklm)I=bl=d}0G-=u?C7Ip3);G67|ntY8YK)|jo$rHd$WVv{zV2cyfbpY ztu|thS)Rq-5P2Cfbh7^J|5ADTN#gyw@Sg%5);Ow*(YCq}TdG2Q*N0!DRfEz&Tgkge zd8JCWcuEV>7rTy)YO=b+&OwY~1Y%CKA*Vjh3ei07bPU`631fG%1Iv$hS!yWeNDnpc z>mNfq*T|kQr63{O&+m-ZLoNf|%I@9!;+}Cz^!e*2eiC%RydeG*qmn@G(Y)Lt*KC#q zIR9&+fZew6{h)%kq{n4+b+K>8V-h7=7}~DA+iCHmX*ToU+YTcL8N2#LnwdD0mA-r5 zkfKuLZM(ctz-SR?f6VaB54_W-U*ALabwFgxYBL|wm&lqj_Ky=?j;Y(e;446D;)x@%YcPcc745D0fCLWS&>GB^ zbbi=o>Ng&52{yLA_GEJ1BM;2&V+!ucmk(cZ3MMj?2>~g?(=ZeYRH5SQR3&T6D%7or z$vZ+M#k?c8dJCzW7}~M>*Tj{IY*s_A$80UJ seG~V;#9VC`lrdrQwR)RA>S literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/auth/truststoreONAPall.jks b/kubernetes/aai/resources/config/auth/truststoreONAPall.jks new file mode 100644 index 0000000000000000000000000000000000000000..ff844b109d97cf4c452c1a275c50ca5e8acd59af GIT binary patch literal 117990 zcmdqJ1z1&U*ELLccc+xp-ZV%^halb3-JOD@grtO&G)i|%OP6#@r+|Qj0fOHG3_RyN z&v~Egf8X=J-{&P4tj*qg-J3PXm}8E6&UNwr;ynZe1QhUPb@iRV)x^=l$->Om$lAck ziOr17$bdrI(%4D|0s>O)wRC471gr)NCx{mU0vaCV4-F0Shq8vkgs5lL9|%d$^prrX z)3&#MQVK$aL%ba%74!)e5)u{`0_4{QMg}3mL94>RVMD1ZgYiMQmj_7LXllUul!5ax zQApbwv4HtOe3!pK#%342TmS_dg@TKrwS^Idf}@3vfuje7sEMPqg{g&+fwP63Erqa) zv$>t4g|i0*Gle7@m=DBr{c1415d#I7mzRg)_xA^$CSm7DVQ~F2PZMJb7bg=6J6mfH zFgb|y`n7mJUP7Vb=;Gu|ao@z*&CbyZM23&b%LC#B^MJ1YY2l-?@qlO(N)n#N`BjbV`H|&*u`}C4YSlT+?Pf zrJeyYCM-3kI!Ftqfh6+cvS%e8Fo)Q@Z4VP)Auw&d4#Z|Euy}`f+?@}VBl4PBUS|3L zE$a+y-Me9zLWi`8WIBX z=JJ5Rf(F**$nwQ!j6Ku|#& zLckDiHWrDQydSI+(m0DKSI-w?hQ&SHNB)N4oL+6Hq-XkweElu4xCin;moidngbvh9 zzUBgy*2nnUXc0UzPo%pVyP$dC^;BmcA=<9^=njihpliBfOlI6VU|!%lv}WMV76IJ_ zp#y&=Qfx@bZ!oYRXy6+N?eYQi%Lib93l((552R=?crZBq!%g|iiLi>9a@<(~9&aK@ zZ?6U3ylT*95FleH5KWGsIFuFEJr`&B9_m&5Ll?&duh4^`r;Y|`x)?EhHwuZTmC+V46VwF!ca=XMT^ryF?wvl$F?& z&}a>7SVWzqH!+5MN#0Gr$Kbyt@4utaKkzdUY5xH~^MJUn)7T7;`$eH|6l(3{2{4sUb0Kp_J>4=02l@d${!LEqT7I5w;YmV&TtAh z<(r09I5qX8e&o}s=)?fe4Glt`@Xn9x#*eGA9M0Z1)z1#fK~(iHJH6<(aEK@8<*yKf zf4+rwDksxHxyWD;#YSb|-x*A98}6ltN1-S-VlS`0y-Kn=;IXGMjrO`yJhqi-GZ~-p zAq2OlFuVIQ`^pgpkxwvF^T(4 zhD?^hpWqd#m4jqe6OqWks}=e@(6VMIu!>sy>ci5n2=}QxFl{m8fDnNdve+P0n zkPRFHBOIVv;2}|93_yCBIvLs^O^`ZB6%P>*AZ8}4W)`L(N)R~+9^fZ5Xec5WoT&9N zqM)LPNUQcCU(0bR0;Y$AEFc;@YIA32dp=fHYdbSLmLCwkq-0iCr>n;<-|13wTysi| z+o^?=WV$le#OrN%HdpwO1bD)mmlZ%Fa9JTCWIlf`gWg~=d$<ws{{)H_B;$zNRA;-8kgH5Mf|m#={-yZqwSw9v|5kC(sHEc#&7Unfhd z87;FPjYm(eRf2Kmr@(_^J@7%G{lsXsa+R|87Vo=rTvLf-V$5MVr)+PDF9PrL^bE&8 z2z_31R%awg^{eWjpN&g+VZT#E+6<3*Fflj39)2*vRu-_Kz7o~aoLSH!Kw3S{vprSz zfKT31D5}-e+Nj{&Ob*_$-$*Y8wpoheP z!N!67VWR=UbN^0wuqnjqX_1s{E4=Vcxo$2GZvL530Kzl;o$vnhoD0OqHCGY*%(+)u z640C1376w<6Yf8;27jnO69?2KaX7^7n zd@`;1dYK_tK%>w#d9dUmaUg03i2R5+hX-#*tt-KXw6MbCun%)|O>YvGUkP1_yekd& z#iQo*e04lcRmW2ESo_x%uUwKWo!H_=FvKue7X6Rl12>%S*f^{(qY&>=O!QKa8Zj`x z+10(@6Z@IcAcbQGwo7+co2YT8cWAJPtcu-+jj{(=}! z?F&`?h1sU&V4QB-K85t6lpSv@A%=F*aW|de1B)fI-)%vd(vr@3y^)_`HlIV+m?_U& zjj4hE>DB{@DC19U79p;Qt^%4mBCf%q2^OAG2TNI4#HPv4eGB)DYm+T{<@XJlL8=^S`buZl@m(k-;C`l_+7-&MR*U^*|C7qjTi)w^j z7CejeB7}My$AmGlwAV2dcEFu|j(Ajvi(axWLPookdL0ysR(9ouL1FT*C&l$rDZXZs zb+$%jl|MqFO*&b#U`-@tKAFj{AYCWECeHs*8|_Z5`j0y37|SlQm+sCVIDoRN+MFYxJFl#3T!=?zY@K^BlUjsbA zb)lYt)CM99>)C@@6v9&@&y8ocX*0ucrep~#6oefFgyih0gHUAN`i%~-#RZ}wASRH= zx9(X{IDI7rXX<15H*G|P>+6b<*C3D=3fC>U#p6_aP;N?AEw z5wD|GwuZAaQ}vOkmKCz4*Ycnp&B-%N7$sYIFB8^Cd@d=2x@czls6tzK_|Dq#onsiI zcl)nZAQUs6-0pqjJ}|Kz3`0=)rc^ql^e85&rgFmoee^NJrUKC#aeOLaX8rT>lyV5N z{b6)@5$j&0#y!zfK8F`QaayiZndn>)oABCHLQA&!Eqp^I1E zstL8xZZsdK-U?I9Qu}i7(l=w0tg;auUD<`9U>nhXU+|Fl`sLK$XYH5JROrQg6z0ZpPP@-O%?t zga3CaR=`o<{jWO;;vmuMEWrO$v0j@R;QzqXxGK$fdBGqM@c&0?#s%UAbN%!k{$KjA zf2U>V1IO#DzT{3H!MHzP5O`~ijW^>te@oG{wVPHGwFnO3b=(L$`9T0Dxh-+eLV+#r zeHFU>4jZCfB?z@#Wio* z2noZLt!h4z#f4Z@NJ*;#S1iar5*7v#it1Vue0^*k zb2cro<4wprV)@TKqF}}a<+nejy%{v~k~e|+_VlreQ};KnPeIJP!@Ba{Fw-63ChLek z$fDAktcdxNb*Hb+Zz0X@zM$~6Fwc~Kv}`p5FMJvh*~l|r#)4UHRUtBv-1tR`%0q?_ zy@EuL!geoZD1``sgkCB2sY2eh};g4~~9P_PqtTXAVq< zb2a2S`$BtHbb@bTY+`#Q3GJ_3!{69MYD@Sho4{HElF$@jll$K#ArhpBFJN(sQx8da zUB1;#M!Bqk<$fm=EWoF@@-GpkfiqrdJMe7~{WaVve?ImD=gKBV&VcQBrTs*ODZp3i zj|1>mxWL?;?CflpcFWDf|L)WMozSbHiu;-)Rk|f**ex^^h^HITNZ$WH_nVMkS?!Si#YiT7cKO<11fJ4078%sm90kqR-qtpOxY#kBRfE-9A3M{37`JFs#nQo4!$p{TKgd2NWPo-MNe^m zJVg$eUR^_LErK|?Fbx&u5Q&|aiWez?&PGbgpig#Dd8AaS zQ7pZX)hfVo-^F(pj-6PiXV$1oZm`G{JUFr-7>vQST%Y5)udh(i-}h2&iMzCr1Dls- zi`R55(X#+6@wujHkYMqLvOYmL^oIwS_qa2}Y##RKg*zNiR6pe!IKb^Pmom* zD390lg7s#moPcP7G|SR``0~NwC#nz8sIhYeVv42%-mcI)mU*{%2oqdUt)3WsY5ch7 zdT!4+&%pl~iA-CBButG}m6#-xrMeq$<8uLjOr%8(WLtGmYA8A~Pn^ou_S-Z8nnq>X z_Y;M@1)XFl&4ru=hHe`f(oI(RIo~TfpOBb)s)? zVf-<~IhTH0m1vg>qI5r`*Yi`K5QnuLao5NYEd|(*D3dpE9~CQ3pkloD7HN&zYfVO& z5T1O1MrmQ|Yk-E^S~t`wjiofu%r`L3!UMa&c}{Lu=WCuQAeYg1*JRYm>m+OjDPCw= zh}wo|$Pj$aJ6=kf3){!{i zb}fK?u--1)q?B%MrMtMx7E0Vne$xU=pd*LNkC#lS0FzviY-bXtq{puTLr>FcY5;yz zzvNO+l;=0;h+o+W4d%pjch6dS2MYJ`UDR0Qe?|9f#h1foHF38Uvco zk5NocJJ?uXB*LzJMmEF4>+-K-BmDBE-s3I#;7(~F+C1@`_?qV?)JnY0SBnE>3xjwU z4`f}{4IYxXd`)D^FkHw%(03J5i7}5f`dwQ-Jr0CI-8NzP);C}9c^x2iD5xR{qJ z^@wjq*_GUj|DBz`Z#5wRTTLoIwwmCv(Uc9Wohf7utV}3GfgK|-8HnVX!*Ny2O(;~A z#g$Z)RFzeJ?Dv4b7xBp01mBIEOKbh|Gh8K@D{q|?M0`#8II1f5nJ?c$;_~w`%U^xK zOP1&51#yFT!947M;Rvui`1>ITh@A`AG5TM+?!OaZZwmZ`va=1`3&0Sn@tA3J=;S1e zd@26spjH_J(hsa?r_COpUQq9=Dn1JwoLjB86$DQsQJ8ff&$PttNWut0y}6yG6AXj+ z5tK^sB%z{!>vTpPt}a99qcdS zMO7%pPGydVX2P?yEJI?6kP$6U$8*dXd(eM-#e(^IeM>t=>P!;(we@TBI#pOoLEO)nS5-#ZNwxqLA>%pDLA78#rw>_On~p=RW0{d=gf{#Agn08axk zT)qbl3>ApthjR%H{qrXTI3&Q$gn{(uMuLX<18lC`LUo3sjAL ztF`XVQ@-eIJJMs4?UB^7*xoweG~V7pa-f@0K2>6%W_?)NurRbSkJ=UQ(F|W%EbyShwwdz?9j(Q-%`~(;J}kM6;zPu zHFDqq8`c@tA1N1GS2Jc|6%fiJ&gyQ)c17YKTpWOW2{M8n%k_9qg+X7~PJBwmD~e&t zpk9CeREa!p5kJnUy|S&%0hR*7y$M^1G*564g1qO7oCwWK?5;rla|7jfZX$O7$xX1< zfN(SigrmZ>aD@EhjwDF@cP_#M;apM#5;m%&iQSb@yx!>k&OXrCxIZ8NwVfdyaXB;(}Ac$pK40>@$ z#r+GrNPQ;-b}*jvmD=3;+~@$A26y76N7ja>+82WYMq42F7RP3lG_p&Pf}p;W8^Ibze-z zoBJFjrM(qL5ZoL^MCFW|_r0&2Fjb8xMq!MH4-F-&jB36xQQ#;SYvYeL_q=JS>ga)v zil+tQv&lKkwg{KJsv+Ki;DG;}ZynI4mf~?l!5Jt@)92wMkPwC;bLm~MS+?RI(w5Bv56}x1GXMCoG%^b7n z7xe@3(|R6$Rd#aJJc;$hcSU>iY5lnKO$w{rg`*{|jj^t0R=N_dI7k868%`?dpnwLCfCx@S5t3KnDMo+ZtF3%24V;Xce6w*g%i9PDgo8UOC{T)G!1f zJYSsIzk0&&QZwjJ>;!m(VE2vg>czUayS)w_d7Qfvq^}iA%Bgm;EfVfEi?{% zV39wZ%)@`WPR_Y5w(9EzF$j_fQ(=sMvHwXZDe#!*0LpciW*@# zQMX+S!8QM7sT*spev_Dl<$l69r}(zWt=O}3aP6)-CZ>1_=mSv*Z<{=SF2qFl*Fqa# zD*G2GOFA$NP-p!aPe;5a+aD=Rq-rz^^X$~S@Z-*;^vVQiw$3V_vo~-Nq&!B)o!?_F za*eH@fsByC$U8gX3HmUH)YTN2O)b1I>1OwM{4t5bQi9;hsiz5(e6gfgrt^r-)HJBb{OPxu4P_Gaum=_< zNVGj<9PK)a52x~KPlU!b&a5$`=ptGpBzR>Dc*TAb%EZYXs@B<=ncYYOHbpX2EmEVepi;xT&cDP(dhj>LZ=&S%MrwO zIUAAFUl^pGym7im9s{YUSc_=_+m*ftOjsJ6>NAhZs|K+}le_#p!qNid$cc$S< z9r78n59R1VbF*Hx`%;n?YK}9lACE&E&9gnE%i5OlI#`1|Fox~a!xAeOJ?VE z377ByrjdmqL*u=!n^z0k90Ftl1%@bYJhT?Vk{My&tG#35CKsjR6ymjHJl}`o~h}Ts6wQ)pUn!?+>3F)l&-ET*veefacdV-?vhleoc zCFeis9D!*1tg@24uI*Jxhkq4yB*rE#&Q3<=Ce9|-CRTPf*DV!nH@6t+QhvrAbT%Lf z(t+3u{w@n>|3GITha0gbCJrV65namyY_ad>p-{O#5rweijb1br=F5ix|LA)&nke9J znK*)}L6p~lNA#zc|1g=@Zj>KvV8A^7S$ z8m}Fvj!en?wn0R^^s$|BHW9G@pMRGsaAy3)x_c~|Ib?CY+ylNhV|95VcNd4UU-@fV z#t;{gB+nu+($IaepqBiww8P|?a)J#t{D{Nrbs9f}X5q;!$_X1kW0At_WcxxuTwfka z5*r$Vl$y5X+3d202Bfr}qcA@%9Aud)nM9A?v^F962~0h{sR}q*|{U|mpz9> zwhk3sF_bSUs_%;z2@o=}gPut5DZ@q)%1$h3c%+P4l86*`PUH@mqd!|)Hb`_e=y~cj zDG0IhR3Ugd6=|b5VU)Cs&%3{I7Mf!sQXBHb622C%##YAXml5;JX92f+5WhN6p2A-W z^<>7kMyg~?W&fUyVGuxYKz|YxB5PdM=e$(N*C%HCs)%z$1MT*@CGeK=Z~x8lfO zoc7IEb1g-@>f@cVL0-Z{w)JgFgJ_^FA(Er~6Dz08V~p9&C)||Hnnp{9k3+!9<0?3h z?LCfJ;N0k3Sjp?2e7Wd+HO;jau)Aqe+hU}3BvI-Y$2~3_K1n@EHgsZ6EM}CY^(vQB zGjrV@HU*7ZJt+>!<`u6IeNfC1LE!Y+$PlcWvHBIR@xB|x*LXHD0^dZm!P!qlL!AR? z{sMgYULzV6;$@fz1Mn6Q3d2vo+$1KDU&{?_1I?|!B)|Bz8U4Mtl^#TU30h=qa%B?} zic2@)`&w9RO`KV+P0S3enE`OyI9<8~*Uto9_OV{JDpCCQRzMr8>Az@WWe0(;nc?>L zSNz-FDBz96MX&8>HZU8Q2h7RF2{;pg9Sw9yT^@2?9{xY@3I9bB48-moeq|&4aK(Cf zM^(=his;s{cBqBqYTaw^4~I~l=@}ojC&J(egXEPlY~XLvWoCSykR&va_3n$M+jd6T zw|je;2y{)>ExD+9aBfc!%&( zH6UlnQbE`RQ$+e^tbK1RH1L>S7m-{fDN#oSix~J0os+EjIOcr8&cd*e-$r&*iGGThz|R1}MwF_j_L^H&NlMfCY+S zUUm?OgAK&N3j{3N&BOnJGyYxXs;s>58M7(h$MaHufnwwOg!NvF@tN%2lY=7$uaj?k zx0l|%d!=nmm7HwH#7AqP2%ALvc7nvxp)1*&EOp+?x+~nwOh)jtLm44mJ|fD?_?CO& zD5t84cc!8=JZiwzXhWx#roPwOs&>vclrt0gntCcC z?`WE)C}GW>=eUNiD)mkRt!Q>;qqL@@EHx+?Qsd+OW)gEX)6zjf+A^G^lg!^f);3v9p=VW3Z(?tRm%3?~ z{RI?$pBuPJTjqE3^BUIVbv!CztMM!Kv3I&+be2ZOEHBQQQ*2tgVQn-iI!F#`X9G2$ zj83KS_T^t7f09W&6aorcNh_l_2$DNWLhjE?g)FIH z=`$C(C1PDx$tO7YZdR%TxBuN2c=Q+r=_m8x1ijvO+y!?uO%meRdMncf`3yBWrHc*G z9A2;$uy%#Iir&S>HWSEFp~2|?z;`%vIw!5x@bV&8n6rH;#Gp5%dyxx+Dp7O0Oy*1t z&&jq(?h{p}d@-pfvpC&4s7?297Q3HDL@{0xI^3Faz**$I@;COdD0Fp5Jl3I?d%gBl zI8Eox*2vJ;P`oaFE+;b_|1gu`oBa!l%>Wc%0Z`1kh9WY|Wx|3)52D>b{Ua!4!QZPF zWNiHFqUCZ7@Luk0!=AZ2g@owmTgOF#mxj8@yMQ;f>-UcTmUN zPuVwNt?j*>!4R1FWh_p*|CZrXipF{5iJ5^f+jK~bPEWg1iHmyrx0W)FS);?`&dRum zKN5OAUa~nfzz%tkz7&h3nD9jFO=;o8rvk(R{ie4wdW(+v`q;V~C9D~K7y zn8A=i7esTzqy80@R~qIrQ7}8QUHQ_N9gsi#pTB(Lzkqs@pK>sXc|y?B-6feiG2}wO zB0BlWwmK3~_ezxHuiH%gwg$v<_ZUvnVM%G*>fQxF7>d{ABgEF{v)>~~e*HN(FiSe9$3|7>C~c5-(AZHi?4;V-D) z2cUjANy2swbqul6GT+H;x>unf-XNCGcdh=2ccCAXAV}AfAkGHX6qkrMa0cd8epHus zEI;AM64 zgaGxb0Yj6I(f+&LV@y_{KJDF^cJJ=HZ3H-BOIz%&(zjQID5YbI?xU3oO7)xUeI27j zHyOP>!xk03{>iNj>tS_#YiM@6kkWEzBeWKdcMC?Cp;^WSO)h1tG)dJ@!kT5rl; zpsD?4B^S?0vY&Avsf=4{XjSdr$q+hxX- zd0TKzNP0fHJ+nlLa6_JciVPD8KgUpmw3q77$%%0VJxoCE+8NuK7#SJe9D9_3=l_X2 zs0aXap}-gVcifRnmKGR7*ej^WLZ+n{CEdO$*Fk=dZ%AKB5il``@G_wyU}H%-niv4Z z9)+BNEnqSMJ?xHPj4Q5&fyagicB+B;&KOJtBDl`Kn1D`}7n8q4qO66D1<>&hX1v<@ z1H4D7@4pil75!J!kyq)N2T;shm&y4mJztG?@%-!|{9m%pe^I7EOFm?E>Gj8beCD$D z6mPuHFzG~42^sE3R$zVB5G>C&_-rYT4@&u{bI?qUoi&v?y5}tg&7xzTtX?r#?;hpVadg~ z4k@>!F^|8`qc^7Zet4Dp(Au6wweCocwIPe&swHp`kxnx1lQ=f_9oxBQL62KOBwy?2t1j;pIlS_?gVQcnV1WWT({ET4e0w8m|1R@wPX)fmv zVSwr1mOoGe$m~YkN{fSk^}C7uIMojwh>VRS>S1W&c-;gC$b`#?g~q1+`9z9ezorlc z)_0Y4fCXOVmaE7F0aLZymuci$IC5Sd{xB*3v4#9y_UUm*CcujHocogeRk(Ee@E9?& zSm?rxn}4>KR-wFHuz%~m6U1S~+oMj2GsJy@XK!+so(Jkspm}B#aD|=H*SND(?rupQ z!5lNv(_ISWZaEx0)W`62sbjCy*4J@#!W z%qi`slCD(adqX;#dG|?DpFN#_-sFs!=V(w+M#=XJ`_Vq;zA!w<#OQa%PckZBM=ow!$DBHXQhBS z)nDl85$1S+iwm=U_i&^z+3r@1XRwGC2hfgs8s|gi6i@@%O00y9J)* zTp@EHMSP$t(2_om9-31jkhJ$n%=X5Q{J zCD=EcmX4zljzW?O0fpTWG`(f3xypF)FD;d~2~wln^WEHtzEmYhYKG9!SNAQmObMc8 zq1I7}L9dP&l?n4@p5!opawUUNNpfeqJH_ZF_v+>IG7nq$=J4IUDIN>$HWW4U^oyO5 z<(`l)hl4)NkE_JYAQS|TX`zj`-MqJS1xdIidnUJYj=1;}Uh_J_#u3uAPjL&Qw~+@w zIWK5_S8lAnHW!mQv@E@Khx{qFR(sS8jfS+ZBzhNgNzrOcZEL~pD|lmnw+R8KgXect zPm=vaH4F>TG<6$5Hr97k^B66B{v)dWs=zo`mjWs%8#W5bA2y|DSv z$hB+9hSqQ4kd^!8M|jr_SlxsE0EP0l@WtI*5I)XvnW+d2l_AI{!EULlgKO=NrYwyM zAL9hYYbUTN*a`H!GDTVa+Egdq<{BzZc;1@V6q;?u+LhkuK&W5G{En$N+ST-7+)AnY zq=~W)|K#(EAqMC#tT_r5<5F*6*;JpLR~XBpttG;{%=s+VBdF>>1~GhjD3xOow8|+& z7Nq0piQBXf5s6Esf)5c*8{3E`ZT__7v*cK6yht0G+@c-rP&)yop{c0-!5B{{aS9diPFBlv)aCQ#r}Y(<4_dVTv$5 z`V5Y|kKIecDC(K%t<$^2lyrR?j!uX27vQAx9u!$~HR)C#P&ohId5o=h9D_R#ep z!RcHbmW{n*!vB6zp!wx`JW+c!VSAIVcEdO7eRINotXR4S(9CwAVX_*cq6Mu_BL#VM zFE2d&Iy{ot)n8$i^j=y_h8k1J|c@7vAj#gJ&-Jl zobc8+I-=4n#ZC$VS8b@}1EZI2vgLec_yBt00_cV8nqL0g_hffNF(`}Q;2B|K^zsO00@bnhoFCaL4Swm+D}C68;1}u%)CqY zwcnFBTB8qEpHkPnSxCWTPsm}A^^Q$%l4*>64^6ZhHMDM{pf#Dm5U1r^Cha-L5`SLT z*TT)iOeXkLxY%B;`#@f3i!IH$uP0jNU6&rZdusAsezYQk0$rS_wBSrjg|}15_e)_b zUpmA+cc@g*N9x8-<$(`^%6pe*K}!%_C|f2^UC1XNIKB8Lec8gUVM=7mN^GsWc+W;y z&r!<(fxFVfBu6tNj{6e?E9&bQ$Jt>X$2pul@eZBa-nCVe9eYKC*kZN4jPs%pG^Ymj z7M2>+n6CKsO9Fxe@Rt0Zg8U+VasKKZGM#c9{_zL^=5YRsYRXcU z9@D&@q+UUP1{aemocMeu(8F(rOdAKDn#&}rY}&1%NZ49ZKR~hU3!A{^*N?Q=-M)A) zTC~0f54n4UQYNp+!XpK7HXbf0c8or&ef#MCp8Yuq?+yx-A`Ww86W&tWqJ+!lt>WEd zk*deB_84ZbQsFpd2*wya2NXpzJ&i^-8ZtW>Uvo8Mqi!@AJ@R;%i->x+&~iTNN&Cl- z;Y1>^isRxZ>A8lK=C~B1{7IW$O}D1=pW-`(2&oZ+c?hZ;(31yy(9$AVh?m0?1NzCq zAH-z4V4S2~_0hXOH{ttQvAi3QMbk?5K&L=rnMgCDB~y)woA$@odN|zJ9d$qG(u0PA zApT_)0_F9kQD|h~cynS~>XY(Mwt-v+T6mU$ukY;?n74UyNS-0VEQnOlzd+vNNQAmk zWkZ1!epp+`*u=k#YG7wm^rwFX*x4LEDi)-h&h?K6|72$a?ll;=CCYF0GSGnulquX= z{{v^#1Z4HkJD*(N{skHm9$Ewfrmo9lEXtY&EuDpzkOVrXBzc_|9ucq4sJuSt^Aq(p z^*17?PMM!fM81)=K~&f}p?&M7TqnpWm~jxw8?S#8PWqqjL8_EJEEca@x$AR=WP8@k z-pijIIC1mO4J`!$5{IIMcpH7>yH}`6lo#XZZa>Zsa3iQ~vu_1_CzHeG@kd8Q?Z4 zCLTYM6g)Qa^#lL4!2lKz({*y9xf&X{x=EChvhcq%Ux3OM*v0=nn0}cr|9h7DckRHw zSSI*fXzg>rBv+9-s_Xkfx-r>eg#d$<0tz`qW@E&+Z$i@t1oC%34z<1gFjhYKkeeQp zQF4~ItC5eeO7CTpcWSngNR8`Z{vF1rpI7XLckw8q5d~MaoO=nXo{k$D&-rA-eF!12 zjHcpmyudyP#(DU0jXZLEO|c8pOaei%KL|%fsFD5Rk@fR$c&P+UijkZzb4`03&E_ag z%g0mPp<5OBwgwK~Hm1p5l)^saBv;p}{r2XIKrK_vN0s@WO)NgS64@uU50a~DDFpg_ zs5nX<-7zn@wF{JC3v^=iBN|#OcAHPOlBZ6h>yOZ0n3gkmu>~5bhIXK~#j1b^v5UsM zxpQ}P_^de}%n46n&E`uZFHZYDL5wwwtTr8@2^kEmD;LV)MW2C6+rg5J_d2qI&DX^X z7^pK_*}_g8(Dombt$eTjZDHN1i24pQL<^^?Gotjgv<8t+4A+KY4B8Q`H;Ej6WACmg z?Qn~*-ramLvE!so_24uGa&?tF!Ezt8HA{!5bo zQryZOEm{SPGD9l9%hM^XsfQKNru~1a?f<0MZxs6gT(1Vj9*ldT4t;|37EUrjaq3h` z@BciM1m{CMD~g+*2BoV04CjLqKV5Jf{d;mgNbW4xugVIofhk>9_g{rm%4bEY8a_R; zz@2UkS?wr5KHtxKcTe>;9EFXlI|JdK9_YcnTbQcfZYA65-e%lGmP_~f1j!SJ6E6yn zc&4AfM^cCto{_AZn`o(N6DEXk)-xhrN`Pw|jfL(+&(gVa>;6}b-GgKC3#!T;*2vKr zaRb=41iL&}$EdJyuF@7%*f$Ol8!zq1tzSAAc1{lmIHG(o!wf}vjxFoRvDi4_uvp+Q zzg%w}&X1*IGTWq%RU>NkZGAz`6jO01sbm+wX3ODe_=5DsJf}kzE?peSkijZ#gI%^6 z4W-V;JSj4ZIq@C;(%k^F$K#2L&gJzVm8?pG3y-#(U{+A|hb^@`Ahik~-3eOS9s(BK3n88AisToyB+VsQ@D{-PVECmkI`8}{9gzO$_WgMywQH?#qfJYy z)8uDffNlVCLM>osrhm^1D4R>`_|p;>QS16&i4TCmnj3+3IV<*0+)wTM_y!jsAg(F@ z>V9g#(a*zwY8ii5k`$xizF8CXeNY~JRIC5R0qaG{TiUpgg5x(Q6uk5r`Y4}$XY+C6 z*$nur%jpB3Jb9argc5-785LdhWYa_W0XXpXNAyHCF4uvDdH%eteakb-LnVX7bc!kR zmGYSj0^?CEZM`oV1e}eMgPB}ktbE4Hcm&&s+r!ysrdbIt=+P^4118&T#aazGpW$6- zJ`Z!Xnfj1*50&v7vg2%;{%~Y8XP3KbFhwR%4I%YNdw~<#t*PDx53^}yy~6g#e9w!Y zn#AXrxpA5^Gl36wDS7NoRU!l_5%iJXqo;g!O&!1E5eZsZRm@AZ%BG5h_XW8JwVioF z@p!}EGN0`r=n=TdU-Q}Jc*E}&L(sn)cM#vnDm{+r_Xjg8hUMl`rXJb!p#L`R@Rv{c zJr1uth%B_m#g+F5tBy{d#&Ip598IU$)yzMClQ zrY+d0IJQSV#muNTpt<4(C>KEE$0JKK}Xm|aNc4)p28@ZVI84dKt<)nzG>o?JU zIkx{l-d=yzW&LmOocIqc;qOr1z&*(E_Mug8g?V(bjLSEPSCmKy5hsKyy=NhFMRUR*gW;rw@i6hyN1V*hR;6v`-B!<}?^PA4!skcDS5{Fs$l8b>e9W(i2UVTR zs)p0asN;C~rw%&BjN!?^p@b`pM3Esj<7aMA_MHc;V>AZ5K=00;SyUr}W6lv%dLkRNWa=xWCYmJJd$=P%$JzqoKTZt-pTOf(G z;Xy<7IK^_3p0Wh)oO#N@5okgXyb=+Zw)$jt_L(3j_6xm(FZK%dlERqkg!fycO5i%; zvGG}nY0_N|%OjIA?Xb&*9WFv{_sC;Vs7@W>h_5e+9d8H6v&EuaC`+6&rG5*es=qgb zD4w&BQ9Ub&o%yLq|Jl9PL# zt>y~Elm)9T>*yF&A%=Hv(g6U<~G8K0xnqHL0&VxsXT^bo8= zrnTkb`)pWyjho_9z=|?dhP#-rKWoGI7ayx_Si2^p}*RC&J9Evgh>0 zOHYcas?rjsf2v#*tOAW zpP=Z#b0hRyk9tZ{iE(xg46sDb-+o`~ZHlUAph%@kyehG}Dlp7xm^@dC)1#d^5K6oZ zqWzkYLhhFDuQ`@uD9gH6#s~#ORrb9B_uvHRGMOU7C7dn6>nD* z7nru!*eVkx6Z=_=as@1Ipl}~!dX>{lmau98wj~=by{CF`jeH6p4%IW>Sryfs=qm=X zp>e9sQhY{x9K1Rz&PEgLSzY?ZV%SR8=A&mHl{g5-0DNTp)^`yI- zz7IWm$YUSZ3kAhB{AV$9vpMfCU-3IH{x(i>MSQ?;Ch|ka;8y*Y(y}2M8>AthaEzs1 zPHP~c$zyXaa*~d}hXeQc30h9f-yve#ix$8fWjT&)H)5eSEi-Gjt7*mN)i226pow)+ zTF6Z;MhgyAa2U@%J86SE98?PS4pkmIho;ty*mbpl=f_6 z4$mvI_o{-r>WkyhcV+!@M&*ri5k(MjzCz@`_H~kHX}vpx`A}-x6RLG=haQqv!?~^1 ziOME6{+!pl;r8lB|5c_0z5C=(<4!M_vZq~%>f|bTonv5#gNkyfl<(FQUC6o)oyD=Wa;Ccq*{(<1 zX1t`$s$*&%VSId^Yu@t;lCj*{nY7L+esiz3o8|yQ7NX)&4RRRCQL924P5lzW0+;DG z?iV8sD#lE`bk+A_9+`X_V_vSm-{_MgOc^cg_L7%;J8d<6*whYox4`vLixpnRPIdR! z7!_7VOgb8FcUeWtvZDbF9h?uAQn=q?dtq?90i1KWxwjX+_&n6Q`mN<0&Jw%z3SLsvhavtoFcUTCm z5M?Bcn6qy7Tqz}QJc8f)+ixH`+pAiXW}BzC%-48S9;Vtes2&%7i#Isxy=zB0(j40` z7IM2GwZ&0O&EbyF_|XW`1^s^Z-b_*{^jMUB?O{x2c~fX8IcTu`C5s_@2_BT2nAWBr z5`V53i$|RhOyh%$;AP@c#mK>3rqj+9PahL6_@-xz8WOWjC7I<<3KD@hmIGf`!LA#T#Zk z^hG(C`$;e5K%wMiVo|5Q{2?-TCZM^pbdsn1hkd6ct)0xs9E^FDk$@%?1m*9iywN{$IZA!mocyaP1ZWvE zadZW4ukZBZrai!IGk(1CTDpm=UG_#^gBc9sV&eeuasaakz@{+!9)wk8HKiTUTl{qLO>Wk5{XM5g9I-TCO4pYPs6gV?S*1>oeu*suOA`>NYZ|A=gdshxu3W z*S)@#huxh)$wlm`&Oo2b(&9i9eIyoOp^&q-Ol(LPhnRiT-nf6?juQ7ux%l(|s;Ey1_NW!3Q10uMJR4VS(e&o3)Joc*JLEp= zhg+ufcr?TJ5_odgh7d=%+L4=Q?}%wcG=E4#v=TgG>t+n@+SPsjG1#P-ouPv@bf&() z7drLKI!-YGgE$D8h*;<&)T4*vor=cvsV8Ga0e&H4&Q+SJZ94|+TH+)9yu)yo%KD_G zAI~frE#E>8HGPSiY0_@v(~F!%zn7nqdYj&g2+51TkP3O-joIO&Kc`>G=ZAh9+ZRR0 zL@CY>wxVu*)Jc`-U>YT3q_hm6GgFnxS?ys5{HQ;^$vN29VIDE% z&@*<6-KpIAi{&!?oL-l}R$@LO>7C5n+Tg&{N0mwUKxIU<_8s%xUYGlQEM z$q{L=yXK(&sFvR$Yek{Wmn0xdBa(e6yW>#ftX=HrdYEWB*_dLlXr7vBjT5hD9Ei^{B0d|fZMX0QPONw`+AU!5H-7Vd zkc@Pwnl&UYZ_B?Vh|>l~ld-xVTQ|{>31TAM>+$ST?Ah{~Q5^838GxwKDyfYp^$!n% zNsNl}Lx^vic>a9V$Y$Djwf>G4e4FA@5Sp6TLwE|p?33Xm4fMcjL;?KvHtmw) zly?U#Eol=@_ZS8YMyfvcu z*q4{doF%@&awc_gc9SVTXov{0UIzXw{gVL=pf~Pix)Z1OUP)-y3GD@p2Euz7s6<4; zao2?cbP|7ojiEf_H*7smdY0wIR}lK-J9I-)F*DoH`e4!LJ##Dh4}|iIX+2)B_>g|R zz_)n)zCp-)sJo^EMB;1vWXjLLRV!vYQLY)omfTyDD`ga}`3%m66*qs{;`!1Xzdwn- z(%h6PIZ3~vo5K0Km}+`n6nDoya}g~`nU36Tf+@rjepajpgwMD*egV|l%&@9^-{6PQ(xj$%_>rtK z2zh<{G%pwVG^uk^$eWOIH?Nu)*HKKCY)R9%W8(!)Th8Yjd%|T&v6-E<@t@;>#(J*z z1fcZ{7HB<#{?U4d0MR5&BzCN)P;qlFxQxI{-03mINy^eI{o#! zK~F@n?lzmK2MPWPny12%}+mY2#M9EHPT*-sNeFwHpN(_KKp64-7<|^+~Y+K`uvu&S@b*e^N>Qea%+kq12yHl;=-@{wI0um(R)At2o$Fw7Nh1b zz$(8~>!HwPwMd+W8A#-Q%M%; z4x~s>8|77Pk{6e92y)yMN4kuj>`3BgY=5vCZvTPfrJ#VKKXCkSx?8VNTASMIX`YFa zZ#~c9D|b`94c_(rkH4Yx-=1*qvhIlt=CaF{4-VmSW6*?z0*a09L@>sRv(NWWo9;}x_ zmWydQ|HcE~3rBZu=xKUGLWqXbP5q(4VWo&3MHbs78DBhR3(YzK;{f`VM?oJbLZf{a zKSHG#)RP?5(}!W=26eE+b3bJ%Xy8*3>ZFQ)pl$JF=XHA%H^j=$?V|d*9&gA;S*((c z$`tIxteyxD3caa0iv(n6UIp4AHevRL%F<$-kudhe3uVqeq_I+-W{UWP-7Ox4Q}nW} zWxjymV;SQYDYx6-ns&$9L)qypVnn3&9Q(cCqLSjs zCqmEz)F%~z!S5aoP#8Be)>BWa=G4P&y?ByGmE9gvD}!YzIl_eWAW?N-ICa*trl4w8 z1U`h;?XzXJs5KJz@RW-p>ywTJdJu)w=%ffYwQk;~ZdP}K%c#UxP?A_oYzbmdh?BmI z1>=0a`xM-aWu~m48!s6a1>|U(d8U!R6^9&>P2)3xSMiH}l+|i49I55+osHq{RT#HJ zW^VRpTPCB9ywg8mmabnFUE=1zJ?gbp_#E(HqcOLYvb^l89rPj;AISBb&_-kgvU0P& z&-7@P=8!kf`9PXVyRTwYz5QI!b1A70jP^J`D$TC~x4)-hAnbo(J&Y(&3@Qjw09)Brx=i-$>;8sq zhes7JlG?IjGA=8Y4zv4%_Kt+=1Fcos)GVs0?w!#z>cEx3jxLGUkCQy%tnOlD6(QP6 z@!8EzVBm{>j=9x#tnx5j@aQ(f2a8g9*87HTTQ4`(n%JB1Bg@j2)?fP8s#LO3tl5m% z^AnserP-qx^ORH2S&2T4-Qn5G3Sl^>~=wBVQ zDA+$PV&1ylg`}D}LHIP8jsN)z!yE|L5={$RIAY(f2Jxuma?A;XSw#GMl84)$joO7_ zh4aT=9@VCDwiSiBhQX-8(5Hv`5pePQGUgM!n+VtIZz&b9erHoYdFYBZ#23a*kzpO5 z+9l8yNN6HdfTmk~u~voCU;CoFSzt71V++o)LXL;ky-g4!9Vss(mHco&4GH8v+dda6 z_O00{wf}VoQD0BgcRoxF_z!ggJDv>kUmiUjM&`E&Rdvd9>WKfYgkFlH3i<8=wle&g zpYx+s>8Uw+uLvo-NQsjxcIn_^=W1YV;dBK!tiS8J%|-u099Uz3UFrjfBXxy1*y8H! zRN4XIX&eW`_4It&g*5vve?cIr8vrCK_j5)bA{M%mi`|3EtN!XrxfbL6^_DUa1G(gy ztUssY0rh)8Nhmi54_K}pkR7=`1pU`t>7VH4voh)`NW3}qFrjDy`WP;!ZI7C|0PrwYc-@FB?Opd55IEC5V3UofOA!GLZyx-~)CLO#1?7HEveK zO5bcU`|vxq+jRFX3j6lQY9{3n9Hq|=LRX4re4hDORq;|6*(i&bp0?V4nJaLLi!~^K z#wI&h56umG@gn>2_W~qpW$JZY$jO0vjsWCbzWt@83oYGYe+QdW=@LP{#`-CL$S?WZ z+SRZ1^zX7{mve29@n$_|Wk4Q8ARf<*)@{C@{P8t`xz~|GA4-yyV4bjm38gPlIDqE}LvO+IPDYDZq=nW^DXuPxyy zb|mL}1dJA1@FcgbXNC76W{ty0h{WqO%$q)rnft0(U#jsg>h{+xjNCv-0zIzXd&#iKF5<+-WEg#KxxYMJW{zJ z47!Agh9Y;l)PZIl?g2kaEL68W6XXkioT+O}`U?jA2~yXXw7YKSs@0~yBdy(?@7Cmq z>yXwZ@E1%1GCFY!{z761z78Fqx2wZqmXxZR1zgVPbbFgq(!6ww*ZP+bKW|ixXT3LL z@oj`G?y(f%i=BYisnWNM-R~WSHav^m{bGA}4o;5$4q7;FgvNa-w2dHxEq=!Ww^h-y zuv{?>58tx>d=-=;0s9s*e1kk|?h7&2rFO~hr#qi8C|IAScbsTjJoO?&786O;KGDPv zn^z0tQbKaqK_tl){o0cehW6^f9g0ddzC1iMtWU(Rt_X9I2#*B(TLvUsZ2l_0`Mm~$iVWdw-u~M1%XehYgJu}+6nX+vYbFlZZ zjMMsS!B;Khn6N?@FQKKOw0o&PEUR)KdxSnFR;iK?_JZT?VF2dAIYv>hxhWq(6G;^) zJ`5uR*&YOnl?WsSt*d+?Z&yI0NDZmiyn7-kfFH)V5xkVS6AW)zY0ch8ydy===e}#& z742d1Xx{HJ7?UY)DzzI~TL6?0oYl86u=u?_NNSnu7e2!P{lqXi06s_j$nD&aY^SC+ z>kGfR+`y9UWjDYXV2A&|Nw#x>*squ%vV&EqQ4-~#p7GPj&OeS&puirm?8@o8z%=hzy|-PJsfDvf0uhk~ai&elEej;0se<#)*G= z|IkpszWZCb_evWB-2wtX?-H3+(1nT}HC1>2?lOxGJ?h7g25NRNf+IZhuL-3SR=3IS z*L=uSWOAI2IxfzwmYI1#q@UzJ7nt)xrX>O>&qS!{o+5*hSRL|*Y;2^r9WI`F@@=(z z`-p}Z_pYBcD3Obq4YSnmea{<=$4bdnqq%XTFHW*DAH|api`L&Ow=&&N^V?d1hFXJC zYA>GT$Z!;f4sT>3evNLfoVkz_{8|UT!2N@YLgmKGaqP_af==U=QeTIm=B!Og*qghP)rG1CN{kLey`6 zn-))V^iM>)$pHaC`ysA{h;SSOz_3~t79Kzh9uV63ue;JeVL(Yl1eG5KKgmK@&so z*`SyasZYVZ=or7LI$P}BeVS^#h+wE9Ht(67M z2M+Ps7n(xx9{AIAjn2KYTbR%8h{Me`#*h_nCOKI@H<~vsbrkEJ~A6}id;w_298H{RL1fPV< zuHJ6?*?(o%UbQEFk%i&885U)& z!##)j`b}5Xv-9ic`@+OpV&&kC2ml5^R|^E_YGqT0{G1qjIsM_r8U;gximI3h*yz!J z-3Jcj>zxSSYy5mGg-@{-nM2lb@dS8~(Y%tY4 zw*2leS6{i1((FyHO24X+)1-cwd?Gzz*i^Y4`oy)Jm?Js5LrS z;!K8)dh_O8sE;gQJ0~zQumMk;u`w_*H?RRTN}PT(cj>jGU*>*G1r&Ho0dO+8uFM?) zB6mjAH?Oj6=1)8SZKIb^V-W+1ToQ^~SiEuu#*P-oWOPn|x+?%MjsTA!0~)LyO`M#_ z44lD&uh(}3{-geQ_s&m!6<90;5pGs4b~aXSuAf>#h*+2+fUwW6M*+$kMVMIbfM~C1 z44K%EM{w1fG0LGxr%Nv0{L)2jt^ii!2jUU?yNju<^pK{Z~<__3O@Xux%^Lf zpnvj_%OM8rx#<11WO%LJ6MS<02uM#jCR=6)P{bVtX{utC8;$trH0<)LZ4wF&-y0*V zot&&6P*C{mEg5##-B}8-K4@F>VYO7vX2sY1MjAOKpdS)UWw(M+?IuX}l!M%=8h+ZI z$@p{76P3596|oT!E1^+v<1MkM%PG$YLr`Z@5u1<<6ycOVW%{}944{pYpp2w|1c|;DHT`>?)TqU}S$^2xf&=mdN|=w13*Zm99((DXzrt zMLpHErmU(VPva9_?`H=@zY850>Wx3ANLx0vUIs(a`vV~;kTgwxerqxn!+v;Z+S=Sr&l?CYF zaV*9*wel-)Q8f5&k7T-$7YJ|%e36=A5ujfQKOU`Z@m*Bx!VIsbOhso2o-MQ6<7UHi z#kfN4KuBOz3#9qqWXq9nbf2G5m7-PEo_f4G*AFA?nwEpgyp0bESh=KZK!5oxDBztx z_TQcJETASYpz?p5?F8PywLjwp0+$a>28cYcgIM8UfNvo{mm>|Y^GZZNc&ojgwS|!f z)9+aJ2TX!-`DfrgoNe2=i4rU4+=}Nz0I-MPBK9IcCT*b2&ViJ?5fNynoY zQcB6bL%{zqf|X4h)DzAunT(bT-F@<@bb)n$I)Gp`z2(Fod;bkXL-6st+{)g3@--r? zq>rdA3wMh4*j2R0S1qxE;ObbRx|GW(#^$QXMG0nv_wV%WAR_B5k2VfUjdLLmVj@O( zR0u%(S;!u-llfG$Z$--*9}9l1rZmGrfvMkTY)4Syud>G3&!?Pv#;Eao!g%xmJSj#G_{8Gl3V}qc5Y8Gfh1$cqQ<5{Qg$LLiqTNCJ`T6Cw0a- zr}l)Esr0$cU|4oy4gFgalF1yc>9>Wcx3F=E2_e{a1sPhX7CnL(=uHgqkPZx zYohP40jSCI(L<;fNYnn0I8k=bKdf-@6%4X!#UsdKdcf7Z;oLt$HN$s_RZ^Pi;sBAy!*>KQ<|L9(A2RfpIg=n4hB=-rw3_wUxM}jm zWW0^VNoW>jM{nmjtE3h5eH-EOx~lx?c+Pyjq7$yho;+p4$IjmMG?!a#pMB9nmhj#G>f@CIH2ID2=>CY`OG>UWn}> zLIkN6YfH{{!r6un;?DQvv2us%8kH>h(7h+kEjtRVpfK6ndg@&&9VbvpQPYO>ZB(R& zQ45{*cVwmA`Q!D&C@xZFID0#CCKyy9%s6bF+MqP{^WLvj)v^0GGgFb;TXm~!6 zeC=2raxr}hs9c+*&rmHF44DQv;FLTVda1dO&SeY3b<)RHPO=$x+R z>|WWpWNQ!8sF2-g-s$z7W#36aAmMH$k_c+{H@PqqD-X7s8(En@N!4GnG}pnxU2*(Z zc>Gt`tXlp$D>t0$(g>=b%qws z{TS@qLF$$cx6xjRr>mT}+xMP2)8@QrHV;R+0t`#XNWC zV6#mh8?Pmzg-~|ymSfCgqY%m#8~&%6iHp+ri*p+85~gzoxbJpu+*_v66n7z+b_rJ+ zLJ!I?&>zq}OQMjAPX4gsccR@?HqBu+o8^U1_5TrHe{S6H~gvhl#E z8|JG4HXv@Yo1X+!>fHMm^J}O;6jyBR#}kwNEa{(=69_f@sgGJKhRr~TgDi!js8G+;om*}LqpfHsvq*PO+Ho6T_b(81KB zvdAPiKXNigpHWD3u-J3^BZiU3H}D)`+kg6uq4HdA;-B zjD(bj6^cV)IXgHZifTfg5@K74F4#S6vN#!#RFH*5S73fqC0(J*<85**txY8b>PZ*=Esca{A)oBnzDZ zhPBz#D4vvo4hbrr|0Uk{!n!y?KYe%g`?(;ZGrbY?=Q_>bgpR?L?vRiW1j6qUO-d1- zgm?2Cp|2I8nyTo!&!1DpHLZ&)Ep+3uBkoy>D{ax=ih%a)+!jJ)P{z%s7i*x76|yg4 zqqdPCpyQ(*Dek-@O1Qvx{}mg%wn$i;6}?G0-CoskXR+z9*MpBQdk4(g`_c*U>bp9n zp+D)PDh}Oyedy-#xejNMd$xy}E*n|MjmCMJ8gqtahJa-5jz}B@zeQma)IpsNEp+%1 z+*aDEW8lg&g!WAc{Bgkvd#gr=f?|!bqoz&ky1mfBw5IPoA08NtBNle)+}HPlb))fY zdv{Bj!SJ)a(KJu99Z`qJoa>$P;nxhtFnVE}wk#9E1cvOKLL87~rAFCcguyX%@vsL( zSB$KI|JaOf=0&9MUQfD%)dhm2nt-P!a^RmcxEP!?vD<_B>$h=;rLoSt~e;tDUtFQM@ zWG{aPF%egBCGkKn!<7Y&)idoAx@$c|YOONo5S3&_7M^i)>dE<}$Gcd=`xMOc+yZYG zpKlT|%(`Q2Mw=_)IQAT}g|24nBIzuu-?|Gr9_r$9qm#pn`_MM2{MCWcUU0p;D`I7z z4(Z4>`B`MBS`{zW#Y;h2u4syt=L&cC^qT};@^qp?N~Y*yD$I(Vt3TU4%V@=rq|wGo zF44t}sNf<}&ye^Y_LQ@&ssEOjU8vF2D68dLU2Eh|)wVp#RxC_B5VY9y+^=@yy2zT0C#Y*!w$dCI<3JB5vswWv6*rsLGX?ox7+vqJjB zerxtN&(s{9m(_9BAyd1;?YroQgZ&%ZU#&`*QnMHXZDA&qA>$bZLN0tS7WPDm3#|4U z$htqbWEUoWE&LEp^=|MnyY(_9^E4&_d4pP<9a5YJKJp9UFeLkB&oR_@=2A_8SUl(& zoA2)4>c*Vam>uI&LzjfbF*EeVGb*?zgn+8bs@H~M=t;ZhzcD*43#Y}UMLi0S={8}9 zpqM1kOWe8eSOWB*d)&Ch^zfD5)AY`+y-shdNL~-WYUvSy6dIFV4jE_~3 zggF}h=%*Q?0gL*6X+xXdQ6t0m`e+)(G0&P|^G$O`2wkg!j4SW+D8B+V?mw1=s;GPU zZ=mR!+)36CeP6Ttcv`i?ERT9dT@lT1)%lnD@V{xgfgqz4;ed(l5H{4`TjsbwB~-f1 z9$Wv+&h;D@H&2R-VKcVlfd3RR>s`QFllBZXLtdep0~PB@FVaD?Rc1zOegDg}2O-;S;a!`%cw{nglpMkVbLR~8@-ct-j2t8%kD_l@~VZ16c z6{iCEoGi>X{h@fnfPMh`j@`J=jMT&Jn%HK>A|j+xqRAX{GJlx27nL#0O)@MfG9g6U z%ba&;j%VI=9k>{b_?EdE$#@Ez#D|`e_&*L=3waxZdZEIgzkzE&kRvGOHN>N@YI%GR zP6KKFNGgYIqYoyo3WFU(aBEZypAvo^fkj>!gDQB^H#%_yl zlD#-e9V*A%60&Ynwo<}?FYY!5bM6y~-un*I&3!4#>i3uxM_M>6js$Rq;qn>K1Wy7Q z6Ph}k+DzQXLOi}p^AS8k-k*2h={=CUPcR>N=d@jGX7}R zG!eyJ91RU@T`jDwO<2%?PXn@Ch*)r{U?Tbx){(HVuU_~)miBXkDbT+2<84(78{jGi zHujgw|5pN8JX`>dUyCBLULIUCxc^pn8<2JLw+RUd)&)cXCGO!+0Ra$i={4L9BtlfS z*u9j}cPlnv)k#&q-R~reX_GgY3WtAI62_=Avnzo>YvI1< z;j|brKf0#}^=$07eWi8KTM>w_S#%2?tqDyTb=WJE!Ba&di}&+9D(DF!4^H_a1SLux zok5ysKvzw*S0ekcAZTDN=*@cuRsb|`v$C7Tw*z3m0F!RA zUW*((P%YW)SWAk=`xe)SEJ$PA_v}8cabXK&yqbgUZ3Uh=!Z~RUbRNp@{b{`;rb2V~ z2_^#IM3qUGXex1UH-4~pWD(zxkJ4TpKO0?%p*Ch&zk7-o#z~<38bySI(BdV{@$JEO zd_7rjo#jXVap%lmQeWbN*EinJ^?k)P%-DZt8yfq+7CCenz%+t@FT@{KnqO(4c_+8!H@eV{U_Rt`;ro1HhmzJIj7JGNj-P5a6ER{(R%d03>-6 zXE!@XD;8c5_vKF_VX^%1U%1GAp82cS;9q$#5+JcF4~GBekC6SOG>R^UKAz;cpmN~N`~(RI=_iPY#2=VBFLb+Oc%1yYu>x6 zwco@5BBX34#%nbEg&eVFsz_zCr2kx|Vdq(HKouyU{I3;Ve@1a^erCZSkzou#51;8~ zYlAdF>L4{-1R$qjX2NV{VG1G#k%Df)!P28bLlMAW$E=MLgp@`_TXl~3TTV#fF?iuK zfv9nRmUvj(nb|S9{(yOKEr6>N__fPVx~37;xN%=U7TB)VGD*jTx(E30tX0CJ$ID?ep$QWGZ#00vCgD6K!-+FVv4G&qg#G=evONkPr7K;L7 zw9^Hocqn-^2yiepEi?BfHLHk~8B!dEdhRR`-Zk)Ycr$A}kOb1YVX^<2IWyM+@qasK<}z3S zwxG+=GCBeS^j^wbowjT6Q6G&Y3QS|Y4F zZD0r&z8UN{jAC4iK`Kxjd#>0?w{=`X9U77Pl&Hw8UI=;e^O-Uha|hw1z5Ra7E6jel zfz+kxel}0Hx2HP|pUlNYrLe|cb>x-l>3^#$fW4@Be@hc;LK839=s4eKF&5cJw+hbl zFnDWw0=i5uNbuozoL!6NGagPymk~E*xx>C#h6aJPK1vlKQmSNfom(k)TDp06)@?(0 zt&*IL*jmi-SoYncT-z>yn*X~Yg>tcTv;;r=c>pSJEcUewz^|0l7%V-9SLF=x;;n^| z+y9&N{eNh1Ofa%;^s1ebxhQP*`z8fi>LBQr&&FRFr$8%t=(o3L?%V-dZ(L9Cu_)`& z5zjR8CJgLbU<@oVBW_P3w!CfzdB5F6rj7~`R@fQL_2us7!cf?KZ_W~Zf2Hl~ zwl~w8sW&fE9v)lP=BvGp6@gKU@dwhE!}|wWOihF@4-~_ko^&j);6|mgLX|}0z28K~ z_~^?~5?d|^O7I+I6DTx6JHCj{G#rr>XMoggBCcf}lN{q_8vPb9$7)GZ`;mY0Vm*Ku zzmrOI%ZR54yw4JvIhz>$GSn-5#oxDDXXsz%3Z(~_suoZ((Fp|wnSawxVSvny%MCjP zcGl|=zLKgEKz`=Bs_}Y+FZi8blcC5|?5tg!f!Ltak3IN$g#8~UUMaYP-TzAy<^gJ# zE_K*}kuTt?Yw+Pu6aK$+TmOy@CZc86?JK5lc=m)1y}ymhRFN=BD1dsB@G2sq2d+0Z zskh#kz|+^7UuB7l&Pm^|DoN#5mdcrpM#5NmluekK|A*bG#1Ti9{(K_GMjfbiW6|}q zB8IoTD5X)N#Z-_yAJT;&gVj+qLM2YegNx%WXoBsf{Dm-adOT`KVVU_1Q^0iak3Zif z^Rw9|MA+1uR+=@VFvz>hFXgt9?OibMl!FZ&EbyfS74-TME?WQ=e5Mz>{DN?=^HhV+ z+>xuAPnwY`-sb++p-$y=q$o+lt3>(6^T}oJV{?PH=pERkhuRfWxxwsRRD~#LiSc^_ z3GXsVGjxJ&dWy>wNGWQE5??eH4xW`DdHR7@B!RVyJ9yW)7W@2tL3WV-T9DA@!2SXB zeL>y7+CQL>>Tf>QWj;~-#;Uxpc4P4ReHZtuf?Fph1E!z83N#k>uh;)rWB|`%W8nhv zaIgR!8o)kr^YFjuD*v=2RQVMO?^E<6pKMot8bD1{7j`Mn77`rZDP~pwfM01QmaJvv zU0r|fo?cuKRHaYoFEVU2M0y)OCGU7o5VPlgg?g%vyRiF(MAS^2*&MG@gN@UNmpsv~ zyuh+Jwop5ZA8`+pX)R8h@{-iP2Xj9Vw}9j1!g=9sP5Ha!T3QTe&72NX26M!vk&k0xo+}GJ^P(*krCv2#cJfn>1(6*EsE;LXT$|C z3yjd54e#x~v4oj^x3&>yFNb#%q#1KOYLa{q&!23x#MYET`K0!d#|Ckh*$czB;crha zXy;jJ2ZCnYg2|s@l7meX(azSu-Wl-GjSPT9zu_cH&h{@;gasPDVQ(~iBS2)9?Y=4; zuFd$usA|8QM=M(crqGU@cJQZ>+LfzUgr`|<1884;OM8A2S z3Ug0JH0hXU?&3lVm&+wXO3WjE#QK=DhtwBFXK~7q@v;4WMr%WZxdX=BgZo1PR9cIE z9JHj}qTO(Txh_467i)Kj>KI`V(Bq&w9={Cx8q_I%1i0CIZInZ<`B^M%)?xA^v~nBVqluh$R5w+CZ>CFh&|lz z89*i~rqgR}$L(oTiir04{($cNN}Sz6eU(IzeAt7+mRirpq3ut;qnXq$PAk5xj3g`U z6mA}rIj8ov-wTZQ5TP`P7I@l$S*)PONyvErymIhW0`#gP}QjnP`XO)7FXC!*T@WU>%g?&_CFSK!8JfGMsco86vngg6PVef zQP*(De4icFQg=`5HfT6L=a8%NZlCP^Tj#oF!)~7DY74c@-Ajp5YFPt50*2K=FLEj0 z8Z&@8bZSTXfhM1&h)lVFgim6qG?C4qh1hojqv+gs38Ie5ad}G<(dGp3+E~!b#@h@$ z9-R3gtPg3M<*ELt3%wNkzIL!w)YuMWw?~yK+uc*!=~%q>wsxg|)8Y8r6aJFb{~e@4 z{;&#g8efRC*Sy?4ORhqQz|4TZl~K93=a%KSdlek>VYZZP%)^Jtq51IeQ-@vJvZ6w$b}fH;8n#a3?cXItb&8#Nq4UetKJyAlBv>& z47b`&63=iNHJS2;7Fo$bJ95ZRy><7-lTa7j!cRCF31DjO=VgUj!rt}v;u~W1rqg|k zhI;h=WYHgIEtpYj9tO73&DKEhl}cPJPsr1@QnZ4*-~9c8MIO-5e;Pb>i7myZvyBMW zv)MBYBv^P%`u%xf5iZ+nB)UVo_qL-?3cg$W@eowTu|*N~yVdj4k?rK9NMhBpF|U{| z=nL_S7vvR@t7E-sH4|Mk&xR~I?O&M@s(W?kY*;pXTH~qmvy5%|_YlM{p6$Epzudqx z4$+44IiuXV;5*va$`$sizrR7@VdN6NM}2nEl0V_z^Hxk{fE(8A!%Y$Ekwkac7c4 zGqbl(=|3~AD3?zAg>6+^P#S9i#y#-{bccE&jGuWr_`Y^4#95K0j|1HQ=P^G;^Y)1hYdtG zQLK@jkzo;cH57#6y4L(xC(n;om){LYdhC}0!L$P{$t{2p!boxyr|HXQn+gojAf^jH zJJL;Vb12D&Fu%L|$P+CGyLN)2+P{JySxd=+Q3Ee#Hzo5^*>d8C6Upaqk_0|fj{vzfCQL+Ed`{{FFIn13E$7I$5@_oBk!!eFl?99PP1&OW=NtsW`o z3g^1?CMV)A*<=hr5iCRsGUQYg5)uaJ41~A^?hzx#fB||@1Bh;ZyztM1AFK81M9lxd ziQr~tva4ohI3#dGWI!krA~YmO5O~__UJ=mG2eo(l(=?ck?45ppSaW9^>znKB5_&F| z7qUoF2SLay3h%5hv4;e2pey&V&d49aq|fx_N6}h84UKCRiG_5GUnlW-coN>NTPTbm zP%14UF~<}IGOt2t{L;xh*od?sM36X`5IQe zVV%Dib~WPPAtu4}Y*v&uV@n7@B+u3ato(a>kwe*@9Q^X11HlT`B9#p2QAX6{-i{>alg zFlE4Yva>aDGytc{{-6s_m4BffG!=k!WB^@&|ABVIfBZs0JU7tpp7f1`t_t|`f6C)P zW1(NYaFw)T{gJB$QnTzJpa+5#=s~^;kX#@B?|k$>MMYw7%W!1$@1s2J5kJS}x{zvV z@$+Zo;9IhLZdTL=O(gf&j#Y9}#5@lRrkw*hHAw72hxmJV^~Pa_@=JGf!6|F2(4yGv?uIXDEWC|BhjLR!=8qEfTE|4mGeE+N6^Wg(a&uUTv=^t zA9Xk#&f#s;#BaHXTfyj)IjDzb9JXf1QVK*+EzOY6c3wqA0QmT8k_zJzTu@;UVc=!5 zi#3AA_4seLBmXAZ|I?tfhC|PA9dXoUiKo-nb7(+2@n#Ee8OPYmKXc~~m*6&(Fnem6ndIhnnvL%y(nuOnYgw(e9wPh&+mUSPnEcPqQ zg7;Q{;UStx`EBClB@4e9j08yd&q3?RNFw0tf#Z?C>LQSFZ@l_*>@jc~;E)IiD1+bu z290vF{#2d242ggb|BJ5jPi9vWG{|FerGLVT2^}8)pfd8;AHij;90yoEx5~?)0xjit0oeHrE)icIpbA(QdEM1_8?$yG4^K0N$mk{n8+3CkB0jVX{!HYNkD zRHkZFvclq(gi}i$!LR1gg#>o%FFt*uRGDitNwS+h6LyI5X-S+IZq3%CrJVm-FiL|8 zac7(V-oAi-n~>tz9F2%lCN`HSOs>89bHdPF#&fTaj}cdjOvCX9M9$uea~g~+yWQ*c zIXQX~!1;BS{gb2bAu?`D4bGL>U5d?LhYD_yj;*K9blBzy*Hm~aqANOg^|t)gDu0gz z{H+y+t5@NAKJWPYb~-JMy(7Jb6*WqVCNsS~ehG9e0Czk74MhEQXz3W2zYBNyso^HSrf z)_a>Vi0q>@sn$-eyhhGN@6g~R0-T(ArX1~-a=f!x#UXpmQ(800fu8JJygqLjbgl7u zO>2F=#@Pi{w!+8HVoQF?;p&mdl8NJiBs63gZjiJ;}%S1xPy*~LWhad(t@|!sRRH%nW zCQ@Zo1@0YC?I62KBV3iHUzM$bNj*1E)dZvzfc|<;V6y}QnwJ*+vo!s`!%hB^{kOQp z?;BFsQI#!vx|aI1OjAwPzq}aQ7hT+T4||}Oma0lDha7P-K4O2QT>CB_X60UpgNO|M z{#^z&=(kdxi#*)B2Ri&h;?3~_1|{-CD6RWsv>K@5elP@~`BP7^Ib%nqy`H&zA+U0) zJRL4VU^q~j?8FwY56M4?r01E*WmBC#cO>{sfkPA)XXR(Q)@kWqL3OwgA`$i#-_IqK zl(do%(TPgC!DNv^wO4=K^tRB_pembF929SXpO-674(Zc6?y}n6cxU3whMG0~4CV)K z7Ps}Z?_=5{TZ@yGV7xoRKN(9`=2}0m>tNxNnZQnY(L->o`|$i$y*CQ!+eakT*Y^Jp zp+2}908tD5*_F>A&=Rv4Ph}gLJfZE|aQ{sf_OsmlfxuqEWXp_Gl}2k>?2BaDq;HUw z70M9xa;t>o&V;_NKI&QAr7qWbOFT2?(RY}1XE7vn9!3-GljekRuxv^>H4I7Ly`rS~ zz$!xftn`y|2bT9%H8A18y1@unGSVc0|I$x%AP&mjnx| z08PG^MK?d^h9hDTYA6G@19Y+g!X3by*DWnT3o#3z&~k|*&{$MgXZ=VX{)_T0Faodx z=Fh^y1?<}3Eu7=Bv=PL?21xn<%_;vKZt|ZHAeoA!1*fKQq33ZvZ5=m~#bKTNa|R}I zVjb}Xa$R3a=WlwxH8L*?UXYe8!r?BbX-}IuTj~18+{p+boK8ncwsA$L(^xgB@RLdQ z$Xe`V@%5*#ef&z84XEUsjon6G(b$gdZM&gE^hAZ z+-?#jG%Kdwm3Tyc(cb4hX()Jp@S1V_>x9V_0ss-afb{=8>7Qd=eI5JC(Dn+;em!EH2We$ zbcU#}{cJ`q$?%Lyg?1{?SU#4iQ<{)Ib?)N1yBWtP;(d&kmr^U}CnyU-V|{hSYI#zP zP_y%zOgP$n8Mr=@Q(RjQL?kwulOdjOIMSfqS>PM5pHU%g+2kv`%r{Neq& zm`~0--rAz51NM}z3G^knuLwctd>^~+AMMb3i*`7B2SygYgCbFR}x_i^~og zUZV^UW{3U;5Q`5#PzI;eHUYoNLssO3wx|;ijr1nUfO$sp4W0p@%%uPuxHuZ+m%;#8 zc>qw4zI+`C3-qfC?za>EO&i>`OyRGe_}K{eFJR}gYV<$Q828`z*8d5S=9cvgHHg{N zd05%bw+BKW7f#5$hYQ;>j%G>D=Z+;w9$_+~-@n%^UKRfA6&oDPu#ZP?0yFKODi9_K!HJJ`Z#ZK3EVI%c z6C143!izh_Q&{9fhgxSCbtz9J-*|^`+g|W__qCRGvj83TJ!s5L%R!Z;p*k-8#QQIS zQp{bvd-KAHq{XPOuG89wejTT=w$_KCmRGyyv)z;^Jy%0AYaa!x7y2Y^_tn<>Az=|4 zLmm=!xOQkMC31ojFAQWf!!lR3COx-CK^aIDfn;iES1K)%=hI>DJyxnKZwl4jrWNsp zE3u4j8T<@O;>b<&^=Jyk%>+#xHU9Lp5|`@;6O|+q4L;10 zPW_AHr&*kIH%?QHVl0)3=oaDjH(0n@j-53YkZqpj0g&cCQ6gE1_$}1hCm+uOphCP+ zQ3se2v}J`+1vmW+R;i|Y7SNdBD+JYNqV`3C;HA@0kb7l>d^T%Nd!x+42#Y_wB+Y?9 zK)|E-*Jjm`3}-?QPII1=I35))_bf7J3a&_@SZrbFOh4GuEAYRzL4e70?lVY!Z!-V| z(x0P~`J(TB16~f`43hzn5v&(}0}-P8^~m~|4`u&VhjAX3lw5Hb|IaA4E*l)sSft+q zm`my~;7$G&V;DOS!GKekOUAJCLy+J9uDA2IxR81Ek!8L#SBd9X(_dSv2_m>f@E<5k zZQy0lg+_B)!?7_-8ScrzH2H{gl{@q`Xdya{O$Ld7jnkl>*X4?~AJTRZBbl7q)*e14 zYT&EtEzRi@&qpo0jwAHK^KQJ$MD8`7FoN)!`@>6YcIxSIh80hX&Jzir3Y5cLnLo^NPiEW*Cw#$$(Os}i4B)3rA`e5lXHUPX;{Wn{G23=TFaEx$cz<>4wD z&v#jU8Yrfd5RYOBKX;QPnPR-8g>yP5llrS;l`F}d%{rqgqjKP&M0`K-$_hKl3@}8N zQ{;a$m78T|Hq&^0b+)1G#5jnAKffDpF7T_>niU~`dv>MhaRj2E9)fbGVcRIILsOga z@n&7px0@6_~ITnY{QM8`}3bBR_TH;^@MBchRZE@|ZVq!XZz#XR#-dVdl zr?X#VM#MBT)s1=t1XeiJ@2sQskoPg%N}xl(aIF52mOvlJ^pAa>T5q2Pdf>lDET#3qi~01o)FdQ$QzAVhRWl{gk+H&-5upn`)luK1@_ZaRP7e^ zvkMSkY;N4~?%>>+!C&7oTX|Y1v4A+&BaZ$G56vx3!joN3?;)dkM2l2Ra+*N%X7B!( ze|#Y4P$L(Qx+CjdDW)R4TqC6oB*;?VO_xW#S!6rD*UDck8~d7#Q__E`<<&`EyPm(; zARtQUoNE8n+*(mbX5i~Fn$9Yt)Ehs(I}lY)Rz~EXStSs7(LUMV6Smh98nhBEbQYjx zfwFONe1I4wZPd|0sS%%`%h?iji1dXq!;tuMsrPIiD`|Ck=e;1Bqg>0XDI?I(b^>>W zDT@#6mv=R{k`pp8iBXA>EXmG2jDCDluTEdc5 z!Dy|cyA{y~-esNMw4#tP1$l_GNz2Fltmw2*kUq(4`OmVAA9)-|@8T5pt#*lT2)U>1 zdN~O4?UBUfNQdeB)mi^1QuKyXg`4+H~Lgb>XLRhUPDaDMd!v z z6=rOMx@dN^F!=$K(yHJg7P?&w65F!2b{gf=_)iH?mi4Q_W0jSsT`#?@bQwCuY!UXM ztPY1C)iD(lA>{KmAQ@`*%|9n^hb%o`(?5e20g;}cGor>H!oV;jK)sd#sHQ+dVHnu= z%0%iVOVGW0mN%(**Ynrq{NFXK3*ZuY|9xEIUk>ZCk^lR{y60sVUS4pQ=R10l{U^f6 z|6je?zbn){MM8Zw#yD;Ef@vl3#_W^Eg=caxl?Lkk>K3=#@mu1&kjJnf((1Qcr3EGR$%E*}VyjT)(nP}6hC^I9_7ha_*~*$kJM3O$Tm2pr}5N^z(C5L3TE55{Mg@H4fj z0eYKktzg)>)A(h%pW~T0XmI$OqvXV7NE+6!$GxX&PHJc9|1KLZT&t1)BogX1amYi`U7b@F=<8cXzs#!Y~hdrTVPk zrdrk+F70d424~y*(>KKP`^9xeiDHvcNktROAsAr>opYdIDU6I>2UH!m*ce(_xSZ

lab z)~$(gShTHGJ#g#RJpH*h!Tv6JVPa(TvnN?6_^}}-02^Wq@P%_3+G$6mv}+}{4?C#O zy$-wIM{{+P2l<8m9NGb72;jXD0Sigq#Eo1QAbvOT_y)*;$3nh%fLsh{^nB|OAz|UD znwyZTsYocRDyyleeuHGNf~7TqUj>ateg2%Ii<2|Cgcv}`{%7gHOZ)~vMfSrJ{5-b* zKj&8eBE%ysQPnCuG^c#$IYwot(xEkRtGHvVdT7sN9L3;tIx`Hq78ZL`qkl_B zXz6-o|CiBlkA<9odrV1#25mbjGt_ZL#lE1N=k`mTS?uY1P0ZRV<$9GqY`)+}Xvk;<~S zo%Ag($TQQKVQG3M!+X;Z|!nP zlx2TO$@lY0Hh%woB}1nG`{4s%CHq{gWK4)A?dj@WV%ui94Ns_>Tx%Y`xC)TqmBlQn z%zDA=0R(yo;57%n^0(Lz8Vl?o{HSSN2>Zo~3d-~K4ZhS-zl0v+S6u(+V$ z`Utty*b|#CHKU0I7ukfka4Wt3Eul%TLeTqobr;idHR0{!zHuI*V&ZMlD1xxhH4lPc z<&&&`q1&OKH1RlL*pKcZbi4Oxt>n)!4d@N9qNIygLepo^9;-a5JljXG?q+Q76u4CbT^ZQ|d6Z-|x z3wcgU0yGW*PHPZTCeS(zzH!+&JjbA4u8(s*2{Gl{Ea#w6cExiv@h`z87+*_Wv`8WR zD)&BrO}0)-6q%vLZV>Nl!r|ewaaMzpj5_joiMqBV@eJFU-y!9shJ%cpim;!^Ar&|#e3Ze&i1o(z zDIkY!d*#VlN34ak!0g@?T0Wowxhb#&hsDucFmrVOKI|5(YeNP@SB9dURlBfa;HeJD zYHT{jNN&dqTEe-i10?&R{y9Yf==;+Xq3zOe%g|1Cet++r+v0%TqN<`^yRWdzU+7)OjA0iV}in7>flg%Qu^Jv@Pl zAl=E9yK!jXRadi;ja9v2AUJ3}w0eA``+?;7qfE}bS@FFeW#Z3*kYEK@Cy|#FUd}w= zK8agrF%ym)T3{<$!AL z4Qalo=w>l^@M|zV+m@^$qs`Tai4I<7# z0AHt;)|=Aw{^-}!YWoT}TLXy#Dg_&JA6P*0g+aK(Om=@tAt+YAcQ+!K7bh+kgAtMK zzJ6swGkrBaa>l(VnOzK7-@`FU7J~Sklzf_!my!IdX!TO?Gfql7_Qos-htH)*K-S{# z>9~X9%}whAc+R|dnMV{qk{#>nR~P0T-4NMH!*|@>4|JC8HfvKYlQy1@9I|~zvIrl8 zK$?>7uzq{u$rq_>WX?lMkAnAJWm5_xJ5Arpd*=if*^;^5a;HS{XqDw)z#(1I=0zJ$ z6pshAg!Fcs&KrcS5MGMl3RHAWu`dpV(#)st$H^{z+J7o@j+gnmWm%+}@9xcBiHru~ zSII}gnm?t|e>~w&GUouF)juI~?$qJ8aATMWec=IUDOJQ*kx@_2(4a8b(gGjFS!P@( z@V$sKzMW>NqB^-{M+2>eX5361CTAfZNj>2c{YMjIz7la3llNY_JGQ`~)Az>&*&CE( zzDBO)rBe@NlMj9=&_+M`hRkv6Oeu>(q}&0@h|vF;VX>~pHM05MS(nUa9go;Zq6Nj( zIo7jeFMGWwu@j{SP}O!L`m@5fDB1-|`8*#J5=zB+u-Ey|uvtJqv?aUs(c$c^nPX;o zlXk@NQ3^$8;0vNC$|Ru=)C&V9FZT^#wr5Ezv_vShvL5R&uHEgnDMUeWFVgQ&kAc)e zF|W5E@Mt5umjv6?zD}j2J34kt<-;VU78kThP78FY2xw1|C@A)+N!3{SGVWb>7m_4T zn>&T{FIPGEVMY0u4%>&h%qD_biC$U*2q>u1(bva5RWD4cS5&mm9@&Mz%ad zhCazr(+E40?Jc{D2ivt9MaindGt6WuE z3#0c}AR3DH?d7GGM>|J^Vzf zCF$le(o6c=8;JV6{XK>g%(mw)pU~h30^Huw#KywK=I8Kj_wRNg5N!Nvj*nua6`rIeA2iC`R#{+JhOmb>>t-rTig^Hl%zWY3s_vuRg`W8gJ{ygWTQf#NJE$ zex7Kgv>|O8;xlo$0!x6i5(b1sS?KRTRRyJ@KAFTll=MKOyp+wmWQYmG$}->b$4V;k+2fjkzWp zq(20b-Fre2LtiWU$-ib)CDvV@iSX3VPW;VHNau&53lK}pR`1)l97|p{oxLwAIGFid z;SpYaF$VfehL+K6mWM(yNwY6eoM)npd1FGN#OOZ)z60iQJ_28qYh=sLE4 z#Nz%ifSha28{Gmc^oa{sGD2R*d`bUX&G8z+xw^d#4&jMxzkPQhma!)%li8!XFlcyy zg7n9g3dbXHe|FI|Ce1JEk%mHbqR-M%wC^#S&}geDKvcNj%R)_IimD}v&Te~lsy_(I zjqZXmENuJ0Ip>-50gXpDo+ZKlNnyHOz7H13y$%HFa$U0xB?RjARcb3`y14XVUMB>N zxfHnPcQY{H7GFUW)Dp`=Az=@;i1Zvsa$fiG=h-b(jU(VpNVKu!Yp)o585W$dme!5V zm+x7d_0e7O=!BbPB|LC%{tRX^%RG~XY6yBO>+|$2*<|R4AToWpEh5S@KYdC#)AGL;jwX)3E(({PFG&$7h^v6T}UMqB|7o}B)gww>2#$DQ7JE4U6uHEq^q zH*&PovQ>GXSf?{GG$1}wX|mES!j!IFLCC4>5ipP&kwmN%Y|VUYq(-z`w_VD+DE5LU zXO$(K=H_;$qWWP6(kajDHe`FH#H3`H`BuHeF`RB}k@Pkl7h@dMuWF#p;Fzzd+l()a zBtI9O%-36-GGCK6PF;BLF>jkL2C^Kd3Wem!nFXT-l{;x=KCy%0R!>(_37$^)s{^TE zTlzM2)(3-TVL=Rs)_FRT87M{m%PC5;_BGS$0tU;Li`wI#&jjW~`rylql$%skJ~6C! zo>qVH*9#gJ!Jqc4gduJx%e`-hL*6}y5{g7JZmPC)BHc|#W3d3(859JL@%ePzMft$U z;HUmO#}EA<7;d25!w#4#(S?~pBL?hUHBT^BR_=;<0wX!!n(inl;!GFQHRr=O-=JwI zq`<@H_1CL2HQ;oZ4J>BKdycK=1+ev;ARczkb24~fQtrp$KYh8sGsTe#*#S?fZI?94 zBR-aKMTsy@z7DJDvuOzPf(2+y5^hC=$8xgfiJX-xLy1QD*Ap-`A~k}GgrdM}=oLz0}TC08k0 zmT+59$U=v}SE98OGDfMJa?P>qdA&NK@3mgy@~3pMNZo3E=p)YwKS*(E$$m(8g1J6e z)PRCj1<^xe-DZW7sP!OmN-=fk>k|f3*4%EM%y|;BT14i({53P>;s<04l7bVttvy=p ztoPTXQy(WyyZ0G2~Y|M1NI+=mtO%^eEfy)&`%?1Lm8Q|M_O%(Xf4*ppL_#Yei3s^mj z3gDB$C4Ark@Va9Z6A+gW0vB{GOf8HIfGIB%S3BT4KvQUK;p7Yw%M{5J3KqChV!L{6 zK&F@F@>tIixU}B6z38#)85!uY>47i!YvJu1+SWH|8q_tPo9=Vn^S*sQ_BD%8><9Yd zkR=uCAcZu=SEdv9qCi#ltm{h_oqP7v|kAYB6c?>&}ls?oohzSl#tq-#Er zlaaI{tUt_k{cP}gE#8!Kj_>IFvt+0eJ1Z+jYAVMplPzkkl~uNPyYs~|M|-grl+!Si z@3b{fOh%I$`%ajV`l#tSVGi`;a9jjLzEYAAbXjlstH9(f-=>g@imdCu>$GXCs%SHm zu6AtE%GDZK&mWX$g+zn8kdUljcCUjfDcnFWF4{C6F@)=NL>iOeXQffa(L1ya0lR&) zUMj&h6EvarZ{Ekf7JSju9BZr9q3dk&M*A#h>Dga@PsGJ_e2c(*Ew7_ zH@F)#h2`GAdYu1*Ib5;tif31IF%TE%yz+LLi=7|-pUmN2xys-9m(N5BX7CJIIQwuE zy=0ITZ=EFI#AO&?%1~pE_qWy*Gb(h5uqA37UCY0VwiH7~8cdL1RK@f{4>kPN(;!X{ zHl~-vhTOa5cVz{7UOVWmi#8^%b&o6n8M#l)`>I8bcmPUHPb(8*x+W3FTc+ z&jWU$+U=C2x8yD3v|$5@$1fy4ycNd79CiMP%(}!tW0`haqpXBnuuj4gcCR7L0;kMJ zp4_O7)0Gb%s+;??Q)+8%$CbnhXE!Ogs>{=3QnZM{SNp7=Mj^-4kMpT`ohm6Yh|MHp zl|MmOQQq?{->7XL;ql=xcNrCZu?92+Evk%*Zw>8~OH=gQ88i>pA6xwoSCWy?p%S6n z^Hk_DDf&vvgL2?p(TGwN5Q)6qIyJ-P-j^At^);pZgW za=tfwB;j<#I)a%6ohoR26cP%n+vrn^uP0%b&qa3#SP$Px(xidz3 zZ0>Q~Lw)S%8bS2f@l=^pL;~s|3vorNlg#yU87T>==i8PXnB8)zeRpccp&n_;n^Yy1 z5zW&*!`*3ucm&UfXIuqSMR`31>A}q;@9lFdM79I`tAT|Dc*GS5u?^=9-;;i~IoLv= z`0)hT;G-@!ctnWQ@}1#)#E0g;8l7Lmm3*DWKVBzn2VB(z@H_Tkx}I}$=K>;q9yXxb!Ui^X;0Hhe z^zsnoSNiQOU5JhTgYOS4vJ37oqg?;v`vZ$>nK*(&AWhbP|NZ=(W2rkRW9SiGHr9W0 zNP))Tb?1FdF&`s|-Tl^N>-?d9%AnjY*m*4jd_*Orkrc{3qvKyBZn5vJNgoUHnsU-| ziAvV%)1Ai6#oq599n43k*=4pTyjR5Yn9PAiNO}R~K+Ho`vy;>PU5MSPxIitvb#ub8 zKH{5q8pd}PPaZ>$W)(2atM?}jzrh$S4#30;!MmmZ%1rn{?gZU~?6JP3(S0}Kur@UY zv*IuWVf@wyHV;!Q!!hS~m3EKXV=a%ZS%eN;21*E4hUJbB8vUPUlWdtK!vvamckenR z+?~@)e{q7Muy|Dst0~Y{KYT-l?imjGAuog`nr3O7h}yGEe%~ z(4R*|bM8oMp2K< z!DBOq0k0oXg{x0iGnhZ#>*D-mWvlrrPI{gRx3S5xp~{&1KpeXj zak%uxQZPwEjQDazW7^K(W_`D)^HT6AS(rcz9xrwf?bz6DskcS(lDn@xV-;x~tlVyu z$Pdfe6h5ar23Y)It8ZJp8LlMgBaI@!($gZ)Of9V>g#3bng$$DKsD8*tvir%i{~@j=^<};$iz+o+sp4 z!+N*hAgW$nX6I8({a1Y8Ukk`ws=C5sA%gW}$W`s!Y`-xuBmGc|0f@j|tewGPFh)kK zv>+O=3q-~u14A4xVsWq||6N${N6++9SLU*Ietzn?n>_zzSA0IfWrd&V;?E%r7#AR< z2yT&|S9kzbu`5`eUo>d`|MrIe71VZ^i_0?N&8xeQru;+VG&=jQ?;auW>*+&LjY#2lTZ-u-n0&rsCVhc`W z!Nwz@ejXc%iJZf`!2lrOUpAnh#0Eq+>{ky#|NVFHckxKQ@1{l?)xueNov24)X!z0n zg?)HBvG>tP99&VvNBLE}?q8E!zOXD8S-}K~_v9^^N1v)G8lvYqp!LJ^Fo^~!mhwNe zix|sB8<>*`6BsvU=2;=NuF?p9v@MPH+S39zM7%0?87`wN3nod^W1C#o-zt)#X_E|n zJ<#F94%%`pK31PPm(EZssgf11t-fn02l8I!(6fvlgC%2<7D@P8qghgRlgemBHD!US zhOh7&r3PyFjD;4-vPHt}?ARvG5QlMdPobsTg;i(J17pp}+v6Y3Ft0#K6gBIq9@xB> z8PKu5^>jP+mAZBZr@E*mNbgng=OqE5%5KaU*4u9$%ls+P;gsE%dn)wCpQohQ!357G zGD9t4^|zYIZzazwi4GV<4#xQugsg8K2%G7&wwQJb-%2_O!HU&t+s^FKi>S%3*%_}g zt_iQKCF+|xE-?)i>0dipo+b^=`*1^%2ns|c>2U@VVxJ`JG}PRpL6BSqLIyK2k#bF9*f-4>M`P|2q;Ql}eSJ>cC^ zXiHOdr^*$?89Ae$JnTFT_^8?8F`n#Q5Oo$T2#*`T==F|dlil^6D6?$PVO*GbAhh3; zwA9A8-0iBx>NoM3L~>CMM5j|S7aZ+g>MY_as2~|1%71E-S8Z^&4t?L0jz#s#-Xhx< zy^FsTq5D~~a1Q;u(0~taG0x}K`ZJ21^%t0rEcE{Otmi8A?(NR^MahB=BMBG>0(@a{ zzskmg{Qj%7w5zF3t_hK5Z&snhv5e0HQfXxu$+=$4aaLkB=zDE>pbcz?SdgpR( z`@aNR;Ng!#g;vx~vqr|=$%5BRF7NK)Ji6()ac@JL2{B~c%0}ONrK~-c5=C2f@M*cu zUS~DZ^a4%->MV49r)zlCtU_xVmP;*U^J@29t0%Q#GbOpRjvwT+z9`hgjlAzNcJ_Mp zKqTG7NpmMQmEW>Fxw|c-en7%TV#$_5=&T-{ReNoB^4x4Nfi2F?*v`Pf;HN-RrV#79 zy}$rLBn%s{%Mo7gaKEyWfV{5ka8jb*+HMFa*Q6Xxz*SdrIRjfG^K%tK*2^v(JPN#u zfwiffqcJNX2p=3BBB5Xc8ys*i;9U5&g^dM}4Y7WU2T|}vL;#-N@6qEAcCYi60a!8i z2O=BX!(#{jyU>dMe|mF&w=XsdXMD0=82ZK~#aNBQ?VIAxzyQ?DVldRDOOFHME1?NMm% z&CLvK2LxwFCMrBO-%XB{47}0l+Vr-MlQBXU-q^&yS^8N)+@Zl^S8~OIxK7im4R=Fm z^^f6%SnpYLNHbGTc|L!>!KP^kzi(B0jLq=0rl@b+NY5#93O1#Hr=S^28RQ7!$>hr92xhxNx^uD2jSSAQv%p%qvXs7MA?MY6;B}d7!Qbg^0lJ=xSDtqx z{>AJ5uq`8~pFn*~Tl<=OH15?Qe!pL#t^G5EW?x=)J+_QFjO*I!md+*=y8d{SBEABR zJmlNeXHT}8>YY_Znoduy)pjaqeG1cu_0_L|mEHTi^Qx)sg>!HOUHs` zYbysdqtC-xtygIINGUC_5ydDhd)j;h*4%1{A#*Ci)|%TV)x{>ZFrSHL_!qQrIv!2# z+>r)dH-Wa^T)*zLnFgJ;z+IY&gCBEL2i2d?ScrkeIJ$yBQ%sShe-NwdJer-V(y&`- zzL0JE>Wy`I4*H{}4fA*EyJfp?8F=^*{i>{j-ZV0O5F)IpFk0F-Wb_}kgb-2O;SG5F zV4dq>@&y*_4?I0TwHpVrzxx@e3LuIu1HL#f6IT9;Ptr&bOJ^HYH+A&|TdjVc3Hh%w z-EfnCr`!RLQvTy4J^#iC@c-Of|BIOsobt6(XdJPXl8q2Y1Jo=&J<_$Eibllr*Acu^xh9a$hG^O~SwXbadpbHfwbf6a$A7S9e7rF$ z7M9I_OFE83ag%0#T%Wn&`hPkWjHAb?p`><9T~P{caRQlh)QG7zc6D_?n?Zn#p+LqD z@8qo^&PCK6X@!PTLb_IADQ&1VJw={ng#alH=9Aad1Z2aPQbl1PlDG4ffUz#v@lhdRPR59)6K1{(!tV z{xUpiGxvRYLmL5Gs2;Gqr7o8DCFte4rV2v#)#w1+RlogBHys%Z?|0}5uw<3lzZKJw zu#kS7@$EtAs}G*SeK%qlM!!cU zkM^_0&Ck7Ev~epL;RYJqCC=D0&I^27jx5aS$Ad4M_5~mo;n>&w8Ol`h_;8&fXGPG+ z`I?{SXRTK##4@w#uWR(afQdIZU*VzAcd2;n_B9TByNq1sq*NG3dI*ZufIzo4X}i>| z#yHipNv{QKJI(MI)p|kI0=E!)%62^>R4tP5rP%R^NOnU@bC5JgHVv4VqX;n{nvR-Iqe zK`@o&B8}|t?4XA?Ihn}@bc%bqFFduiwu7dNX6Kb?jb47CVO?}`?ct_M2h%c@^@~KK z;~5omGj+j$+5yh%t=;Bl{Zp@0iuz*1*FWk=Mn0JJ)TAY3A(?v(!7UQ=LEPqz3T@K8 zJu?_moHyYQpO4JlzL9&I$jQm|6JE+IGEcO(ObDe&#Ef70i`CH3qoSTC}B}%^nYQqN`x#(dB@03#&?r?I9Ry?%hdA!qWAK5UZo`Si1K^N!Hf6Eo$y^#!72hC%e+*w|x3zvMk4(2O7?=sU zlU{s4d@n3_Eo;KT1T{y=YpZ^kLLc?T-HiFV6Q#SzPm?Rwnb%>~3`6D^y57jQ+%_hi z9SG5^lU3+3hbJM_iR<%ra3pSTHrrqW=oYmTr-GW(npAuk5I;p`#E~UgD)-JI za^<>Bc!em6j|tk+Sse4q(2ycNx$h;+w6S(0sQb*|^xmp>63JM`53ll@7x~rA{O~GX zcO?d%_V;?8vc?lyR_{q}XhGDE!?S%7#|M_e95*Vg4yggS*f3~K{PgGD=uD`2f3+cNa9wj z9W5>6oqkgTv!v9CJDSB^JJwukQeS`d1YUrG9Ix#Q?t0sV<6)PR_dG5OPNCqb<&EmB z4XwIlvaz>v#z+}hT?Tdgyu=}OwGCbrzMs!ZggsVDFzf_kh&)^)+PEvP;|H#AL2MY2 zr@UA{V~2Su($xZWC~idl$gf{?WL${Rb;KzB&TLHHB3dT1$QR}ZQUmp;?0cV)4es5G zWAKxDbpy1OkD+gw z5IMGUc^Pm|8#n}UaRBl%|IlUrZls`3LljpveKmPxL~iTsL+4{LURjgMHQZ2+Y1BJ$ z&I9qaFv6u!w^)noqvFgb$k7NPmk7P&@pP8LYlKn=UvC%`zcR@qtEp+Ii8(p7k3r5f zYlO_cGvKg_PUrfyT-`&0f$Wi|>RJvRr+F@<0(vep_cl?}+Zc=j$6`&5cdEf%-FtVZ z7^ifiZTWKqr;hzsW_PtKVA<`$x%vmO``1qMMje zh(p7wpL>uyACb~nlExmoUFG+bsDnbK>vQK;685upZ+GRckNvi8`hj`t^seL|G$HXo z3G0Lr3rw$+)Q@DfGW^XJA2<8?mL zf&~^RZ(asFbUW1w-OQlAHT6|^gcQ7$WHr= zKtcbmDbsN!oywB6Jl6BZbRcHfjXXCko;OV;!6#cf0rhYlLvB{+HdHLPJgxKLANITr zd|VnDK~jtxb=MSc68BTY{o&bz3fI;X9;_miIZ+D++dck``!}Zd^TbgfYpLBq9z#`@ zZZCVh%W}W{J)0uuwIt@2#jiV*p-McDcTLq@-=QldJyAxHlTmuWCD4?83k8EDIOTTH zo+D<$^83$eQw2Ktay5^j%A6p&rYND;4&M_v8$u-ZQjj+$=HIFEw`@%D@GRVwrBeRl zd|D^JT0jD2TaJ2Pyrpb}l3VX(kT*j-^V+>95wj_aO*ibAbc(z}&X8trokZ``EZf?P z+Olu5KJrRvS?;zV6lk`Rr?A;7)|BfQ6lr02uW&6ycSB;rdOsOzBy&P794>_*JJW3l z^r)oIWh-F+nIZ3hwZ_uz;W%V87h0m!rc*+(ogTO2n=uBp7PPpcFuL~i#MdWc78@w< zGC2#!PZ|-RI?Yydl@SL0t98E1utc}lMt-nYQi8X%T&|t8D%?usLTfbbEe<6Me5kTfw z_A?+PrUp@-*K>ge=eJ9ctC|>@+uB*%nOT^869@+YwBXZ_vFLuBb`I?Yu;4#z{wKWG zWv!PBz=U(N^Rk|!HUXWY?}z^v@8oZ#)7ZMs)*bR-f=W>^jpzI2w!5J5Lxi%5kNNW+ ze{9W~8lA9ZP>DUJ$`uU!_-IXUbLEEkK5d?m*W3dA$F8R;ERT9%ArnYrOo@5(<&Lzf zonWXY&6AV%BREaC55AfwOL@V&uB=WQKu-6p-7q5fI2;7@neN@m_*yh1As zeFyT3zi@~EnSx))ee6G-lVzQ2`G4=D^#?lmDByegE>Zo5+AeH{P-wxoo2_wB6j&Hu94m0%#1Tr}xiTNR3?Wcx_543k? zA#9v$pI3)h1<0=!&`Q3#; zF9I3%EZ{=g|Kviz1uwstpMA(>mk0q1Uc}MD6OgX{R@s8bLQ*lZb9QzzHn2AN4_yuP zRabKnM_*|uiMTkM+ntL;e5YpM1&@dQNS?W`ww3oIsV^-F+-Q znc=aNT?1{Pj^8R({ia8NlQ~T6OO{32TsYw=7J2$}88jx#q5lD0l; z1#a3Bya;2Q3A{Vzd~BuH9`*!7IZRURQ>_c}s_(LD*{uULM-3=~13ZU28>F=G&g~h} zjn>aUSMeHA6){*bt0 zeCHau8_x)vAdjERL#HG2nDX9!vi8lR^m_yM%6H(Is!y7Fa+?N|U}fvy>VfLLoR1s>a2ZJ zSY}^doI?6z#fa!2i%;hc0T)0rTbxgR{z2-A)a$!HfD#6L0Y8v0Jb}XCk7Mm6`#ea5 zmRdU~-gK?;>K_+eaMSzQG2nr4E`kd*b>Ldy>CelG8#jpaBAj5p2qM`3O#lWsrr_lQ zW(I@qcN`igH73TwbwuA9)6J|eiiTrb$`Q;-4 zV;3+Sl?!393D^)sKDJvS_1#0iPVjo!Y(}q;Xtig}DT87n+13f#Ag91<9*lOf5O&VizX;$ zVU}Jk!54Ec8RTwlsCdn|Dz!woYE&!0%;MgrF#QQV*Zj7cqtycvd3@0a?tR?+aZ70? z40OLR2mnLKp3Rt?oHR-xh*rxp;jyxD{@*JBzt$nIa=cyi>+lfwLP8a_o^~~hHc9F2 zTU!P%wB2xC=23YA>r2G(wu7az2a%sUYV^}cnn3j*-IS08sbBiX zRM|bJuP>ytmuG*miT|>j`gbu@|7~vS-@bu=<)&5$nrw2^4VY4-9X^}Qy@=YVc@%sf zDGu$3hx(~xsQ-#nL1r424k}rni7m>rLG?iVkW{!dj4Y@5=bF4$wk@A=#tI6Aimt&$ zv6lEg<9HLpVHS$`8XI#-UP9f1%pL0f)QnUd-Ak@+BklHuH%uX3Sv73Wyg+sIEUZOa zIc8JSf90k$ap-vY-EyY1siD2~kG2p~_-|m?ccCDzR)!29E#W`pH0*0iyWtV0*WHHr zslSS3p1xsaIyl{&dIjWN9foseHdMN(Si?s22_SrfMp3dE|R*X6FmBZN+AvY7JHHNd(@WbmxP z)>z(i$X#vI&wI9ge>sd6{So!}hk(7(ytvNfZc%(r?2OW6$#`ako}Cb}7TgCKOp4oK zO!qxCN_V&PtcD??USJz&op}`n@5Em7sDE(VEPpKnAG<4$^XQz^~V$bkgamQrL$aN(NT@2Q%roE zLWsQ_<4$jwn0>?S(cl1~uGD%sw{4#4P#e&X2!kKn=Y|U zM-CI60^Gw@un!DhNllt5ct#*S-)U_bHRDs!d-esV-hkeA3bxP&&PT zBLoe`dhF|Lrp|{DOXu~ews-Y%9HfQXa_oBXh%BL|I&MjwB(7M6V=Ftj zh?tyXCDT+6_KeBu$dh=_hu$hN=(?Q#AAB4P^8vNIs?KB{&^PmBXS>|kDR2;?B!8lqyffNnF8T2}XL}GddB;(TQVLOr|YbrzEcePJxWvb4*(vngXv-@)b5oo~VB61J4`zMXZY z*!0Jzf9s9@M!^aH%SQ|jc8T+evdv%@Mvf9i$`VxrG@n&iKd*k;ub=O_3yBRC`AT#N zLWs9!V#J8$B@@My*o;=)SMOhmmh_rUe=NTlTPsa1-@8MiSUkqWHsJqepKI1)@u^r; zM$qn)RTuY?g=TC%?&)=`^yg&sI~ospuD>P(&3!*SOQ?g zi}vIH$J|$jRn>Og(hbrL(%m5qBHdB~(%oIs9nv7(EeI0Q4N}q_(k+eB&Dnr~KF@id z?>px`?{|K9T`cx;ueCSp9`~GM&N;?!O>}TpKOb6f0L=pa8L*MG+&{F4_^A}@qWi0R zt*+wuFEI@(AAY`D=0)$pj-qSC_)CrUPP7tmy&ohCEDElmv7xb@w%G%E_E#V7kFH-p zt@6kJ{64!25cjwXhZzA(Ex_fPnVs>@GxPS4m4WT<@IQ1H|5VD1c_!_fBD*#My>9c8 z*m(MtRT%m=>Tr0_{x`jJKu|6P%pr#xPuDOc3sS2^P?;Q=W+~w2FeNk{(oQ+JE~Q^j zy0#nc6%5y~Xqs{!=soHGSTcZO)cvVvt73_Vj&OdHW_01qDpvBwL^-|+V+BWU)g2ND zPjhOGHwLWAIFKWQUyD>*B8J0A2e%X!{B`paZ&X6QqUnsQdP`g_|4R92u^MXOb{Qb* zri{8CzJ*RDT&4AKvB`BqF083ay0#Q9sGKVZ^S4r zJ$EFXhU-?E_keew^Fy%`TT$numxoyRZB!x+FwV-8;mp&%6bE^F+16aS!H5k-v8vVj zxGf?KQAbMjvK^DsPbo$ z(3Ti1_mvO`8&Qd;Feq zOr6A%w;b=1(hMd;bIoGWme=-Azxn8x)hTXhzsce`Dpd-WAudT;jW(g551EgVrPRuR zrCd={RIbXqOxPurl0+yQkqq};r+jpUr~u;k>1?$%c;L%-rzkIf1}~pK+Ks;t2@`?= zA})Z16r`4)9k4tI@XsIq##RdQ0T@Y<5fHtW7#Yik$*`PTLiTF^#!dIzPX4ziJlM(a zXeJO~ASRd(**HCJjowPHYfL;24qNDu+^Vs7ovQNkY}gEvuy+bkxDc9jz9!G7x@5?U zBJewR6THR1seHBlH1gotd&E|?y&EkRk3PSwU>;FiQV?!KwCW&NR6?5GEK?8xa;LfK`Dq}_6P10@?87zO^Ekg(NuaqTOFAgX>K zrZJ)mlb|!ia2yCGld5WUNaU!6{=^4(n3wc?RIw;B}_SLUi+q z=M5paT{)*%o-G=b3xmyd#Ku385OpSDvX4wFJTcm!s!`PMSJxgPx0+&t7a6;mQ4zjlEj2vT;E>@zaufdq`n~)@cpE%Y zh{qwN{9OwgJ@8dcBDN!66{Ti7;Lb}8z)kvImCt}oOM4wmymhs%x7STqUxtJe-6m}V zB{;l6;6lDh3SI0N!zni>S}vXTAk-`NuU8_X8W-_W67+r{-{6l5414Kem;JKnTP;#W zlJZN>a<*5{%&tr#plWS7KB9+8FD$&CkYmbhCsBMHEuV0OWIAXGTS*8>pJZ z6{ptSo?n!EVpK;r0rPB5)w(Vy8)DQbF9iAv8=9pciYPM;vbs7^MP$B2L?UK=Pv5&D zuKM;9`M%GbMxBP^m-QSA-H-6<+Jhm(W-kd5x+${ysWxIdMF(On@uEmSb#%0}z=0Q% zwGG=3FH#vc^Qh(|ZVk9#=cS+utv*Um)SsiLXy~_$Ht-RpoZQq8DSq==FHKR2tjV&6 zjWHohs}A@5YZfM*Y5_tB8@LQLbK&-L$^nMC*E80tvz2VT^Usf}AxX(r>npCgLCUI5 z8wFYdkfKwG%`k$hgUI0&M84*iHG77nlW*Z+EklMmT6I$&x;ZSo`Yws7%b@+QQZXr^ z79;jL+kE2;f-gHqL>a`W6RE!g_}`uIJLBd5F!Z{c-2?!-p(#X-rVtmE1asLMj;V?? zQEyFEHfh(}wyz4YuzClj$}$?VmmlI>$n`(2c7K6~BX!YPK2IwTs1gz`_Q{D84asTv zhEAR2K;z7+WrpM#*P9qdZ?Mm z)V#q7G&b8D*6K_5cEP6*ty`x=o@yffAj?Q;f;U%*OucS;vItvBWDcCm_(a?vbDzv& z?Y+H3J|JsWVf2$so*bCZ?(L;~a}#aupoRh!x4)AED>b{`WrScb0))VftXdzl$`p}T z)?w!J-f=hB-MuuwU}W)IWpn9fVDp!ehz*LUXcr@wI4T%JT0anW#1&BO(J9g=olwfO z8E<8a8DPYYa*YEZX$6HH!l+ggxh60(FO%63dpo#>D=;`MuZl<;j%-x)O6{oFH8CaU z2du$fJ{fJIPe@+>Tw5Bm1|mV2p*q$g6JBI&EB zYPNa9pcI3A5R=Folx})J|4YCdvl$XubU=0fyzKMGTFS;mQFiZy!zM0qMy#`@FhXY3 zZW#s5i~fsnYmX}ptn^0`k=1Pq^$;aO;bf7SVb}S0sVUlTsp; zl|f$LqdFMt+~L3<4;6#-@4)`OkP3qW`910U;dT#;Lh?r%`m5v0-?%WUVMd{6{uCEUVQ9nm4K%7 z2L0QkIFqW6M#Q+iQYs9EviMxZ)Z@FlLN4u}HJ=YJKYzp-_@xQ;YN4~{J`wc>h6a!V z;P<*PkMDJ1(sk3dvo#si|Gi&6Bm7-!8KD0Y3}E-bc;^U*hX`oMLGpS8u%P+v?*I$n z7VsW{fq?>|(%+Ctbj|3DdiX=kgvcZ@0iq0Zd_>ylgV6MEU;e%S0UP2@Z{yevk{<{R za7#GgFPP~VbU{HNn*VtEZnI_Oe#*_ulevn1kQ$5%zoDAtg_vGaMtGpyC<~9uDBaZO zF++)#D@b#?eire&c{eXVjVOLFuvVIDCfwqodP^(@4CepL<#N{}6J4&t&~W7GG#8oj z2MR}?B2-81@pCEz@^tv~x3+4VR^Ort^#wK0FZU>o@-qXR_MG-)3LzcY?^l$erJlB) zp3~p;Hf^i@Tv1?PfZiq`z=~S`9w+^!x9N`%<@-D;3<~D0osftnf#B^`2t;fw?XA8S zA_3kVw=@qR6#V(}f1|AlkQCp=N#EO=?hgNqlm6e_#6NX3&819iDq)IcsBTSYiu!Lh z&fcu-8R8!58aooe>0Asx{rIS9Dhu_@ z>%axrIgiy)w8gC+&aoxrOcdJ5uwqSQo^&X1s7kdQeReRR1pF*5ExUI992*@Ro%Y9; zn%K`8L1gvwiij~yE?OL=&gi%sc_yRF3|^tPOA%lf?8o5c?TPw#=VTaW>;Fgos{f^CCMJo458b?xm&hF%kRf4? z>C6zQY7zLDCs4UOFj!{+o=6tPE3p_1H!P95Htf5-xWHL>(G=N?$IfjE6UVEJ%AlFO z{W{apLber6LR};kW8NU|iJgo?t1G4Y2PC_hiPv!h-=zfeTcCFltiDd|qJN*cEj)-p-yB7f8_DDPU{jLvn%xPGZuMNi*!KTlSPhXq` zRQ;ATS*0!Y%E+m9I`H}XRMWW()pp@C@YnG`Jg`MnT=B9i?L|OA4-yE$9_OlP?fUJYUG^m54yuj+?)sj$fIY$^gUB|1Hq-LPEWl zY1>anfRqK~1vzkJIhPd`pGE06y!!=m&{tNKv_W+yKsRLC_LC^=R(lKK-L*DPdaOY3wXc#Sm2cn>!Z- zqdjc~L70qwK>0~-a{c56{owS=-2uB0+j912Q{XPAAokT)Ii(Xt#}jiXJ@Sa|LBd0E z=T&snNCgokIg^XgwAddyn;YuYe`yR%GzOHpVT{`aYwxb*-Y!Zfi%LHCW>IE zbq*a;_-4GU$=vPC;{vnX?V-uBx@2G5?tsbMPxF;t^8HEamwuVNwj^-{h;|RRF{npN zxYzC&)rA_zqv#(5py8yB-c z3MH*?=V)nT`a>cU7KM>Qm-1F9`^mq-0rkJyAa#o;thZ?Z17O(bmbdvq<@`q+Q2$3h z>_5R$F$okDr88@)7Tmip5?sEvPerV)J-`;;>e63EjPW3ML zSy}jLjbc@4l|S;L4l_yji*ch2F;@>E z!1f|)R)AJ!IV-SkKxz-UcNc=U*n+nYCkpqEzw#8%+D9^D;o&~*u_M7EeDfLgx{yk) zGkgq8Y$a4zB#_(Kr{`Lvf!bZBJ*EgDWpqfO+0b?w70P{;FU_`^8D>D8k0l^BXjgun z6zv|C0MeRX#eXGDekVO37|egn(g4GOX)|bMsHdwks4yroD566fn`;~D(;FHaFaSbY z21p2SY6MUaY%tXD)e&s}!q70&)&WnGQBh197c4pkQgq_)lQ@7e0!z9dt%i3)I1aXV zzq@^>U*&U;5&gFxXSeIVGC&^)aGZk_Gcz*(u}1Hv8{d$KGid4zOk&5=^K8x}&^9<8 z=Qt6uZ@0Zoe}(*B2SLb6ul-A$0c||AyJqotFNOX-@H;4Mk-4)o*Ql3J#su)6dCe`j z;VmZDAR?b))||HN%un;bTZkp->eEAG_v(t?&Ge;&MX?NTT+Jsdhm?A)2FtdtUSErB%x9Mxb`#U5HIv>ZV z9jh}zF=s1OV)7ZO?LQOuV^{Fe99pN@FGL#8+tD?-4}X4)HvJ8;4E;+~61)yTELQ`@B;wf zS=l_gO$lK@yaD`NB4)QlG&~S(F(_rw*GFETiX^f8@SxHPC8p1UTyI1!E}@%Zp?fX#yC~K z%AUGO6?>Vy#=J%nd%_1`BygQsKaLw-7Z^MbHmA^{-kZ>B?R--o`Xute<8&Gcr7hXf zp{1w_#Kg-vU&v<(e68k1OEg=!sI@N9HikZAOpwHUc*jea)skgR4O657xHG>k!HrWe z+x?AewfK-D+hWsl_r6gz5Nb(|#Sbwtw9f)2#>yfDs?1Qn&CMRSoxbK9vOkJyjT{RK z9E{kWF`s+=QQtZ?7#{R0xk(khFlu`9+R63(R`CgX&vYLt_3Gn`#Iz;ZUQT&9(KUpI zu5t$mxiusdKO0?8um!Lu)C5={>vnG+S9ZNH_-ao&W7vYAtrb|tJCt{sHHB9)R7$Kc zFX&*t!#~;bfv8d*cb*k*Cc}}6afSA1b#?mF!p*AZ1gviQ4Rgk$S{gL8&A77R%!RS?`%o0rHr9kL(Le-EOMk>bVQeWA#uqMV8aD_V^?sp z{m)IH7|$Z7;KKFPKwCM33HU5R4S6`nuiaDwyEHC(wP%8v9Y+M2SfO>mqROp3YF?4GIz2eO;TnpNPur8@gJv=~_zDp{_0w{jF5w(dOmfB7 zuiP9qV_7^g2xh+coQ7UPR!?b4(HVa5z4|P8>G<4h&9%G>9@a+w)BzHbUnCapV!@m2 zjbg|((PJ%rSIsYEWhYD#@y|!utQC)=2w$DVIGvx;k_8yNU~tT3d&Mk=s9eOS9ky>$ zx`*j5uA%j&N(aXVSRi+6?Utgmxn}~&ks0vCXekh;^X3STm>g zDlf9m^2D4@ixFy&(p{@ec31{0$#mGU1K>{Aujoc1JRl>f@W$QM{CpBh*rE6~G|pHd zSGsg8lsw)(k2$IRl(ZI>3EVzz(B!0jz>T|DrTnB0?5=(9P8{up%#xw6YYcF}m{Ip{?ohF;btT%YQL1ZtX*$4Y4;62gH zU*&KHNQMUGj0wl>(;(K=D-bmUKQ|UgJ^Zj|e!4yNZMk%BJ~CW^3YN5m4698J5nO-F z8*%d^V;|ie&?D#qW?ud<#1lQ2{~6|jA_CAI4nS}o-iNuMz(52K5%M;&edsX!T=GZf z2Mh|bqJ^=uzMUn3ycHdRGl34$jN(kYAfK9tz9yy+`DLI;GTQ{t)ZyvJC?V1P)f&ORMy5lS!fZO z@G?T0W#&m@xL4rwD)ZQ9&<7JSKJfe!B_^h)myg_a(hS>n$TShj9zn@`%~qo553k-4 zI=0v)Rexu}(YW%4{vPq8^`5hR)z*-r~oM#~# zm6v`5K<|uTGqC-DliP%Ky#p(WN_Vf{39Gmdu+ofGPN|=WGNUR~Zhf}w?+Y9+z?q8W z!c(~iH2{tLS4ex%b8uIp0?3P2hxYG%L9HFwEfI_|E9cgXM?M!@g2 zyL5_Fr8|Vd)`;amf(wQ%xyAF&(2{nv?^>VHsvRd61g2KY#a#JgqS&=A6RhbnXLDfz zSIPPav}_2XPY26FJM{u~r4}l=8Ixm3{Rf-)fxce8nolIpP{)-n*T@9&@m4(}`au;a zcu)97PNjBCU^w5PByphvqj7v*{`?IJ9_ydBCiuc z((VzRHP^`}kwarkw0$HEAN*ujxuPqODdapAL(J)VtJ$Pd;~mfb*H1-F5Lmk@4bTXq zY1Xxa*xoH0oV)g`+u0T?Gl2fCg}wP7B#~&p^UpN|4j_nb&4fYo z@7EBN^amhAI8b$&KNphNgADP1ZzN32KzQFch<(>tb!U0@{QF(piY5M>SNq`|45+r> z#!C+m8UBrz`lpzwdp;9nY3lS661{Xz>)l+en%?71diMdtbHQih4!SW#Tg5g6K|&(_ zIWd`04~Z1iYJMRf(%C4K5-uK_{k18XenB8K%qf?pxd5}n=}@PvQfS6V_D3T z<6?8lRK>^WTM{l2OmQ`}DazkYmBhgCGu0uiX04~sW`h%PLI!xUr22bYkL!}t&!PK? zbv|ssKVGt-2u~|CB5IFl+84jXy{0X+^ASDwhim;TniJzpL z9X-Tj7o;WMxQ>JabB_r_A9oa^No$Iill`;nh^UFz=EMOOVK1$?$3mfj-oC3ZVPrG^ zDjKdI0}`L_92-Eonk)I!w2C%D*|JD9aF4L;|V^`S~{xJE~F`|-b}m-ZK2QBx$! z;7qjIOlP+>sY@Qsy2Kjq8hNgLiLZT9b#1Xj-9T`vk2R$T?M^y#t*v8o=8g%nr&~UF zQM}5f8)6v#J!bmvnh8HI?u86M6R~7(FV`QMi+Q&(pWORfCF^fb_&YOU;D3*qFqB{J z5jxzZAa;xH!kMBl)TI^fGm6--s`eIsdueEEr&aUVZi$>gfTg5ebvM*ZIYa7GNOV*E z7)Riu>?&4RuPJM^d^-$w7v=6V`io|Lhfr1E8n-!b9=+;DRJ$w~g%O$f9gR_eS|*?Lj(~%b+Tc8;SfeazxFUBE`;3;~*bBA1ykh4yPya=J3hOh$Qe0G9uK_Ax z)&WxjS_`>EF*40T)KJw#CHMen|WnsG`&!ZW$0^p4Jxoa`JiKmEa;$|>(U~KdA6+{)iygqxXAQ|ey5m9;5gt5+!C`?E zMEU4z5;l+ZvdLo$ZwZ@yNUc~T%G9%hA*U;JvVhU+@%%>vwvjjae*RAS!*{@sscU3! zVQA#2t#4&&e4iXYRQ~xa_Y3vQ0jOUBK>hgd1R>g|27M8=;_5gcjTMOD`jkJ>U*iG# zD=0C3hj|z{Y=Q5W1jr_s-D=Pi2w2k55J=kT{gQ=;Bh-H`A@(obaqc)f7Dgrjg?1~4 z%XYgZJUnFhe|`Ob+9wuCAMJ)t2Qu3m_Pu}X#wl%{GD44fpljCyOlZQk>H8c~f=m@! zz>F}}Vk@ao+YTS*sv5L?2ng6C@rMe~neqzBn&$R!OXF{bSR1@Qhs%l<_h` z@@Pbu&m>&6je;n`4196ilM@pryIkzc)T40-H8@`&#XQ)k&KzG2DD0>Tr(}5|L<+Qw zt7@Xwrsal`h&)wkvSI)5#Ek7GVMrZ81*X9Gr1=Awkh20%QKS5E#h1lX?kvXP{A)rv zz4lzgulA4-(WqXE9po#(;TSC@))S2q7tzXY?num~&rWpAFvka=jd(rGj`72F-sk8} zL%)4Y^o$?hG9id};*9U9vr|b9aMW-L4-{GsA~0p4bPzNPO*Q9Ls29=(YzE*o#Ngwjq+==9^oKdSU>ykmJE&{34 z7}ke1C$_glDGJ}+zW~w>4@f(FxRXl5{lzFUXrX3B4mwA^XX2TE$T4t0fEiLj0)YVv z?F_U4iUwdsbx#}uG7|uYXh;PL1O$dERPwPC=7sC7>MOXIGferGT--^-KNjF!QVd<@ zBd-F?8zWZp&8zmzfq=MzT+43MB!NZ43`qWS+J0^+38bJ2RYy+PE97;N&&oI`R2oi6 zX)siVxukp$#xHDJgA7D3D7}>IAi9$`Dc0Ey$*8}LRq*M*IenrY78?4LAOLG~kGz?u zoZ}Ixi_vpC#bh`Yx0gKp(WG)v3nDaVj96n$kcu63$Q5yinm&HD)-9jSypSAVU`m?2 z<4!ht&d;}L^C_aaUd#^5(iJr~K%s>=%CW?bCl!w1g=s%xbxA7XFoxC9dP?vly!hhD zE-jQeUUgHF+UaHvPP%RG{?jXsV!gCfIw zu!3{l(;zuP@Ni+1&AGaUeP z5D4I~4#}65?zX=%_U1*epb*ZO+k6eZBTx-49OQqbBGQOs2~3DsbCo|#(T&If-Hq~O zAo>0Kr*=-%Abc!0=LE)XBfHv1wPjxz2HA-HZM20bMOBO}9dqft8X=`Di~HMzP$E&S zAi^J~ody_}BJ8!k#@gD%)xLB#3z``Rg-s=^MV=j1;3y!=V&1g(nxgG{B(nlKw1*al zV;a#867j|Wgs@a(E;v!#vqmwzB9p#(oY`>7z3pu|nBbPk#hP->3EWo~>e6N_%GRek zv|OUbGsN7YTQ1N}`Q}r34Dkb=HlTsIs=`G!POea(g!)BQi?}(ZRGEx(24E-6cI(!2 zH#{o6v1G`>elbee1*Z0}f;>nR+%DQxOW}qxtJ~a?TAs#A?D)W{p^EFB^Ub}E#4KX= zuE+66TeNdK{B)?`ARY_X1Y4|MkP3DDCnd}pt#%@udc(|x*fa2DmdYb1H%LtOrSjQ`)POm|=m*5_@42<+oP zB&btI5Y$X0ul%uC?l74}`}2zmq z3vCnh8YNh7Wu#?z-SvLzbzhZp zDw1JO!if~gnf4Fo`SWv-o>45!Bx?`C-tVmi`NnM*)C52&l|g-vcrjXXW$YhtJe4U+M8*2H@}7 zWq?_?KN@U)8*N~uW1zXmY0^J%`lp`IZ|C1d;*0!tP|p2e1|4uH_7GP*?scUOR_v0D1G%&CQs7u}Z(*0!$ z6=1M^+cHQ1<_(MlVBX;Y|Db>AWCAmIT`+i!{A@=+pA4Z-^}=4{n7#;l=&C+ z%b!o8K7o!Cfi^%?(@NXM4)Bw$t-bl*%4go0Rcc#V0aP-zbzC(WJDq#y zl``l*z<+rm#@h)_K!-LA3M{{#-ko1O0spff9+t2us6T(JpzxgFM-SHbrfX0X%%3mc zw{5PPdT8>?Ke9@<~W(cA$g|_oKbQf|nrD*yD=d1?CbMrLcEb1AiX-JT#w^&(? zB6@&I;s|-{2#NJssOw&-WQ{L6a3p4ng@xD^TVy9@eNGx?S4+yo?6oKMZQNRtVzv&$ z{`&E>6EE{UXdKPy0BOf@H3?&>u6mS*?pM+-dAi3u58eAZAD%lZq05Sjb8}$Qoa^cZxZILUfQt-#eGh4jsy&RzL~bP)b4vg7);rEJX`{5?8{lf|367 zpsV`noT(4yD>fzib!JGzdHhaOsu+i&aHXuThjQil@=yZ{G9%9N!B=&-FP`jQf2dq_ zs2d~Ff6I40Wbhug-Za5~kI(G@ld0RKW4S<2IOdeh__Lyq3r#HKjS7umR>$f_{!E6h z=SxBj!U1`OueFx1r}N&$3R-X7Mw${Ik^?5u{L!%mnsnQaG&BevvS#EC(Zo=*EM*uJ!`XToYi-PFr=t%eD#%|l#7^xX3Z-EIEh3M!15Cz;Y0soIX{$cw0 zqlkW2Gym0*2`H$4m#YK}*Zybk=AS^Pqj%MI?P9cUm6nz%cYf82ud9z#tkRmQbu602 zFcSv1MAJC;X=z*4hw#Dp?0kL|&XJkuaqek5_H6N9DN^qf@f>+%_T2+9bL&WV-O7So z&DLz+QyCrE#?$ugY4)gPh*hXaxHbxY#fzSouhHDC*IApSY@m4>IoY49Ix^yfmUWT{ zCB7{*2SR-bR#l6#B?}YJ&rc++uN~mU|2)@8?e!d%xY8KinmVpLjeC3_HUxUMk?kN0 z7>Zhk^~g(C#c2(_MYaHj7htPM<&>Vt-<&uCGeMAC$qlLkt6uGQ!{o6S!03H!GEk54 zZOI_T4^YQ`4oiUC%U@>!E6ZLj(Q^+vw^OFSZ~y*(Ey4e4Br4@?H3mIx5&<5KC&PvU z)Y$Z>TYsyF{p|_AZ+>?mfQt+^)Jvg?)X$QP64jCG0yJS|ullE#<(;g@R|%tmrxXJcN%W3`40`91+4}NWN{y3< zKc&7RqP7xPRuloa-|Q*3`_W4?9H%p)6My=$q>s+r(}aza&U4zW5zH8@1@)R14nj?? zs_hIWeh5u74Y|?vi7tDCV7A8!88u8>oH6`H$Wk++QuQYXV(Dda!_yR^1+o; z-fjvL`KKFnC|Qo{kH!Cv7$`Ytp@^!ID^JgJfkvp{R%*)qnGF z@&DUMK1PCvBp)Li6C1$D0U#ZCNAi6?{P&Q2cUSr+k}tjSIbztxzS+}quw=g)#_k!~ z6{LJHZXCsyFUkyfB;~Dpesdu-i!D6!-fJ@NMFPyWRmEDw$Lhkj0}4I76aBY&KojJE zhgnk#r@qQ}8E}slf&fpEjBw?F2p4DLE}z;eJ5(JbM8H>k9q2tj>yTV+^=E(y#c*fc zYM-w|NNx@dSPo?OGd$<*ELcEE2FHvacym-5Reni4GBDOgF1C=$odlH?tWHI^aLMsb ze#*^#02^AqUL724AVWMn*ufh<<8-(a)loI#38YsNFT}Z=hHiT<&~?s+9FAN?6o(Bc zv`#~b7P>|5Ea^v3gV_VHp{GmI!TyJqt3K)Ez8YXHM-dGSJZ*b<#`Ww;+1ar}I#b5Y zz_CR=ZL%zzaPMvi!&Jh>)mF3<-wtn3y$Y4(;Y8cbR0+#hn`=LdAX*I+vYw4hFmq1h z;fZ(EIBrBYO4lfYCBA(5=pB&*ZC3^&-pYs|aYSHR2i4ldQDT`gK0U*0C>({%ig@B} zC`a5Fb?u>^*U6fh;*p7agzv=Aq4FBEDHyx#-uoSYZZ8cUT18}%(hMfxU3n7Yl^axH0s&cY&<{ zW&8)2bT@tiDBED3tJ+`kI(KS1c6QGXXtpA^JyjoNdRJ{SF@}aF98a9H7NLrnAi4bh zS(Z2Blfb@>i#D)W(O}@tP~ZVoW{6l}13NsKotDa)a(L}tUH1t($BuuhV?&u~57*hCr7ZBY1 zK`u?$W-m@2y~U=tw9*YyZIhH8M3{r^g*G7GeD63jIf>#JXQ6ak?NMvAC}>rU7SQtz zyoqIxw&W)nlUz2cQY5wl(Fe}d*@MIw!gs!HVI4YRGh#{^Dwxq*>Yq*XY!hy493BRD zYw0TtS?e91rdl7buoB4cD-6wR`{aTwk+RSEG0|$+ zM#!l@YwPEcSUkh>#T(0f-phZ%kJ{QW-t{s|*8s$`0i2UdBzYT%O!6pDwkeO;0~4|Y zb|;uDLvKV|d`m5DuB_M)wCwS$xw^5Dae)TswySY{CzqdeDq2lBnoMhqv+_ij*@juo z0i~`+In7sEo}HKa3;C)~KZ+)JnWsL6pyEa@4}O%CN%A!}bliDCqEatbH^%p)cpoku zNdU9fYU>>)deUnyop4#1EgeTk4PJK};qr_dwq2HXggZ@Q?0AfNs@~G2Q1jfWZVCr|&@)2M54g zoef~3#d_CO1#s5^^eX-k2mZf&`+tg>W}e3mBA>DjL%njYl(V|B+#RSv>QQ%G+}>~p z3mxyZv=va&DrANc+y>Re^(2X0&5L}2?0vF8eK=jDP4^lx)YPoD45VS~NxLW;@zU3q zY;w#P$V)?7QjPTdNXy3uTv%R{llab+Zf__{UrW!w zY~+7m2-S{>us1BfYc`mI42%*wtz@au9qlrj zS(%^Ru5B?qc%H2AaYZm!m4J$A2}!PbL~xtUraE(cRnMG;%U<+19Nz9O!j|@UkawBK zs*XuV?y-t2xQ52f-<~at6kbx`8Yq5G)j}A&UVo31z@Qi)fPrs7fMI@5&VB_=%eJ)h zJqQ40uGzBeZl~(7x^;%v41emp0cPacZj-miU_>~_TZMr@L9CwnQ4gT`7tA^pC$hj1TdjOUfr1+(>VW3S27;c^h&XyopfD?>tSd4$miT9-_UR-5VY`V!(B=HMF%1Xu5>oWoz${$DZX|b zH8c2r=u?z9{=`6Cb+6qmJOlCRQOiL|@|Y|^6Gdnk8eeq0eFkEMv-xzg797+HGCTI> zN|YI9aVEzrB1vl2?aP-BeQKXfVor08L)+9}K{dKSjEfCmJ$X({2ep<8E+v9FhQ3ic zUWqtX7uS>-R<3ZjmVe0-F+R+wst$fFUw|wTXf|N^{!hvhG2Zbsf65X8GA9lu1{UW3 zkSq}+fa3k@;0f^U;0Z8b@C49xn@7K%Z43b_(z-zve}k22mDut8gL}@rkra;WqsllV zH`?6bxD7r3uB^Ru|0XT{WC?}9kD~4398IXpDvGOE<#wOS!8z2>bCzPj7m$lof-{+o zlyP%M(W)lXCT6S)+!LFU!k8ZsT|K7z0{LW5hogPArI zOlxi~B1!+0@%hoX3z@eu6VJW!c-BA2@&LX6oOSGUY+;x0!OY`@F(Em?Joj6I^tUJc znSuSyf_4oWdW^~Dy-;0}weuq8la6*WcxK;69Ww1cMD&T?a($LTq@eeC`QQe7b_eE~ zDG9~L!53R{AHd@?EvecS8b}*7i$3{p3e&WdHMDGqSz)5bL7{{YEa1>_iuB;G05Qa< z9tveOW0wF+7c?{zTj=t6inl}V%q&@Uw&;9YwiyTeWM>F_9$1h8{K@hwYVmMFpX?j= z9Xj^ThJNAaJT}Wtq$x>()QAMLIn_*Qp$nArgm(Vk)AZg99i6QHWoNOP!qadvF7u>KLFBj$~I^UX=oE6n_U)hx-tt-QO){o?QawhE9 z_X@k*E$Hvw@HV!;d&7%<`sH>9J_9JfO#)VR^Zka5DEaQJds^3W;qi&|q$;TYZ#{2t zfc@CZ@4<%rz$+f*UwOr&{KYFC1xY|gN=8ryut)zi%lpNie1A<&{-I_3Un+99`s{$+ z{O3F?JKzv7Tz2mo|NqN<{!@w;xvmg34D+J25T0bVeL&FAE`gdY%Z=Cy$huyBzU`a} zIb6a6@kK+Ll}(klN0-DSjJG_?C1BdSH%M`vhyJ`U=e%lXZ`N3xKckv{NiOqC_jYzD zwvL$CzJfnbHanj$@jgU#KWl8urI+zY@Tj;n6tHQ40~&w5WlA%$6CRI?THwCAY;if6 zw-QA%C19#kt$4NBQg2one1H&|xRPXMoN)R|ltF0h{USWKkk%zrtSouGVQV*CrRk<{ zXD2~=>0|vlQK;H%>HK{kVK(2b^L%u&n?cAU$Mm0_ok%d+#m2m>>;(e3&cQ*A(;=>Xtb%>WGlKiVX zcsv>uDapM}WwKLmMOJ+uq-eh)pt@pr5T5hgZ`{6N?|0ebw?8v6js8J9LHw0=dVqp} zg?iVA0rPE4*te=kw$AK>6hA7^8_DFJ)nKPi8%pL;&yH)5#U0S7%RQ{z;Vgx zn_iLZ8rnqnMu)tLV+sSasDT^W=*BmRdu$vQbXh4C^<-#E=2JreaaE<5fRmqE?N$_Q zM#s8Qo+NrHb^^@0JWW(x1~jHUoPM554{;UtM+(1IoSQ*voxN-q=*W1(5LDnkBM1{+ zLVHlpz#t2+4!`~UY}zk}IV6Z8KHYtXp-#%B5J_LKsXnIwPei-zfQom2onFre<~@1= zaL5W1nE zDdIKFj)b8%0sC|HA$u6}RbsG1`xXqa*a*@NJ4lyD8!tY%HFcW9ya~w}Y_7y>gu;$fog1k;Qghq{}XMltOsEWtGpkCxO&?AIvh>A zyIlayRNu)$A7GLA-T3rjY*$45E4JGJ>;kKR*skw>CqPCbtS2{96e(7g-W%;7r~HuV z_b@lRrOYHBYz2Va44DD(zAOhVA*3QLB%mNB|3d%^76nXBMn-}0yGRNs3ewM02yS2a z!H07I#3t{gChtdznT(Aemb2MPL&Lw%Vt{UlM#llDo=6sUaoXd53LaOn-*q(9$tl;M(ISjM>(6oI!6dpD;|X zj~GD$XlLdJc!=3AlLfVj37sb|hQ4QRcX~;;)mA(dK-Ts%c?0_k94XyrW6v3+86?xi z(?$J-zh`6j6<~lXr@jrXu8kSpZDw}gZ@_eyoJst6I_ZBt5}LPW+pJa^ztV zUOQj5Nev z%r|DBBtaHu1cubE<^?QWR7A}16K>(V!%y^{ePT_tz|!ssHT-Jyc8~;otreqIsK`~I z!t)iV6oD=Hr2t|ItMN1YXi{(LT&@Vrxt9Fm1KOCTn70F%af>QTnZ?-X+VCeR*79%I zuDFYV@XUfyi-luDD&<^zX{GxXHzZ(o6R(})zfjiVOySnfnD&7okUh=cvgN*ho`*!P z*f1R?u_uGMgLc#4A8)XmNNUYu_Waui*&c%wDaw0T(6M*20+iD36Jy=q7#p_2pRfR~ z4hRrc0MNkyy*Ll@Cki|iER>e{QHFwHS5)9@zu5c8-8Pt_iPqskc83&|%*3W_wrWNBdsEmZzks-r(EAEU#U@sTrtJl+>^cf0<~hPQ>LCR*H}1uga;#^D zIvS1(nTp$$pN%obIEw{$#M@I>oXK5R?I+&#kbaprg_(XN^+q}`z0ZYiUj^8t3cecB z%RQJKhkXr3DS>B~a6Rh?4t+Lwndmw$4>& zz32D~M*ay!01{nZlkljvgj0@#CaS~?sB5pEU=LzHHgzN0&chk~vg)Yv0u6_+Ah+2@ z9kJAUw_axXeIckhoi$x?+w%LY1~{a*G|bNw?I4q?CYkgCHFWh=7EGgn)pON+}@y-Fp+F&-sqmd#>x8_q;!V zy*Bs01J)dC&NaszlSx^mzNS#=VNpWL5q*!3K67KgMSVk&9+qn8Gvo&*_nl6QZH($k zF}%=DUa#E_aCwm;vg27QL5b44UXKy?CH~fDJJrl5$YA57?bH9-LXuhc}-(q*eg0p%JxUR71!S(F39Xt z##ZHL+q{XbsWJMVM>$Nj{z%u`dgeyEsCJpHj>=?S+PuSQ473+574Ga`nLfyhy36u1 zAYFnb6#J#PkE6{?bG{C@f;z4E6zfv&T9^#T#T&dhq=l>Y!gWgU~I_;Ov5KbFc zNDS)(ps*+4pc!5u@h@7JV1Mkoda0bsW#0!BppUN<5K&)fQmK2n0$s9!w%p1rObQy3 zENrwOYOvdeicO|&Zt4zcpef;KZ}08^&!Um(zV)&KS3zx(ok z^4NxP`P8b_YMZ)sf?nQJtKgR~50LNONp6|uP8lySdst+!wTMEpKbImTU$J-Z%dKZ( zrGt$RJhIykgt<9$1UmQFFs0lQg|q{@4ye6?yhXrrCMyCg2 zj-8KT={xQ2aTuD_n+rrb5_sI-{g5j|PAC$axW0XezcHw^2#2LP{`u3)kubdP0;xey zVM~g#760xk3yMU2rMA9_m2bmIUQ|ds?tVf)pqSK@1==(w|!=GSs`=lV<#z3w*!(OM$J|!X|)bgbLKZ0rrQ42BRc* z)g>1VMcmxX-r51MRhO&43JqD=$=m^K%PN-#qN1U=TH8C>nVXs0J6`I{!J@HU9Z2!> z*Z;KG6aoVfnc#hNXk=(Sf}fugbp);oMkps1M;A-*?mHX6TVm&BXJg}J=K`}N!9(tg zA?W}5^Zm&m><=7%i=1@OqYh6QR~{=YK{*U^SXaSzRd6BkN5*0?g%gLH$9PLs20b|m zvtnTKeDhe4wiFp#MQiQj2wKqzqCHmIdvXt5TmiJ@3H zVyFW&y}RvoGr}Bo8G4Wg<#E+P6dqfeXkqw=aEfiTQgJ#hq1K^_C{-m!h6n zn&Few4AEocbQ+m+(Y#f?g%<6O=C}Ob&yrPdcc;?vjQR0n- ziC=PLK4xx&Rcuct)#iu@UmAJhndS$dx&C&n+L41M{4=OqQPpy-88eN|pNog8IiQi- zd5Iq*REdMmjtd-X#zENe_G?KG@^yJ<(Sll)$mXQH}Q?*q^cB()_m2P_toRB z)ga-gOJfrE&;}1xOQ3HE-1@+S)Q0f@Zn50xAlK3{2qYBw5`L+U3MvhXD~%EFYeV95 zmztw$QY83{@)fvsiI;QePl@{uMnX~?rP3zC;?+8g!;&qUpK2;d(?zE|3{vBlpsIh* zOh>neC-f6%{|21DCMFQBu~XB{;6;U2bdoSMl)1!)v}E_$OVNG<2FQ+`qG%<86Pu>2 zkNRSvhTj3k;VP1Acp&;Nrg)9KxbrDJqWx##5o2~N!rP|?X1SdoyOG)^pL!_=r+&_k z=_Cm(eONvu6I#eDOW zAu$bEW-z9$Jjg!!8%o^v4UV$NF7-C4?WZ)xNMEw1neHInpJrn5ImEGw4W^DiM6S}P z3v7NYrtz?| zT;|ICxEAPon$=Xk&L@m})3qJXK9r+`7)AYJbX5>so~&FZLOj?FtIGjXe^v4xu$di=J1Fxe6Z)`_%lXYzR$I;gwiJNCu$H&pLw z&7}WGtyx@ylXoo32;l!x>@~5zBX$f6{7vNc${k|~>n2p7;KJJCTiuZIHlzT-EnB=4 z#c{gc#Lx9SY#a?wrqKa=b$)>hd18PO zaqaL<5i?cYGyRk~Bs8d+GQdm2fI=VPHx){5en}MrQT+A)ZUCaRnF56G((<^1u zU(d}9Vg#QX7U))Re$9Wn3PDo4;MIf&D3ImgWWQWofFT!n_wPk-}irL78NNJ1srAJIr_%B;QvqJgYDrAD|+F92Elf z1%x6*FnDyrpp#COgwG_EMeZQsWsjzxdMZ=cO(m^waN@8`R<~y*H4+xAmm3vRy+|K$ zO6?p`-qsRVrj{&Uq8jrFn~iWqNilo6tk!0%g-^rzwYRr_{EQ!Iz+_;v4ow&4=~Cjt ze!wU5BTgO+`T!@zO5QM*EPw6FEc}Xfl76~dhV>*9%eior2XCh)E||4}5QVnO~qD&>Lovzr8On zaTL;ey)x#7J5^ENuLoEFf4IxcJ|!4Z_n+d{<(h`KXmigQ%&ez4Y; z4DJ^+3z&PBvZQ~NK0I1K^WF%RD^v;CD%6*I#9|1aCa5O%aj?#G2wI{kBlts{k-#_I zx;meVDb#pg_su|3i_v{;C+^zzW4cOb>QFuGQ!;V3I#n&HR* z6e9vq3hS{v**syB#<7if8E5)U?ce^spum5V95WjqAK!miju|2Zz{dwpVE;^C z|3~DQ|5qONPYBrGl%aNfpPY!yk(kG|^+%uWBP@{e7Ps{7a01FM{;Q|Pop_>(M^VP{ zpFJo#F%kSqnH&msF~wpJnadfBb@DA~6oyw?)byMv;O>ri_vKr+1ml~P!$-Fa-+dGF zaCd!6ToyGmh1QbYVZI^}m&B=sLXnkV_OFN)yHIURqSXhBG?*H>QpuXZuR)P3A13m? zG6abDdzots<5E~4u_h(9mq@b~-AUQPS~%@OVN_l6SZcV_uz+4LQ1n7UM>BG1MO~j{ zEpy8R54Et*5N&I=%i~SuzRk{|SV1laPTyy5)3;eBJY%8eSr|*|x7~;hNU_xQdYP7k zWd(36qO2OVQy?DYZ_^zDCzv?Nouz*v?TfJX)tr9P%{H5zzNH+N#_7SWJu{5U+FkCC zOU`5BD*SHQ@C`ofG}j^HbcGSJA(>&ELo=$-nl3gOnvvtPj%QSqEQqN6#cuu5&7__0 zpV|(vj*6ei&J;!tsW(kQ>C&|a&HZS?CRGUwI*A3v(ch^e6XKfUHNhj0D_^QtwVSOp zS%)4byM5{%hed>C_58>p4F^X`zhb$<8b6Rxm#5Ew;d{@*6Mc=x1sYI8TiczzsURW& zZoKI{hqaUPny#r$7-{UNj_q2ua%GZv<&4T3Xqo%>(I>uhX$4F**yG1#k_DR0pLR<% zmD@I=cq=K(hiu4i`^{iN;DiL6F><#*_lV2@uLLZq{wt(d&R#(ZY&!rafXFdS-nnB0 z3n%$|lN->3Yi8xFO?Yu2q&^XFn=a}QFEgFIKuUuh&;sG%0P8vdE%gA2r;FkL`u+XMUKfx2 z@?4s_w)$|wcWt4S<{d;4o9t=t`S0s7*Xs7F8kXj>7Z``vJKP8x1;M2JcyF!!gn;j! zjhR;uv`(2In;ft2DBP$#-3o=F0AlWdqU-dx3gup{G2O!C$ir`?R`007bZCc=X)2s(B zZ~0!Il235D?AD16u|dE1GK*v__aB{Wg&#;j{E-Kw%)Gov|UnB3yR7q-#`l$L;%iF`sObJ)u8vQZQ6+0DEd+F8^f)8UO-G#)Q8J<6J@bTRz`r;qQ3J^QKNLVdK; zVx6}}N1rTdzZIx5iSV@OEQx2hG4>hP0q8JnXlLp(|et&73}KtDU4{8O{|Hv zjTu|l!%=BPDG)Sn>Z#`%;)0q(p`o8dumQH7< zqte1~(N~KmEg!68Xhsm;8E@d+eei}aeUf)ubzhn3+~(cg9DwR{7Yl0_S2ru5hTYTH z#rzkWm)VxSvU#}sfE(ck*uDO_&EJ%4LyJ~{x?P9)mYd9JbFMJ-hpDIh*kddZb2LBX1hs{>NKhGF{EaZdl2r zf;KK=f;TPs`Mxq@4_d4zA#>#0rBtu;t(av z8B4`)i4K1e`SxB;Y)whYUaWNlLib_ht#3$~)-1>zkLl6x+;})3%UNZu+IoO6XjN{Z z&>~!B+=>!`@oG+J!xv5=6UD$bVSJ z0P*GU*UUwkSI{s|G_uXc$|yGoW?I*+==j9^ z9m^jkazbstb*CSIzR{ z=jF$d!Rk3G6d;O04-!ROfkTRa64_6vGWVJUx`h;u(C4N{ioiyE{Ogw(Ql!{QWvKfpd5&*N{n4iVYWp4e?FT z&?K25o&<%oy@?DP_}>QJRYAK2ybS@NbM}NCKTh1AdU6YadLBiDy0%e7} z6$@nJXnMH16a3F#5}1)Ka@0JF^i)D?pL}GCo#KdN(dtR@#oD=R#_$sd ziZ5vo9m>BRyjR_~eR}Rc1VP^hiUlbCnf|QdLEyOq z{D2T~fS(-T*J8jocHm1&3;Y6@M@-7#Pk^^2fj7XDkV!&FQc48uoS)OVfE_^($Mcl2 zowchQ=uVDgj(C{pwYBj24FF)pdNDQx=e-RfJS0O7LsMfzc0+RyL+~|!FW0#waB+V1 z(G|>p6tPK!>5j-+dn$NHrb@FOzDGa%ar<4*ZRFL?Ax+{s(BvDUQv}rl+eH}h-kT#gv7=6Em*W%jq5TCiGq#t^Qg-= zVXwalMj6E@}!Z@N>WLjBtMfs|#bcXtm*JnbcNJHpL5QOLb# z)&)79bZ08&JBlUo0vVN%^^q*uzrr7dqw$BzS!8GGBr2vDBZSH2fi?C1xR3dBjTc&? zmwCK~`1+Ql9L=o5>}c?Cw$Anc1*{bm$Q*_Z>a#UgpTl$yTNAR_e9Diblk^2YtiG?l zW^eo9siUj=**CptErrI`+xr6Z4E+a;-z?(KbKK;BY82pho7q};&tmCIWK^pt-F<`>Be zzzc#bh1l#r4^zLm_1|+1|MM=3|Gl^Vr$u%QjsGRXfzrZm8)1rJY=n9>xk&#|HU+jl zJ^!m4euDe99=xWL+(t!@4fLS`YFKsr_redTCBl}iiPh5M=baZPn9-FS_g=|P)_)_? zs$i^l!&x6XqFE$rB28wo5xDy(Qd;YbIw#RdJ$Nd_4d;br7MvCTT&$=rshrY~M1sJw z);N??zuJb6Uj_ei3)_LzUYF4jwhjzqzyPQ8T;puKxjoDfQ$j((@@y!9tgnSq9>0C@ zvkgv`CUn^69COm^)wVIzlaJp7j!4~MPj(8Qg~5=O2(7nsZ8lpo7Axy}r!g1K+DlnO zGmx#LVU>N{#=!bglf+%r2tO1?lP}sI{+|Ttzgy=|W6Uswnk#{R4`Sqv$bD`vm$8GH z5d7P8hHT8qa~FhoTF(d&W?NDrIbs<1orHWaoZt=|oFEos&NiCqC9;|vaR{4_pc=xS zl^9y!tcA-YrypzoVeo3KvvuPyM|QWJgdo<|AaU< zA(FbCZs@$wVHe?Y*HYBS?r8Q>4Y7~Pl6jux49DS0V=S%&&%~W>nji}hg_|27Zw_$R&KDvGdkyS>vi}mO%W8iAi50y7R=fbPqVxhQeo^{@U`5b1 ztN{Gqi<&SLG)fKTOXeDoNHli=D$QNZDXt71;uT*eBhm1F9(?XJOPGT{bIFKY<{EN{2#c-6bxuGm?5t^a=7Tv@p`3$Yyow~h*K$lQL(cPdWL1zo=P6Pfq3vcrU74G5zpbH{rBCHrsJq2Pw{%E_U$ zeK@vbJo=oeKj@dXpqCCP8*HvID!JQ=3wMwGfnwGnWzl?~*3e*c_F8EIA#Y`gFRtRZ z`n;H@-(&YAiwjq7C6x<9nczii!89EkQ!Q~k26@|ZoA{K&QH9(!Uzlc$TBcU#F;O>c znSwT<&n=*JUgD>G(CJ8;Am-ap1Uu+H@)-&(IPf%&p}avI#p?J z7R*Iy%-Kwf;pj09i^E{eHQz4!Na9t;+BXaEA$_dE_d`t_`V2eoo4VcYkRd=z<6F-k zAbRGd8-trMfrGy1ji}vA84S-X_?VhTh@iGu!uQpyQnNUWy!H&@OwjbyFd<8c;Pw$m zfXAo7azbTz+F0x-4qXuYC%n}6b9Ohj17ZMkvtJFr+VaZq;Q;p&oa}=|_(z5h<|%vmw0C%zc{Z)?P5B7RYp%3#Ufyq#f9$5r^N2X zG&`fjN^gwSXGI!vwyCv**4e&y=UdhNr+XOU-i!Xk1H)SlbSDgJS+!M-a3v>uy>->k z8FG&9ZWHD>I#E9mwwCk1K{>Hmj)a*`pEh42DV2_8Ae?EhcD$S;WW~BA@8pZkTi$|8 zy*>V>G`E9ooHhI78II0zNaAF;uL95qHG6~^^9KPx|19<7{#((n`3P7q1?CevwYau$ zKA3YOJCx=l_HvDM!E$ixxzpH-Z)4d?ILbReI^-n%itX?^z(1AMuF-sA_1u61-+=;0 zt`VvDlA=wb_50ohG~K=iLHX~qFvJJ-Z*NIR%i znG4&|YQJtG`P&KJAzCAlnDZDoun5awvf5q6|G`#E@N!(nk4nL+^FcE-j$`+v!)!C0 zxXq6}eZS9BhvDn!TxyoXSt%ayi6Tk8&`Z{uy#6Psvrk3!j+kioe{btWX_4?w?S^7$%iZHet)a9t7h))9!VyHF0+HXm zAr5Yz8x(N9voLPa3t#I&ix=mUMV92Z(IAtDG&Nr7jmC#y?k{(byaoS9Y1;_FgK3%o__BnzuW)ZKEvB>IhDQ?^Vy8H%QtN zi_c8QJ|P;t&1=upL*5>XT~z-bYkDYBI9+EkXJRov;vg2Y!~AT`Q!YF6?gFDuhbYxo zX1X9LVK0rpXi`50$Q1ExZjE~x;mwwddUslUf_pL3}%J{=@2=wC}UJ+eq-B zFU+l|?NaS3jm6*AQ=zfSUq$q!avH{<2==UwB_-Lw{^K;IHA!$g60VFUabti~i2&IiWrv{J#ijdT`KqPhL zUt9)5lDhp@L}~#6jsDg{5as`EQBeShi;%!87!r66y9=WDfBg426bLCKvBHHYCUI zsHzRWRBhT!cM|g@IlanLnt*gx{V1-0?czfFm+iX@6o;W5=4fESGtnO}UcQh-K5ntMy-1vrm>)O6bP@ z`1`q+at18h&&SOIZx|zOKaOFwM12;EqQPr@PkEdv+@+RquN;qETi{uhd;%D2V}qwG z5mFj!f4;59y;xW{$U5!+;M2KBOp7v^PapBY%vG@x)X}&X`zS)O&36BQ8n!H_om-C z9-L41jhWEOtgr(Pp%u7+bLp6X7C5sedT5KHzqGg>qss0 z3COv9E79&5Pcuwxfn$2fq=2ePs9Jp*)Z|^S&=q)7knl&w351u`jA+jNJu@>9#<#Wa z^3^^0Tf~x@!n9sp@3-7>m3%!7=QEz+Ql1Lg)Kv@r`o~8`Q%w0QaJj_(zWvl69E%lc z=9eiAY?3aqI*kQpsK9Hwl)X1e7#RY<3L}|GwS-WpvczkU$KaM9iPj;!L%>lEh06D_ z!0YB;`DI5!Nvu}O)<0_3%(bDPm+y}lj2G@KEY!)E7Z^SlXQE`OtM8_^LR3k9;#3Ln zrBSoa5J*SJA)0$X*jBm!QZ=dNCk;i6lgC;_lJwQE%v%4>Efwi(4U2r$E*O;`GQ{X9 zPSAK*^^w?NLI8Sf7yaEL&Gq{@veAb;dkF&^Hila=U44K1+@45|bIBO%Dj(@3F)`;? zQf-{{=t0%D63dE*lfO*%*z6@ZRO!@dndCJZsX8d>nLWg;Gm-z4d(}1O4M*;4P=g|w znEdsk@O(#nIr8@ZWSm{fHlw{f#`GaLfxC(5M>V<)am1l-j||X3E540Zmos2#o1v;0 zd;R#{_t~ABQm{H3C2^OgSZso7W3kxx^z?+LXP$ww9L`gjF?8`IJ{w84E7}a#oC>r) z_|Np?mbGUTAMM*l`VgX*?kNZCy=b6=yAo|5tEvN;Q` z0)zfrmE;gO4LcQ)1Cb|@8<7){H&Gyr>pvkQ90H^_ar1KGgiA}x$jC~-;Ic3|I1CAv z`u7kSs0az>`-`}U0YrZr%YPEUe;F3^KZbobcL%W|Q?}0h&WD-mw`!-I0%_|18a5h9 zwsK8GG(KE!(p^t@Ck02T>eFOxwVVOs-q)qYPtIM}053RMD0iYhm&$$1-i3)m;PJ(>22`3PqwxhB zu}Vt`dvw4OYk5ccKhsMh__GFkzH;Pv;QSK&Edo%b;s-=msxwYiH;cbhYSy!^HH;p z9Yct`or>1a>?Zvw5&rk(Fsb27z7fs`B&QwO&X3CtZ$q6}s%eKwQIJr;X@gC#Zx~q8 zn;%Syq8oW!+P@~S6qBGaK<~KIkdOXC=D2F=*A&?wkw zbadKj5F#JIP@D3|Hsk9|x349(y{0EO+h_M*)x;5Lfy7Ht!VoknDKj zGwAsjufwT06-|pzB8cs{vIwna*BB06u?j8TLc7{5bVTt>#=iGaT+dY=xlI&x<#?Fb zY{u*e1rMqr^7QRn(~QfqR+sZoSStmCz}d?`4}zCn&0!3_Nor@VMi48K&I@iFi;4B4 zj8640vd4&3c4|+V+gAFeZm7~rMk;9jVAkVFSSf#6T5gYde2XIVh)jl4qo#2*)h1e$A+A?aAW>oUrEj~!qI>+)vX}($rXP9J z@`p4Z`Otd})}}@VQ{{TIuoW*Ga&^1sol6j5%rrL;7bIln2QelgAOvK zTBSsQe~t2i)$SE0?KsBHn1~~2D!gy~PBk$}aGZ_lqHE|}KEjusU!+Ep(R$h{Y_Vr@ zyCKN9>N2a1+!?niBulB;Gt5w|{)Dca9Y$u5yXdWTOT0s63E1xl9+Y@sr)-wF>$o%=ji1|o_%};HkB!6knN8c!A%ic+N4eygE{}%is})w+RU-O6aLlUP zAMJ*W^DU8$U6drP#d;K1ot3XX>!W3~XRea%h$k^su5uV*InXy0jI2jMrc8>oM=cea zF<=T<9*(p>t$X3eRt$0fNrSWH_a1{fFb0FBmkv>iy`eqU3DtPq0&;GeV|zcj3t`Qc ztjr+~W4P}VJf1aC(B_9`8h3}P_^DqAFaR@8QeEgPu1vyD_>)PpQs0@~Ovc?_;(yJ$ z!zB@RRKYftwUApcQ9ufZYykSi@H;Z^!)v3?u1e>t4!33l zQlC7P+&?Fls;Oo;r9#7#&(e8ObRj<3B~NwtIQ*T7x~3~sH~YzP1IK3@+^zecV%0M7 zgG}818&fvur!2PgZ`ck{`*0fJ&%EhffHNQay|JJ1`-c^R^*GFq29fE*bJ1tIIPsG+ zNU7V~a#@*{hqDe`yO9~Xx#Fs$jL$4#Z$>724b=@L6hQ~#nZ-B##TwJM-*0!zh9XH$Pt4KbHmaIJcmcJMWAE2wxa(#bKO5ph zo80Zd&1DW8XvAX&$!Ng=_Pk^TQkOn?P6Q9g1o+EFkQg{&$iFWdrUc`Hk%LHu|9*2U zq(nf7RvT=I!D7^dSK5_MP?%tbu&7A~LU@0MfC0kVo|yqM9xERt>2h@>m5E6JsG@%X DTcV<- literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore b/kubernetes/aai/resources/config/fproxy/auth/fproxy_truststore new file mode 100644 index 0000000000000000000000000000000000000000..f5e41700dce5797a10c2d2ad2e6035fb131598d9 GIT binary patch literal 5569 zcmd6rc{o)4`^RUsgkg|I0(>2vj9wVP)pc0W*F5Sng`&bnoP{BH1C+N z-nF&9jX?i40tj)lpw$5dv?5v+t*WeI%gv&IrkDy}O@IxJ0GO#>p&W3002WJmDzM0p zPXdO6pd>IWh;n`#gaihIDr&vGa!cQeM<+)Rpx4<7%en(s`Bj6IKT0~^Eiz3Xwn^WV zHb96~po1hlMD;v9lg+$3WO~3!@l(6D+i-@7YN-TVxL0eJrxBO5*^ufHs&qX`=BX&+ zwpFR4YSjmm8<|V`Ng_`o&P-mz)S*yrxIfCzzu^$KG;zs(u}M7Xk6BB|zPNL0A8WVG zh{#BTwYP+=`h$7LZcLg55{sXdNn(b`XF#@}b96IY5fEK&6|;04CQsw!UgWt|$z&=a zm}i7dJkR8dC6%ni`@0RISH?dG(^*DLn9D1Tj6|eq;}PSf$t7XYna8pfKSkBISrafV zum>mc4lNaWcNW9FSRqg_2wWI*7Kq6J5R}LXvVy^zFc=g9&j%Q(HU|s>fB-@2p*V~S z;G|>NNe70*>7n57N06;y1dI#D=@yjoOyl4)yNWPe3jT&E0*NmI0AcFYqA<#eM|0}^ zkvMtquukrQt};XZgvHaLNOCy9O`U**u>lCu*19FaWuP!P{KuuEBoSrlz@R;PwztAl zoj`K0WEx#~MK;`9S39%gP$lb*g>M62-ki*pc+!}g{H8Z)P^EBn4wIo)mm(8aWF{_@ zD6E?i)*)kVreRw^Pl;-#QZ_G;WWmFxt=a--JvQMyCq7=|x+_&ytg&0nwJp3{d-@W+ zr%i00qnN=tgA+rqUs`ER+RKPLNNWzqj)m?^3{IPPxOr&;1e{R(*s=X_d@4<$Gzn2u z=#D&lJoYaYI#5(-Ls6mDmI`4y*g?@>VhA{(nP@8uqvL>3#72oZCHOD~4ti6cKrE5q zi)N)HVe~3pgOaRXSF)s5)7Z`XE=qiR-tTVTEI)T{ zn?}-5xX+r!X%*w$8ZvhkCt8}cyP~^lV;;?S^F|fSEA24dm>^l5 z;C;_sZ@XThk)atAaW<3d>VO~gtQ`Ftr{L8FUW5meL~g`rE7Wr0iLBw}ma)f$u^AVf zvuZ8OuQV%f>3s(v{DWru->$^%>0*$+9VOzE)Ohu6Duh+`m#m>F&wkY9P}qCUj$GzC z6;ihGlrzjn01z@(F-1ExVxUZcRx~k+5ptH*Uvrg{!OsF z;fn{@hHCSjxq`1urdaH*E$R3kZM_gI8(i0Y&!#Z(>?BiRaQ9N~wa@*ikBpu01SQo0 z2)eEj0L5iiT?{Y}S31#u=>9{TtNHxQ-q72y%w=%`V3^&DSY3Y8`6s0!OB=(m= zEip7jsR1g0GN7i6Rzg#Yp5hNCp!b8IEiu2k`dSdb--(w7TNsr2rx(%Iazg)Wt$b=P zX(JMs(rM7j!7`yCZghfyrNEM8Trd@ynsLgaGtl{we~6abIDKH>De07_4*X0tCGEO> zVUJ*hyo;^AN{zuF1)TpIMahUVnqaQBTxEyeeYm#r z&Yr9H)|WJK^#K)p$jwu|2o9_9xu@6aB;MxLaDCvXUj!-kZoYO}+Ev~a(=+#}uLu#G zq?%JBc-ZaHxLI5g;r2tO!(z*)q{eulUH~voi_si}bLr2Pb|flt;iy%T5FFA=A2F4*yrmsC z!1V|1@O4`g{S05Ymro84x}a|+bZ*RC{;A$!EEVSuO?H}9Hic$4NuiI;OiUR7?9_V4 zL9Mh503Brq0fT<7zTo&@at2DG%*kZ!GFrQnZ0aPLa!sExI%KEOJtHK+R44e6?#JqV zS6-VS+EZo*Pu_Kk+9AS-=LeT>m?Abqyfu@gh&+6Y;b;1y@**nNmxXHBMwq@BowitK zZJlP$7s$jS7AvB9>kwLC|LZ4Cj1zM<89vOu+qsQ&?7b}fHNVcTg0=S=U&M!VRbWN4 zX}jDOadkn)i^9AQSFPBp z(9fIqTOaE!6YEIs^5~a-vpL&?SUn73o-`cl&z@kuo3pxp<{rBuBJb0V(7Y?5%f@N8 zRffi~%8Yh*TEtzmtXcz2UB*;awxzFgG>yYGS!+%)CJs(>X^!ffF1$Z>MnpQcrhGxY zC~iLMlT@$@3f116!D7A^Q0}+RCh_X#`I}<0X?)k^z{vP>64xVYFj z3uiIt-p(~z3}s?xK`nFDTSQl0--Al8`P1kbezE!1Vx5DUM>%)jX+0&KGTc;*S@OaJ z>XTCVUcuXLkvRi4v$q#{PZk%Rq5+8C)f0z?N~^A{i2iBiY$i+S+Lh{RZ(gx9UY@OhA&dlerbNpA#|9rs$LJid4~}0s00vXrf4X~s z;$Np&U=mznrha%I48{nhhxfq~DaFqfg~1bp@kEq1o)}1QBj70KejuZLW%#H!^XsH? zqeoN0hu)SRVey|MT^0X z>Wp2G{4?g4Z6C4i+`q@DdnifMNwv0F65FjrBk)yW`1^3y{E!vd*p;UV| z>*$0XqEzJm=jR_fErNPbVK?^aoaBBx_dLz$x#Pj!`OD1WQp?$)<3klTJH~ZO5C?!5 zjR#&!7#hB~C|~9OKrZCQwA6QU!MOkuoSj0h&tJ(!_e)6s8{|?zt1GMjMXoIqu>6nY z`r1%2F|$$LOp~&G&zQdfiy7Fq1uQ6K+P|`@Eo(2&hlvZOCzz21o6$vA4bn%-*0t@L z-S>n=H-sgg*B4x^J=IimpWaSDOZl8$krnyyWb#XR&d0L~e$8t!^*rR5(02zKoJM*~ z#B~i1Ey}m>+*6un7+-fGW7rRz7(a>~#?7<6B3}c2IenW>rE$5cq8d5T2>pC1{t$o3 z$h6LgcJTcLhrQebkH`-Fm5n|}#1CE*wl%*BZtr+D8aA1h@8$WDj3YPbnfW*tKReIb z@9?&{^kdS;#t%%|);-m6>^ZCO5Gh7YkDJMzUNsl4;(Uj{L~~gSv}-563&9xddU}0< zzGrx3cA)UiihB^9N@ZWLf_?!q7n65f>{Ru|Z>(CSL~7~3%c{n7{n~+mI2OIj)s_Z@ zpH-2{H7Eanuqx)u7OY|xfS6el!?*MzaZ`_eM=5^lz&|03k2)Ci`wPWs9%(=P0w`Q3 z;PAioFG!u{;erkL{V>goI}z{gMew1z!4rS$g*NT$U&gJUjK7=qi{fbz#|aUwiONo|?U1mf!)+ zDDz!lN$=BlUia|8-vukfXW4Z&PjV-q@|k%8DsauHOp}&YPGtPPnU`I=gJGg$1TzoC z#D-h@>?XQTBIfw}h34e_3(H*X+h;{ST)1RVEFiRB+@Z&K0#(m@B#wUJ_?YAE)l)g9 zD#^WC34iXEQOYb~75RcDbWh>e=w_lzteQi2Dj)A~IT+XU2dj-;EbFtF12V?T zA6%_ae7O4VpfDWzgGHEIN@(v-&Do7j7AV%4f$6)Uw$ zs-d;pdVTM_ao&e}?m55zz4y~SKPZBpnT!+wMbM2?P>CV+k*9Q|AksVpT^A5R*Y+1T zK@sFn|1ToH4@8jL{Kb}k%anrV-&?fQq-1#r;3X6RJcWu|5>D#wlL1Hu%z+5t2)InOs=E}O5cqRrB;C}=6VfU%8}Wm2a-{~Z?!J%uHqC#(NL)03*4*D-p3=(O`v+)qbC+SGNYdv z5kk>#NYQMCY%@eR9YP~)X&5G}#Ioh=D8|$yO@s1DUtbPOVdP$@MX!E$6Dcp8i~o}; z$jaz>nJCnOkwLfz+_*rOQl$)u2qH0BRXWgnG4VB})-*MyeXTV`rn4Cj(Wzng8$G>C z^ow*_gJNEwjiZYFLh`A)#@$M{Nt&2k0G;}nk|5&CpEqdx_~Xr>yZ&RY=K8F^7+)R} zHLNuQ+5(LTN0a0J+^rEtVr%CS*;H)yZ@8BH>G7|pa<`oM#;q|{Gq}59x9vi^8T4y{ z91F*++H2pIvzVujvCy#aY0d_ibT?{F^GX$4Z=5A>_Z}$EzznKZe3LIr-6I1&Jls2i zW&7*^F>+(VMw-dEVqcY&PTmGMK=&(3kiW(wCi)2%{M@z;qn8*Y)0g8MHvXCpS9DqX zwpPorTwwqe9XE!Pf!BsAwjTEi{Jq25nbej3+ZOZXHmukV_7S)avT(T2A@SM47 zOYGva_Pg8H6Kxgcfkl!W>A^r2q`J$e`rBymZSN$;>^@zFj0x}GY$l}qgD)r^_uK>J zKx&9+_xS+FNA*G{olK1NFKA5FoPrKhbO-NO^3Lgg@o}u+=o-}WuCTcH8Lqk*@&152 zt5zqYe{jHvLB`rr+CzNM$y-c0Klo)pN^lWwCm^mUwyV}a9~BwP4sv_z;_js&n{kH} z?!wu<(D)V0rDSTm+ryGKH(Xy^owmcH{NxbdA~${F8AbyoURkyYoAJ}qT87e2To7%o z*qv95Y^fELl)_87mb?jz>d2oxHzQ8CZN|AsXml2fgcyCql+va*r39j*9_70p^0+;a zVPw340pWWA-Zwp^!^CaYXCPh#*!`i&{`dMs$ZZ0irba0Apm*z8eA^}b`WX{ zDcpIVIGNQ+_({JLW=_(hQuS&(-!owa-s2`8`3Zd$9yh|>GnZs}aiAGC;V6dZXLH@a z(mP#S_*}tIVl7*|e9O3)ASRC0yR5_BTZqKuCstQ>HE}w>Y*9k@0rS|VPvWuC8c?qP zs*(yKP0ve9@`S{P#Fykb$xD(zsKEb17HJ5O$@;06E5EedEhQx=R903|UPb|mpw#*A z5QriVK`HkaNt2P1{B2_YOGy9EuoV9^tn|j?iflSRK`(Yl57g7yFtR`o@-M@NBS1vs z&grtvhramDT zO(}@BUzBVCtR!QbuUgcfH6A+38IRA+9_fOy1_RdbCrqFE%EZWkQg}MT`E&~rfFw#Tgpw&l z($a-06<%?s?bUp`PoV4Z$%}x7Q&6q5A63{R!`NEM_~C$k$>`hK!&WaRXIW88Dpj1s z_dG-g$(il+21YnDv7A*f2^Vq^+z1#=R6lJF-)uG zu5lTQERZso>MlYLb<%u+uL1N+qmCNyMJ>+Y=$^zhpZA?KQ+?~~*lxRf&w16-e(|Z* z>qg|NS*N1s7nMPYH8_BBm#pQ*{ilYc9|SB7cB)&KCvXwkUdy?y{xFDl06bq@b^@pqoi-6I3^cl;M=0NTUw z(RnPAV-Bm`L_QsN6jB!X-Z{Z~rk4lNe=9;Snp+gZJCdWiNUbz^z4s4xd#2VkBMI2m ze;C`qzben0Wo-s$AR*stlBl4xGm+b;Re-@Zoxa-?lbXZEjVF>3)uvn(p{4n4fUy#n zG}196eNCs-1gi7*Re>)K+NT^c<2q20?jH#0BMHxV9NMtACaBT)@kEhPb!k-5F}llA zh4)VoLAJ5jT$SIj5GFhC-NT(-kwWv^3!kBXSiZsb!M9f`)98WKmOjEN*vCZoShp%4sjX4a zLfB+WEWrpR4aQJ2L(D?BAi6722gk&I3^1oFm6<>he4Owx8->f9-4V5n|pPmAE z9JBn|W z@5ezm-{o>lUo3BCs%Ue=4FWUa)@sZf@l_RA10Sb!!fQP@bZ0A71_s&43NE`DmLkPZ zU&+4WsM%S0xGb~%wr>aZWcQ|A4uR(;Baxi&wlOJHQgivtzPYzl^Hay54(8(r^Uhpz zywvAVci(BJ65PCz=T|#id%Mi?Mp0uI#UjMmmF|!;V1B|6nOOXEcfbGOMm>gKBcVF8 zZ<{Q&!br)Xblnk*md!i2rIFZ5A z_1L5M!?K42vx(uu#aj86{%P6%M)gXaxs6DX5m0#a$?+Lom0wSO)AaQ3apvGMuTsGU zV#uj|=22+9?!ZU#5T8^5ucr6~hdXgL-X-6hG;l(~*yoIWCNgALDZ6ltmiXtXMtUps zC~T!wvzqxA9Mep>eKG_tG>#S>gNkTXhFa58z!l4Anim!%AF?p@#zyuB43-Q$51q!3 z{5q~k32c;ufghZt$?iI{;cUnPr26;Tz4`1FOL8ka8O)9+)X#~Y2bR~TL)-6pybWs zubmLX=_PL%-Kq5*#p}>vDmQHFxEpD&N%V1ic5MCidmVW63$%a7WRho;O0+wo^2N1} zR4M0_buG0_U~ogJNA8wJcWuYnfp!>~(mVQS;GDm;I{9k2kKL*#X9f8V*-omFVsmPX z#p}0zMJXK$4(jF!Yz7$;HgYv$1?gifhFozKGi|`0Fm}-^Uz4*Hq>E(;Sp0A+V@;OLTgfaW1R{JK{-+ol@;0#+&&&UP;#Ue Ozt+llNd_QA=KTW+8`ggS literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/haproxy/aai.pem b/kubernetes/aai/resources/config/haproxy/aai.pem new file mode 100644 index 0000000000..6390db10de --- /dev/null +++ b/kubernetes/aai/resources/config/haproxy/aai.pem @@ -0,0 +1,88 @@ +-----BEGIN CERTIFICATE----- +MIIFKzCCBBOgAwIBAgIILW/fiLbps3kwDQYJKoZIhvcNAQELBQAwRzELMAkGA1UE +BhMCVVMxDTALBgNVBAoMBE9OQVAxDjAMBgNVBAsMBU9TQUFGMRkwFwYDVQQDDBBp +bnRlcm1lZGlhdGVDQV85MB4XDTIwMDMxNzIwMjg1NloXDTIxMDMxNzIwMjg1Nlow +WTEMMAoGA1UEAwwDYWFpMR0wGwYDVQQLDBRhYWlAYWFpLm9uYXAub3JnOkRFVjEO +MAwGA1UECwwFT1NBQUYxDTALBgNVBAoMBE9OQVAxCzAJBgNVBAYTAlVTMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAov4ddmOzRCWAU/sx2Q9kcYZZ0r/x +agqwDBcmlS2OP0MAou/f/xY2gzE2ugXXGGEXG6PCUx4YEHGeRxyezEQ/+c+kSjFe +0FTUa8Z1Ojad3VDsJfjfZ1994NpV99KTrrw1Twq9Ei7dpkypUA8kZxEjg7eM11TU +F4jS6x5NEyVsxih5uJjIF7ErGwimSEKsympcsXezYgG9Z/VPBpZWmYlYl5MWjzT6 +F0FgGfSbajWauMifEPajmvn8ZXn6Lyx0RCI25+BCcOhS6UvYXFX+jE/uOoEbKgwz +11tIdryEFrXiLVfD01uhacx02YCrzj1u53RWiD6bCPyatKo1hQsf+aDkEQIDAQAB +o4ICBzCCAgMwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBeAwIAYDVR0lAQH/BBYw +FAYIKwYBBQUHAwEGCCsGAQUFBwMCMFQGA1UdIwRNMEuAFIH3mVsQuciM3vNSXupO +aaBDPqzdoTCkLjAsMQ4wDAYDVQQLDAVPU0FBRjENMAsGA1UECgwET05BUDELMAkG +A1UEBhMCVVOCAQcwHQYDVR0OBBYEFP94WTftXhHcz93nBT6jIdMe6h+6MIIBTQYD +VR0RBIIBRDCCAUCBH21hcmsuZC5tYW5hZ2VyQHBlb3BsZS5vc2FhZi5jb22CA2Fh +aYIUYWFpLXNlYXJjaC1kYXRhLm9uYXCCEmFhaS1zcGFya3ktYmUub25hcIIbYWFp +LmFwaS5zaW1wbGVkZW1vLm9uYXAub3JngiVhYWkuZWxhc3RpY3NlYXJjaC5zaW1w +bGVkZW1vLm9uYXAub3JngiVhYWkuZ3JlbWxpbnNlcnZlci5zaW1wbGVkZW1vLm9u +YXAub3Jngh1hYWkuaGJhc2Uuc2ltcGxlZGVtby5vbmFwLm9yZ4IIYWFpLm9uYXCC +JWFhaS5zZWFyY2hzZXJ2aWNlLnNpbXBsZWRlbW8ub25hcC5vcmeCF2FhaS5zaW1w +bGVkZW1vLm9uYXAub3JnghphYWkudWkuc2ltcGxlZGVtby5vbmFwLm9yZzANBgkq +hkiG9w0BAQsFAAOCAQEAVigPPsYd8yscW+U6zpffBc5S6Mg2DQD/gikB0uF//lIq +oa5qTI3yB0wPoRKmxpeEZiJYDkBs3App2sPM2fPb9GGmGncCLkprqTflM2Y4yxX4 +k/a7w8vEwMoCrBgxEdmniAj9TirsISyLqBIXoGT7WtaXBLZarYhJ4P7TplhyWuwe +sV6jxkZLIRLj31ihf32adFIhPZQKxaHbbFnyEylLTdPuZGy3nvdmjajZuomOFF8h +HhDIouSJAtgkuWVsMiX6iR1qG9//6ymnZMvUyDGr8bkZURhMqesAejwP4aKxqDZg +B0uVjapQTJH4ES0M+2PoY9gP8uh0dc3TusOs1QYJiA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEdTCCAl2gAwIBAgIBBzANBgkqhkiG9w0BAQsFADAsMQ4wDAYDVQQLDAVPU0FB +RjENMAsGA1UECgwET05BUDELMAkGA1UEBhMCVVMwHhcNMTgwODE3MTg1MTM3WhcN +MjMwODE3MTg1MTM3WjBHMQswCQYDVQQGEwJVUzENMAsGA1UECgwET05BUDEOMAwG +A1UECwwFT1NBQUYxGTAXBgNVBAMMEGludGVybWVkaWF0ZUNBXzkwggEiMA0GCSqG +SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCv0HHUkba3uNtNI3jPKimUcd6RNwmhSCJL +neMWpnjqp5/A+HCKyNsEaT4y177hNLmCm/aMm1u2JIfikc+8wEqLCSBBPz+P0h+d +o+sZ7U+4oeQizdYYpEdzHJ2SieHHa8vtu80rU3nO2NEIkuYC20HcKSEtl8fFKsk3 +nqlhY+tGfYJPTXcDOQAO40BTcgat3C3uIJHkWJJ4RivunE4LEuRv9QyKgAw7rkJV +v+f7guqpZlXy6dzAkuU7XULWcgo55MkZlssoiErMvEZJad5aWKvRY3g7qUjaQ6wO +15wOAUoRBW96eeZZbytgn8kybcBy++Ue49gPtgm1MF/KlAsp0MD5AgMBAAGjgYYw +gYMwHQYDVR0OBBYEFIH3mVsQuciM3vNSXupOaaBDPqzdMB8GA1UdIwQYMBaAFFNV +M/JL69BRscF4msEoMXvv6u1JMBIGA1UdEwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/ +BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B +AQsFAAOCAgEADxNymiCNr2e37iLReoaxKmZvwox0cTiNAaj7iafRzmwIoY3VXO8Q +ix5IYcp4FaQ7fV1jyp/AmaSnyHf6Osl0sx8PxsQkO7ALttxKUrjfbvNSVUA2C/vl +u5m7UVJLIUtFDZBWanzUSmkTsYLHpiANFQKd2c/cU1qXcyzgJVFEFVyyHNkF7Is+ ++pjG9M1hwQHOoTnEuU013P7X1mHek+RXEfhJWwe7UsZnBKZaZKbQZu7hEtqKWYp/ +QsHgnjoLYXsh0WD5rz/mBxdTdDLGpFqWDzDqb8rsYnqBzoowvsasV8X8OSkov0Ht +8Yka0ckFH9yf8j1Cwmbl6ttuonOhky3N/gwLEozuhy7TPcZGVyzevF70kXy7g1CX +kpFGJyEHXoprlNi8FR4I+NFzbDe6a2cFow1JN19AJ9Z5Rk5m7M0mQPaQ4RcikjB3 +aoLsASCJTm1OpOFHfxEKiBW4Lsp3Uc5/Rb9ZNbfLrwqWZRM7buW1e3ekLqntgbky +uKKISHqVJuw/vXHl1jNibEo9+JuQ88VNuAcm7WpGUogeCa2iAlPTckPZei+MwZ8w +tpvxTyYlZEC8DWzY1VC29+W2N5cvh01e2E3Ql08W1zL63dqrgdEZ3VWjzooYi4ep +BmMXTvouW+Flyvcw/0oTcfN0biDIt0mCkZ5CQVjfGL9DTOYteR5hw+k= +-----END CERTIFICATE----- +Bag Attributes + friendlyName: aai@aai.onap.org + localKeyID: 54 69 6D 65 20 31 35 38 34 34 37 36 39 33 36 35 31 35 +Key Attributes: +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCi/h12Y7NEJYBT ++zHZD2RxhlnSv/FqCrAMFyaVLY4/QwCi79//FjaDMTa6BdcYYRcbo8JTHhgQcZ5H +HJ7MRD/5z6RKMV7QVNRrxnU6Np3dUOwl+N9nX33g2lX30pOuvDVPCr0SLt2mTKlQ +DyRnESODt4zXVNQXiNLrHk0TJWzGKHm4mMgXsSsbCKZIQqzKalyxd7NiAb1n9U8G +llaZiViXkxaPNPoXQWAZ9JtqNZq4yJ8Q9qOa+fxlefovLHREIjbn4EJw6FLpS9hc +Vf6MT+46gRsqDDPXW0h2vIQWteItV8PTW6FpzHTZgKvOPW7ndFaIPpsI/Jq0qjWF +Cx/5oOQRAgMBAAECggEAVYWGSf9IKYKP0gDkh+LmrhZzfPxPnHddJgrjqLSNha4P +YG8CliK+mZmyAGteECGpcUw8g0YwFDi5dtCSldVdyCLmLjO3bxKDnsUz70aHEIAM +WGQ8PE5Diz6kivMHoFCKnB2jVS4YCNECqco4LIg2nT8q/DU7T9nv6YQtptUlPNdY +OmJRXfUfcBSUINqVi/VbEjHtbZqc6dgvaRNEF0CYtqHm7P51BXGa3pH+6drL+U+a +o3T4yHrEsDKUaQzJZoiJneexwN91x42gcyHzg30UZVgCP+9Zt2GQWXqpENNZjGlI +bwzouvBj266ViBNbuu3tar58MASOCnCKGA0Jrs3P3QKBgQD0ENenvzaqNzV0A47x ++RI76DM2eorY2dxh+4txAt1pXlkbMZuWXjs1ysBPYaGHZRitiCFcaSwdP2T0oCET +ojYEU97bJkKlcuw2scAqznSi7U0uSaStwaWzEviGTsQ51MKghRESMfpt3BxZqyi0 +BV+fPeRk3l3xaw1AuZQ/JTn0qwKBgQCq9msPcbRzKvsmfsAVvjKAodzl6EaM+PcF +YLnJLurjCtdyjj1lRaCBg9bRbaRbt9YPg4VA5oMYm2SuwbJQQHjqaeN+SpnV8GGc +nPsZgoSlfZrnLovyGgC3muiA3uSPREZWUlp+IE8qlQ8VztSWkNyxNej4nhxk2UTH +DOE2ZmNyMwKBgFD+yeKkZUrFuZp/l8+bfb6dx2kb77oZSrbFmLfvYHUYV2/b3atg +KDwoxftSBh39odvs4k1dpcMrB6DbBz8RxOVYxAtsPg/T/KoGASTzkOeE4ukqjVkQ +e6Ha+NjxiNM8VT6aCllEdrxAoLPtRju/0MTy8Dm9ReXZRfOl4pm2C+6zAoGAY2D6 +uu+NxaSmeaoUXo9BLCTrE3oCCNBwR2ACnz/2qiQTOTQV3FitBJxusy7Y67fhZwM8 +4o0ch6FM1Yki7iOMJjeHVlJnOkWReEiIbjvAf7KT6O7VytXytMgHf2IR2nYFrQgS +Ml71pfsf2b1xNlTe9OQxmNPQDY9+u3ZxM/4wsKECgYBPvlYMaZNIOLFf7VXzUYGG +rkXMpbLgLvIHvhF+4nsvspPVSqPeWjh2KMee3tMamy93H4R66G/KfoQw02JuZH+N +HbGnnpyLa2jGjY0NkXEo08o2wsqv2QFtT/SFRoDLkah8rwZUwpxIg0akgrwwTslO +rzAazDQvlb0itUxgU4qgqw== +-----END PRIVATE KEY----- diff --git a/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg new file mode 100644 index 0000000000..1c82050db0 --- /dev/null +++ b/kubernetes/aai/resources/config/haproxy/haproxy-pluggable-security.cfg @@ -0,0 +1,138 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global + log /dev/log local0 + stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin + stats timeout 30s + user root + group root + daemon + ################################# + # Default SSL material locations# + ################################# + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + # An alternative list with additional directives can be obtained from + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy + tune.ssl.default-dh-param 2048 + +defaults + log global + mode http + option httplog + option ssl-hello-chk + option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + default-server init-addr none +# option dontlognull +# errorfile 400 /etc/haproxy/errors/400.http +# errorfile 403 /etc/haproxy/errors/403.http +# errorfile 408 /etc/haproxy/errors/408.http +# errorfile 500 /etc/haproxy/errors/500.http +# errorfile 502 /etc/haproxy/errors/502.http +# errorfile 503 /etc/haproxy/errors/503.http +# errorfile 504 /etc/haproxy/errors/504.http + + option http-server-close + option forwardfor except 127.0.0.1 + retries 6 + option redispatch + maxconn 50000 + timeout connect 50000 + timeout client 480000 + timeout server 480000 + timeout http-keep-alive 30000 + + +frontend IST_8443 + mode http + bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem +# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r + log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" + option httplog + log global + option logasap + option forwardfor + capture request header Host len 100 + capture response header Host len 100 + option log-separate-errors + option forwardfor + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } + http-request set-header X-AAI-SSL %[ssl_fc] + http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify] + http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn] + http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] + http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn] + http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore] + http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter] + http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64] + http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)] + http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)] + http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] + http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] + http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] + reqadd X-Forwarded-Proto:\ https + reqadd X-Forwarded-Port:\ 8443 + +####################### +#ACLS FOR PORT 8446#### +####################### + + acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ + acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ + acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_named-query path_beg -i /aai/search/named-query + acl is_search-model path_beg -i /aai/search/model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model + + default_backend IST_Default_8447 + + +####################### +#DEFAULT BACKEND 847### +####################### + +backend IST_Default_8447 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + + +####################### +# BACKEND 8446######### +####################### + +backend IST_AAI_8446 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + +listen IST_AAI_STATS + mode http + bind *:8080 + stats uri /stats + stats enable + stats refresh 30s + stats hide-version + stats auth admin:admin + stats show-legends + stats show-desc IST AAI APPLICATION NODES + stats admin if TRUE diff --git a/kubernetes/aai/resources/config/haproxy/haproxy.cfg b/kubernetes/aai/resources/config/haproxy/haproxy.cfg new file mode 100644 index 0000000000..4606a42439 --- /dev/null +++ b/kubernetes/aai/resources/config/haproxy/haproxy.cfg @@ -0,0 +1,126 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +global + log /dev/log local0 + stats socket /usr/local/etc/haproxy/haproxy.socket mode 660 level admin + stats timeout 30s + daemon + ################################# + # Default SSL material locations# + ################################# + ca-base /etc/ssl/certs + crt-base /etc/ssl/private + + # Default ciphers to use on SSL-enabled listening sockets. + # For more information, see ciphers(1SSL). This list is from: + # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ + # An alternative list with additional directives can be obtained from + # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy + tune.ssl.default-dh-param 2048 + +defaults + log global + mode http + option httplog + option ssl-hello-chk + option httpchk GET /aai/util/echo HTTP/1.1\r\nHost:\ aai\r\nX-TransactionId:\ haproxy-0111\r\nX-FromAppId:\ haproxy\r\nAccept:\ application/json\r\nAuthorization:\ Basic\ QUFJOkFBSQ== + default-server init-addr none +# option dontlognull +# errorfile 400 /etc/haproxy/errors/400.http +# errorfile 403 /etc/haproxy/errors/403.http +# errorfile 408 /etc/haproxy/errors/408.http +# errorfile 500 /etc/haproxy/errors/500.http +# errorfile 502 /etc/haproxy/errors/502.http +# errorfile 503 /etc/haproxy/errors/503.http +# errorfile 504 /etc/haproxy/errors/504.http + + option http-server-close + option forwardfor except 127.0.0.1 + retries 6 + option redispatch + maxconn 50000 + timeout connect 50000 + timeout client 480000 + timeout server 480000 + timeout http-keep-alive 30000 + + +frontend IST_8443 + mode http + bind 0.0.0.0:8443 name https ssl crt /etc/ssl/private/aai.pem +# log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ {%[ssl_c_verify],%{+Q}[ssl_c_s_dn],%{+Q}[ssl_c_i_dn]}\ %{+Q}r + log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC \ %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" + option httplog + log global + option logasap + option forwardfor + capture request header Host len 100 + capture response header Host len 100 + option log-separate-errors + option forwardfor + http-request set-header X-Forwarded-Proto https if { ssl_fc } + http-request set-header X-AAI-Client-SSL TRUE if { ssl_c_used } + http-request set-header X-AAI-SSL %[ssl_fc] + http-request set-header X-AAI-SSL-Client-Verify %[ssl_c_verify] + http-request set-header X-AAI-SSL-Client-DN %{+Q}[ssl_c_s_dn] + http-request set-header X-AAI-SSL-Client-CN %{+Q}[ssl_c_s_dn(cn)] + http-request set-header X-AAI-SSL-Issuer %{+Q}[ssl_c_i_dn] + http-request set-header X-AAI-SSL-Client-NotBefore %{+Q}[ssl_c_notbefore] + http-request set-header X-AAI-SSL-Client-NotAfter %{+Q}[ssl_c_notafter] + http-request set-header X-AAI-SSL-ClientCert-Base64 %{+Q}[ssl_c_der,base64] + http-request set-header X-AAI-SSL-Client-OU %{+Q}[ssl_c_s_dn(OU)] + http-request set-header X-AAI-SSL-Client-L %{+Q}[ssl_c_s_dn(L)] + http-request set-header X-AAI-SSL-Client-ST %{+Q}[ssl_c_s_dn(ST)] + http-request set-header X-AAI-SSL-Client-C %{+Q}[ssl_c_s_dn(C)] + http-request set-header X-AAI-SSL-Client-O %{+Q}[ssl_c_s_dn(O)] + reqadd X-Forwarded-Proto:\ https + reqadd X-Forwarded-Port:\ 8443 + +####################### +#ACLS FOR PORT 8446#### +####################### + + acl is_Port_8446_generic path_reg -i ^/aai/v[0-9]+/search/generic-query$ + acl is_Port_8446_nodes path_reg -i ^/aai/v[0-9]+/search/nodes-query$ + acl is_Port_8446_version path_reg -i ^/aai/v[0-9]+/query$ + acl is_dsl path_reg -i ^/aai/v[0-9]+/dsl$ + acl is_named-query path_beg -i /aai/search/named-query + acl is_search-model path_beg -i /aai/search/model + use_backend IST_AAI_8446 if is_Port_8446_generic or is_Port_8446_nodes or is_Port_8446_version or is_named-query or is_search-model or is_dsl + + default_backend IST_Default_8447 + + +####################### +#DEFAULT BACKEND 847### +####################### + +backend IST_Default_8447 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-resources.{{.Release.Namespace}} aai-resources.{{.Release.Namespace}}.svc.cluster.local:8447 resolvers kubernetes check check-ssl port 8447 ssl verify none + + +####################### +# BACKEND 8446######### +####################### + +backend IST_AAI_8446 + balance roundrobin + http-request set-header X-Forwarded-Port %[src_port] + http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload; + server aai-traversal.{{.Release.Namespace}} aai-traversal.{{.Release.Namespace}}.svc.cluster.local:8446 resolvers kubernetes check check-ssl port 8446 ssl verify none + diff --git a/kubernetes/aai/resources/config/log/filebeat/filebeat.yml b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..39cc6db9bf --- /dev/null +++ b/kubernetes/aai/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,55 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["{{.Values.config.logstashServiceName}}.{{.Release.Namespace}}:{{.Values.config.logstashPort}}"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 b/kubernetes/aai/resources/config/rproxy/auth/client-cert.p12 new file mode 100644 index 0000000000000000000000000000000000000000..dbf4fcacecf190fb0244dce0d1b438e6fea4500d GIT binary patch literal 2556 zcmY+EdpHw{8^>p6vvN1q+;S^Iwz0#F1O>%q@$`lt@_`#}p!mZsr!v zrA;)F+=b00##|C}&vBmT_dDk~f4tB8JfH9PegFKR2+$26A3ur!eGP_c+_bv6F3bnv zqY$7^K?G>QJ|?3G0>A$!5^w_%1YGv9lQ! z2xbYdREtLj!#tMeXTuU~Y}^mN=>q~m01yH6;iwV9rpF(${h@HJ?@grEMCee9ri-P) zwzE2^?>3>tjiqo5*=`e>dbXiy^X|@E0$!PKLudIJtgh4W8suwce{PMLt2sx-*UI6F z!=)~#bGYY1wTtBr?TXBfjP2}S>r)?dXjlH6NdFDxJivFEjLiGlmGFMS9SiW?*?m-# z6vbW7ozLnRpnP1x;1qCc*giY4axyE6+VS)Ztd?rL6ea=|uIDxv(Z78GS8#VoK1cJ8 z!FSDn*aO*Dx^Bf(*PeI%;F-7^_85~7(P(TNt(ZEztJE{opI(0q0k#DB4{pJ@<7p|) zpZtoQpC34>S1l`7lj$C)&u8Bd-;@;d-QOjbY?tfoBF&HJ^-Eb@v9|e~4pp?YJgza+-^?9hj4GbOZGiTk*` zAbxe_30a7E8x*F}ckf`o3;K=T_4}P|dc-SD@KbApw{&dRXeRFAiP&yTX{gAZtFhiU;|2D-kJHZr4^2}y z-yy;3?Oqd%Tw_%HZhrrHwr3!+%>6}3Z#<07>lT!6<@ucUdq}KG>~?qu!KmL5y8*bE zLav3Fm)&ApK@K!c7u`27&VN1E-;l89F>JcyJToKFXt1jFa!+dZZf`;1)h>Zi`b+$| zOatMJv&P|yQuXMBaP1FqCUN`b9IyHbW9vytIu}WAz32`X(@&jJe|%8_c9qTdYIHw z3fZtxHhk>d{+J@y6QH!L5;&97BmG4fersW56HO~_aff2xrb14q;B$h>Dl>!u-0^#3 zNM)Lp-+>qA%2{haKilb6wE~VGeF98WyTD%5*2t#3y@legMFULBxF@-nUq$W=S2R<) zI48ac)-CNcs?~L2;SJ0qALf6G&Rw5L^MCbG^vC>37XW*fZee2c>60$!G%;(z%l36t zVR3dNTR{B=kNDllFa+A>A}pnZyHmD?-})}8SjYUd6ghk(<8u1b8VN5Z(jz!uX<@xQ z?gc*Y;wbUR8lJ2rgmFlsgovS9poe; z%0J?oiYmm1E;^?_bV$$TeAa6(KcIHD^=++kgqXG4qb+YU#nLPjzn3`@-VW&ZQ;i&q zQ+=P9?vT$%MXeFKXZMQjXR(BZ77X~0DuFSsn@PzYuW*6-_qZ0DEnz99sZ)ti;* z%*hSuCsbrr8!5ub?T^D8^E{C%|5*w!^qc(G$nIGG>bz3GL;o&GkPg9Z*648Z&9>g4 zxgSFPB5mlK@GzB8nxxlmWRilyg#ccoTDp=D`f8@fW=Uharxj&N8gb2qChAMuxN-e` z@z=#64FA;6o|9IL_x#8ZI(1z(LlCrbIV;B|yf?ti?AILK$%L3pqW_gUAxcv+G_s$C z>&IhLG?_i%%Moj~pI!leKDom7$j?gD`J@t-uW%TSMtJ1I5Y>bsno58xjYj38Ok z#dww61flet6${l96L3ai^70CVZGPYGD<*B_QpKhmaPi`3gUVa&Rkow~faF)WiAIf{ zw!VVbLBOewjxYw*#ZPy-u+{ImT1YqQ$$b;6$<*anGHM4j&i57=^Z96?+pCw6>}QGd-<8Iza65dzA2s5Elcr`LwveyTFFUwuyNMqbe>8zPTb$EBtzuSv%NFNd5cYEh{uDhjr)({@X`vvX!;d%ccy~WAQpexeVZ|F3K zh+iEDrjnV#qVX%yh#DKUexv+rS0|4)+YYs{K9=l0;8pDe`nY>J&-|1qBOe zitqzv1OOly$@=nb#PO1w+DFZwsfNPY!%h`*Aebw;+{L0$LiiNyc&sYG#@NT=%=+JI F_zSHP#{>WX literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 b/kubernetes/aai/resources/config/rproxy/auth/org.onap.aai.p12 new file mode 100644 index 0000000000000000000000000000000000000000..023e2eaac62d7c00404e3a326f03edc553ef6ccd GIT binary patch literal 4158 zcmY+Gbx;%xx5jsY1s3TJ>0CfrmXKEI?vNCuRuGU*71t$2Lb_oA>F&h^C4>bLmhM(M zq(k8Io%!y4@0~Me&Y9;qbN+nh2SrfI-~sWW2uc7USTI~Y{EQ4p1k6KF{3bw9>_QO~ zn@|La$G;X~9)iU7uVjS>1pFN)|2jbET|$!oejo)BLdgk;)%p?|io1Uo;o%VjLJ=ea z4L9L|LI;dX=^pyY9i%r%o8K({2dFp1pWy>uy#-EtXl3sdYo|B{4amZ_)Ay~yUC-#3 zuy!s)ktn|lD+cP5@$5BZv%jfeXQufZW0GHN%1X0y1R%M?Js&q$l2lC8U>yS;Z(=oo z^=@9`yA0YO_O`ey*#qQw%K~`qW{z zTr>PfEi8%T=}j|Cu$$fV*f5>zUQGg55@#Zj1m)e_Lg4%gxi6PfWJN!AZs~hwl8syG zgm93zxkAj>1%0ZM823)h=oB}&*OZ3;7O z%ZiG@@Vq$SxhRoO9a79^$dhZHmnVMJCl?4W#nYCl!viU5!#3`_`*W|}0oX@!STcA& z9t7*VY0;A9w-bz8fC?|C{nC%FjYc@B@25|-3)0Wtj==9nw6AN~3CliJyB$QSIp|!9Zr#KX-6xoe6lEWe?-?&_YRHoSLLpG`4Q) z9LI)zp}BDz$+Vh7RuY4HzvwT&Zm{oUn=T5Gp};oH13V}o3&Z76Q;l{T85J8e>XIy? zPH<)$Mf@gnD3Nn}g${W}6p+x@|BaIB5RxwN5!n#S8`beGc{NU!q+4nwMZc9#3iy)Q zQr}mgF_mHRpxDFk7?K25u72(yP=dT{L5(s$Jdj{F{87Gz{4_*g8dX^@pSHsbu99js zUUMpKTI8rXAsm=C$YAqImg>Dby=bn!;Pd2TW_4Ea8GZShkpuXy!>?;U`4$a_wX9rV zw=KE60EQM5sN=uP@#r(zt{W>6gYuDl(5R7zl!No&TlOgF?-Iu%d}J5f?xyOMxP!M6 zIbp zv@s|Cw1jK{O9^8xgZ9Q1LSx?_&L4(FFhUhC?UumNgMJ@{Ht{5Iodqw1yC*l{6WB3i z1~!mU|H*!m#0TMFRcDKNK7!y2P;E#vdA)^QNXD&4lI~=9wxi9Ao#|sqycgjrJhbyS z{W4!lV2(BDI;)VUT^d@xXCoBxl*THK-Y@9~J7LG}!WJ%iRAB_cvhiVI$&=ipOVQ!{ znkw&}pW>Ax$Zrxk{LFPInaJ+bMm(hpwkIob@vktkz3n#FU#bW=>t?lq{c@_4{eI%E zjo)Of8+k_j@Q1a8H@~)CeBmc^Yq0$?UOAZ>KYd*+*>!sG{6wN8@q1T;CnUDN2RItW zjOuo1Nvw<=kVn@SLqR1fQej9rc%#JJ5V6=JF5KSYkn`#-r9mqYR`(?au>{QxY)xlY^z!~^MK7DzFodugGDLoa;ea*!r)2D0JIud^T$s&LzWR~vC=60R(kaWk;_bB~HGJ zq1$Hp=jtt;1rLuhD5y&lnv0^I0Qv0<512NfM`OCtCmxFsoCjneT+LH?W=w3H=2dVo z2~qjB^#;o{EGFf9us`HYvm#fM!YRu@>$yjW-C6Uw@LYdFq%^N;4W&aZ<^7wr#DOu4 z=x|q16Rt4qoF+%YAREvl{hl*ZqJ1pmq$Y8$5eNT`mUw#MH=jmnF zw?D(GyEYeW-5Jxkvk&>u))`Qq6a>z*ZBlrRbje{ z&-ME8+V0HtIl3LYieia7MHxF{3h5?#$*{~I<7olt$>I;Dp!c&qd||~dF?aUR>EHYX zB{RU#r##jRBG<237t*Q-Wzu#-do3~hx3bF?S?Ws=s)k^hw}K3Z92G$Zz}@F=QDv24 zo^h=pBg@XIlJHp%0b}BiEG9sI(_u-|@xFJNI0xi`V}6EC_%|z`Qs19)0lU)6-H*p& z@u@-_wTNT~q%u$Fx^CXXX}D)K2U--vIh53GaZr-YO1Nn-uPX6ADVMCJm)i2y=ofDf z_CU&IJZj=f4J!I%7w5EmOMVXa)wwD2wz^cm9}-TzPC3Y0f%3^uy2$k@ny#x;5s-g6NZ+b*tD znA4@WE`M3o_!ff5?0A~cKjYohHKIJX4c}GfKcVuNuu3;Gw}o~7@qA$3WoQLo7+$ee z)01Wn+_MFB=mRGOB?${!g=%!0DLvN(8Vgk=)oGVd5boOh!tv-D+~d`)L*ym;VfQmn zAuJXfwJy$v>om#iLWO$509NOw=z#M=%Dk~!7z;$VwoWjT4k^)Rm$+}V4t;>1LB z<1F!7_$Q017p-8jAq6$fRQE|^{tS(a4j1=0s@W@h?B%y-;- zAQ42gJ$^FVFPz2-3TLqsl(aB#bj;S}-}Wc)6DLk#;C@$TG$Yy}vS<7md-VKX?GACQ zpSvN*2EpLc7n8!b;y2%z11R3EYtvuI@!_5VQoD6Mb4<9c;7hNLCtOh+ihQp|H#&nk z#O1A#U+5+byho<;@%M;$2VJw1M(Xq+>mQp~qR>N7zPAtRSL>M2nrVBq(RQz(2$0wR z0n0oD$esWJdiqzk{M%-Pcm4-6Nq~5H2!cH*f?(_a(I@^t^qKo@QTSxnFYO=tBtQ`K zEm)UnTWv;Zi9-xg4hm#WX&yVT5f|B1QiysciNnNc5IY1AIiu_x+ zSbu$>-XF3OXkk;WPt%>~OkQwO6KJL7$FrFv&~YC;r{8xCcXHR?GOzVvn=Dn@I#Xr5tBA%)^Nje8E6m*(7^l(Jrbf|)iKw&}%+z`8 zM(fety8C9c@RO!mx#W7*$)AElWnVf zj-PW4!~$541Pch5zhxLBb98c+3a`y0e9!yVFuX*2HZ8AJvXL@^xdK@a+*E?ajY-YE ztxM6liM^g?C&!%}WU)nl37xvbb}wEI{p&Y$Hyrx9*vm6>{Vx>NSQt#LdgQkr+n2)+ z5<-=D+V0JFDy4~9QJw0sZ#BfecKhDEa;4>OX2y#?L1JEjlh1N5>sot?d%#lmxmZQC zQeAd~7|n<9g{gsQyH^Gn!Hv{-j`>mwBw1kjA9jJNw<~+WX&(wO9`*voBiW?8(CfF? z;31-q;jT<8R@(-{5Yjw3!8cZODUv?2@-x-#cbrSw{(xQmsFGpyG zf8`9C>O@@3XE&|CFI=d_Ny#>x*yEV$C`>lCFFGfkbx-IbdZQ@yR*_}@ZZ~YH zYk1${DQ5bNS|N!AG`4$pO5Qv_tl&!g>Q(G%LMy{JG2gX`FDq-jJ#y3aqna^|DM-%t z4ky0Vk82?ba=Zskwl*I#%MrRN6|C!Hh4YERO7y5m0dHqn`;tio7LRBZh_huiV5%u4 zDtx9cWO7M3S4=GlROv7hh%orMq`G2RuqQ8 zoFi!lBYJo`7<2lh=&nS8euw6j0lxQm>Uc25!d3ZA!(?7JGp`$bHVK6Hw5CEX@?D1u zD?r8Q`_RXM%>L@Vu@6)y_GPfaF^nTwsu)7LTPr$d_a;f^k@t%*72Qzh?O4wV>P#Ob zEb4P#4SFhQiyZGxO-ruco$SN&H7`BVEPG0eA7Bz)(|8F{i=|t%XXhq<@Sz?ukUkq&A zYifO__Ay(&8c>mck7z}?*f;=of9pBm(SPTCfCs?+@BR|-&*lYihKfQtp(23Um9FDOvBopkB9>SD1eVdHmjuKktVvT9$vJcX#Oi+l-?`Y= literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore b/kubernetes/aai/resources/config/rproxy/auth/tomcat_keystore new file mode 100644 index 0000000000000000000000000000000000000000..99129c145f6069a2038983022d440917e1b61fd5 GIT binary patch literal 3594 zcmcJRc{mhY-^XXhSjUpazJ!#eGG+|f8A7s0ma=55qb%7a!eozZ*}~YeQ-&e?zGWFC zM8=XOB^22;9^Lo-+}Hg)@B7dD$NR^*&iS7GI@kC2J0J2oc^v=%fc`GDXtaZuy{DHg z8UO&=fA~hz1)wy8Nx@|S07_LjmQo3hr4Y)Y00BWDS^)0VdRq~(CJW9$MSCe+GklK$ z2!v1q;8zfgaC#~VV=#oCQr}2LMFYVAhy2!b^k98G6$1nWPWxL@K|#hw@N?`82pPB} zTnZtHkdlzO!_I(|fg_QKzvTaMH!SGOaM3*LK+jVuV%5^l*4uhB`dQ$Ki3n*i!ELLq zNB-zZdNyh)0`W*Kff2eh&+RIpA!;|N8`{-xHuf;0c%#PH|en8Gm;$ z{q6vt21xinZFm|Lr#1uvl==EFul=%hE0wt%(F!eMhJC%%_sANRQnQh+f=F@VcG?(4 znlF{hAv2vaVNRW2#-Ht>q)9CwY_@ppZn0ZR;#vxfqppoAd)4ZXaY4BipOk&I9 z=j*QA^?@wy4u{m8SMd1shl8v#^5(q9K`yu3h1#-yrMxQ!=eT>$a(ep3WMo#Tqw|ln z`Ufl9EYwSKapusZfs19qUr-%g5_8q=55fqIbu#?jPv_z;ge@7wGAsM#WEXA`$Ne6y z-tUX!D4Q&g&hoA4Jm()JWUTeNzFGVFpql{jM_;YRSSsV3Z`7_-0~eT}^D;Z)9_6Kg zNAg1w0V0+YOpHHCyYs=U%VA=7X2FzrUstqJn^8i%Y!a&SMdhGhHZi6OXLmRP$lB#Ze3+nNe7;l%Ps7Y3AEqyCoB^M+ zHs4J;@vwV`pXOO0fXd6w#TM;#+BC<5cf?LJD+rDSlTZCacbN(Z23`U&15fi77z_T2 zAkWW{G|#fB#6kOgzTTIfqLqS|Lyq|P7GB~iEZ69=%Zr9YbeLx*K9hUU+GBpB*~z%!~52GYEGn6&UV(ewMvF{DMP75-~$5MKNdl0~xGRmC}FV%wW|^ zs*JA1&*#Jm%$?_Z995=;-ij`@gP@nsmAO1O~~n*DCF zyPx$bEmOPG*84fmdyMjxB=NDtT)xh#gmtgSsNF5($yQQZd}yQ+#sWfW?JGQ>X3uM` zO9@?}8PWc{8VYg1JZSVwmraXyzVc}F5zpvugX=(cYwXZB4U2X98r1S!E6J%LDAv*7 zy_{!wz%rxJmjUo3$Pt)|X6Pp+x19$If{Thsdj=v61y7m3M++YSt^U{4NyT zUpPO~aL>$gUspwb!S~KgcLQy!ec+q`$I&iVtnWO-FgjI01WzUcOh{|2x zesVZJzVQ+C0#6st;Q@X9VmB=``=`mi44J)dm`-nP$?pZ@Rn|7jA1R!lu1mlEz}4~I z#uHDMP8e(i4aR+LvKqDjYVNW^zB#+Mm4dhdVD4NUkngj9tX`n}4CgJO*1Q0JK6|$B zI@sxi%d?sVFF(n{l8;oFa@;l%^^Lg<@NaBO_#tS)%br_5f8g;5yIoj+ZnyBU~+#`!&iX#L30bl$pe|(jTdSVc2Q6OiSs3RX+ zF^OV7N)w(an-PoL*F}a^O5EWr%l4;lz48RtzF$%G>aN}=NSk9~ zsdlyZD`)vGI-+8w8%l%UQb-!ZKr)Xi`Ld$cEs;b*Ss{)$GZV@-`r(F?fSC7)N?N4$KC*7a=NKf8e zq({9-7;n;E~hWWA2n1xDDTF^Xx{kN=jy9RaGs%Wfo&5y*c%;&b z#8>hNB>ku>JMZ_&Bf+}E=_InK;oL#1ToxIURyve{jj2RBChN67X???E(wMP!J7fzY z%e~99&1?mkDgJSPe8yUbQ?zHwg42D0q90gzFDY$4kDy-^a+A!$>Ml*1=0R=m%kYfl zZxNrIblXUB$uG+doRp-d(kVsH`@0_Bio2>Sr*x?q`L(nC8tm;$7u!*j*eBxgZDkq< zw+(~2swxR!=L7?)Ro*FCCzm$I>#W!Fb+m3mJib3?E1!NqkpiQhyX$k%!pVq%2;l-& zx+sjl4vA@%cCNn7f0C4Gom_Xzu&hJsPmU9S^ZkS4K785_lOLrKt$lpnHM+I@Q!I!{ z?7v(?@%!y8R&2B%F0%~c=o_xuW~1KCG;Zp67(sC~zNWAAeJzJ}_QFTKpwxk*F)Ogu zoq_&iMZY7r6JXhA@tndH;n>VA-bsO9VkMI;Az}FOz#$;|`>-x3cJt;)p$s*zYD@F4 zSOsNf(Ty8`euW2)+1*t@ajmf)bW4rlWgIU_Z=J!sVn^NWepjZCm`}s|w%hrUDQl2? zpZ7bsio*~5-)KiDBP6A#L5PM{I3VmfAo#ED|f?w@Kyf7HbYn>c( zqR_o}V5!$RE+HXZ1m!#b_^!XbAa3Uo%`~l#ju5U%NLh7Btr0s#J-#BZDg5B^JbR`h bHA4n}c7Wg6kSx#03G;5$(TcY1CK35B0yZ&e literal 0 HcmV?d00001 diff --git a/kubernetes/aai/resources/config/rproxy/security/keyfile b/kubernetes/aai/resources/config/rproxy/security/keyfile new file mode 100644 index 0000000000..3416d4a737 --- /dev/null +++ b/kubernetes/aai/resources/config/rproxy/security/keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF \ No newline at end of file diff --git a/kubernetes/aai/templates/configmap.yaml b/kubernetes/aai/templates/configmap.yaml new file mode 100644 index 0000000000..c9cfbefbbe --- /dev/null +++ b/kubernetes/aai/templates/configmap.yaml @@ -0,0 +1,103 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# this is a shared resource for subcharts +apiVersion: v1 +kind: ConfigMap +metadata: + name: aai-filebeat + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ tpl (.Files.Glob "resources/config/log/filebeat/*").AsConfig . | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: aai-deployment-configmap + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +data: +{{ if .Values.global.installSidecarSecurity }} +{{ tpl (.Files.Glob "resources/config/haproxy/haproxy-pluggable-security.cfg").AsConfig . | indent 2 }} +{{ else }} +{{ tpl (.Files.Glob "resources/config/haproxy/haproxy.cfg").AsConfig . | indent 2 }} +{{ end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-haproxy-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/haproxy/aai.pem").AsSecrets . | indent 2 }} +# This is a shared key for both resources and traversal +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-auth-truststore-secret + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} + +{{ if .Values.global.installSidecarSecurity }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-fproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/fproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-auth-certs + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-rproxy-security-config + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/rproxy/security/*").AsSecrets . | indent 2 }} +{{ end }} \ No newline at end of file diff --git a/kubernetes/aai/templates/deployment.yaml b/kubernetes/aai/templates/deployment.yaml new file mode 100644 index 0000000000..a28d83332a --- /dev/null +++ b/kubernetes/aai/templates/deployment.yaml @@ -0,0 +1,134 @@ +# Copyright (c) 2018 Amdocs, Bell Canada, AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "common.fullname" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ include "common.name" . }} + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ include "common.name" . }} + release: {{ include "common.release" . }} + name: {{ include "common.release" . }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + initContainers: + - command: + - /app/ready.py + args: + - --container-name + - aai-resources + - --container-name + - aai-traversal + - --container-name + - aai-graphadmin + env: + - name: NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + image: "{{ include "common.repository" . }}/{{ .Values.global.readinessImage }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + name: {{ include "common.name" . }}-readiness + containers: + - name: {{ include "common.name" . }} + image: "{{ .Values.global.dockerhubRepository | default .Values.dockerhubRepository }}/{{ .Values.image }}" + imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} + volumeMounts: + - mountPath: /etc/localtime + name: localtime + readOnly: true + - mountPath: /dev/log + name: aai-service-log + - mountPath: /usr/local/etc/haproxy/haproxy.cfg + {{ if .Values.global.installSidecarSecurity }} + subPath: haproxy-pluggable-security.cfg + {{ else }} + subPath: haproxy.cfg + {{ end }} + name: haproxy-cfg + - mountPath: /etc/ssl/private/aai.pem + name: aai-pem + subPath: aai.pem + ports: + - containerPort: {{ .Values.service.internalPort }} + # disable liveness probe when breakpoints set in debugger + # so K8s doesn't restart unresponsive container + {{- if eq .Values.liveness.enabled true }} + livenessProbe: + tcpSocket: + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.liveness.periodSeconds }} + {{ end -}} + readinessProbe: + httpGet: + path: /aai/util/echo + port: {{ .Values.service.internalPort }} + scheme: HTTPS + httpHeaders: + - name: X-FromAppId + value: OOM_ReadinessCheck + {{ if .Values.global.installSidecarSecurity }} + - name: Authorization + value: Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ== + {{ end }} + - name: X-TransactionId + value: OOM_ReadinessCheck_TID + - name: Accept + value: application/json + initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.readiness.periodSeconds }} + resources: +{{ include "common.resources" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end -}} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + + volumes: + - name: localtime + hostPath: + path: /etc/localtime + - name: aai-service-log + hostPath: + path: "/dev/log" + - name: haproxy-cfg + configMap: + name: aai-deployment-configmap + - name: aai-pem + secret: + secretName: aai-haproxy-secret + imagePullSecrets: + - name: "{{ include "common.namespace" . }}-docker-registry-key" diff --git a/kubernetes/aai/templates/ingress.yaml b/kubernetes/aai/templates/ingress.yaml new file mode 100644 index 0000000000..8f87c68f1e --- /dev/null +++ b/kubernetes/aai/templates/ingress.yaml @@ -0,0 +1 @@ +{{ include "common.ingress" . }} diff --git a/kubernetes/aai/templates/secret.yaml b/kubernetes/aai/templates/secret.yaml new file mode 100644 index 0000000000..dd8be62aad --- /dev/null +++ b/kubernetes/aai/templates/secret.yaml @@ -0,0 +1,36 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Secret +metadata: + name: aai-common-aai-auth + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/auth/*").AsSecrets . | indent 2 }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: aai-common-truststore + namespace: {{ include "common.namespace" . }} +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/aai/*").AsSecrets . | indent 2 }} diff --git a/kubernetes/aai/templates/service.yaml b/kubernetes/aai/templates/service.yaml new file mode 100644 index 0000000000..5ee966811c --- /dev/null +++ b/kubernetes/aai/templates/service.yaml @@ -0,0 +1,40 @@ +# Copyright © 2018 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +apiVersion: v1 +kind: Service +metadata: + name: {{ include "common.servicename" . }} + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +spec: + ports: + {{if eq .Values.service.type "NodePort" -}} + - name: {{ .Values.service.portName }} + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort }} + {{- else -}} + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + name: {{ .Values.service.portName }} + {{- end}} + type: {{ .Values.service.type }} + selector: + app: {{ include "common.name" . }} + clusterIP: {{ .Values.service.aaiServiceClusterIp }} diff --git a/kubernetes/aai/values.yaml b/kubernetes/aai/values.yaml new file mode 100644 index 0000000000..c0f0999d0c --- /dev/null +++ b/kubernetes/aai/values.yaml @@ -0,0 +1,382 @@ +# Copyright (c) 2017 Amdocs, Bell Canada +# Modifications Copyright (c) 2018 AT&T +# Modifications Copyright (c) 2020 Nokia +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Default values for aai. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: # global defaults + nodePortPrefix: 302 + repository: nexus3.onap.org:10001 + dockerhubRepository: docker.io + busyboxImage: busybox + + readinessImage: onap/oom/readiness:3.0.1 + + loggingRepository: docker.elastic.co + loggingImage: beats/filebeat:5.5.0 + + restartPolicy: Always + + installSidecarSecurity: false + aafEnabled: true + + fproxy: + name: forward-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/fproxy:2.1.13 + port: 10680 + + rproxy: + name: reverse-proxy + activeSpringProfiles: noHostVerification,cadi + image: onap/rproxy:2.1.13 + port: 10692 + + tproxyConfig: + name: init-tproxy-config + image: onap/tproxy-config:2.1.13 + + # AAF server details. Only needed if the AAF DNS does not resolve from the pod + aaf: + serverIp: 10.12.6.214 + serverHostname: aaf.osaaf.org + serverPort: 30247 + + cassandra: + #This will instantiate AAI cassandra cluster, default:shared cassandra. + localCluster: false + + #Service Name of the cassandra cluster to connect to. + #Override it to aai-cassandra if localCluster is enabled. + serviceName: cassandra + + #This should be same as shared cassandra instance or if localCluster is enabled + #then it should be same as aai-cassandra replicaCount + replicas: 3 + + #Cassanara login details + username: cassandra + password: cassandra + + aai: + serviceName: aai + babel: + serviceName: aai-babel + aaiElasticsearch: + serviceName: aai-elasticsearch + resources: + serviceName: aai-resources + sparkyBe: + serviceName: aai-sparky-be + dataRouter: + serviceName: aai-data-router + gizmo: + serviceName: aai-gizmo + modelloader: + serviceName: aai-modelloader + searchData: + serviceName: aai-search-data + traversal: + serviceName: aai-traversal + graphadmin: + serviceName: aai-graphadmin + spike: + serviceName: aai-spike + + initContainers: + enabled: true + # Specifies a list of jobs to be run + jobs: + # When enabled, it will create the schema based on oxm and edge rules + createSchema: + enabled: true + # When enabled, it will create the widget models via REST API to haproxy + updateQueryData: + enabled: true + #migration using helm hooks + migration: + enabled: false + remoteCassandra: + enabled: false + storage: + backend: cassandra + hostname: 10.10.10.10 + connectionTimeout: 100000 + cacheSize: 1000000 + keyConsistent: true + + #If backend is cql or cassandra it should be keyspace name + #else backend is hbase it should be hbase table name + name: aaigraph + + ## CQL driver specific properties for janusgraph + # cql: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + ## Cassandra driver specific properties for janusgraph + cassandra: + #Name of the Cassandra Cluster + clusterName: aai-cluster + localDataCenter: Pod lab + readConsistency: LOCAL_QUORUM + writeConsistency: LOCAL_QUORUM + replicationFactor: 3 + + #storage: + # backend: cassandra + # hostname: somehost1,somehost2,somehost3 + # connectionTimeout: 100000 + # cacheSize: 1000000 + # clusterName: someClusterName + # localDataCenter: someDataCenter + # keyConsistent: true + # #If backend is cql or cassandra it should be keyspace name + # #else backend is hbase it should be hbase table name + # name: your_hbase_table_or_keyspace_name + + ## CQL driver specific properties for janusgraph + # cql: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + ## Cassandra driver specific properties for janusgraph + # cassandra: + # #Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: LOCAL_QUORUM + # writeConsistency: LOCAL_QUORUM + # replicationFactor: 3 + + + # Common configuration for resources traversal and graphadmin + config: + # User information for the admin user in container + userId: 1000 + groupId: 1000 + + # Specifies that the cluster connected to a dynamic + # cluster being spinned up by kubernetes deployment + cluster: + cassandra: + dynamic: true + + # If cluster.cassandra.dynamic is set to false + # Then the following configuration should be uncommented + # This is if you are planning to connect to a existing + # Cassandra cluster instead of doing the deployment + #storage: + # backend: cassandra + # hostname: somehost1,somehost2,somehost3 + # connectionTimeout: 100000 + # cacheSize: 1000000 + # clusterName: someClusterName + # localDataCenter: someDataCenter + # keyConsistent: true + # # If backend is cql or cassandra it should be keyspace name + # # else backend is hbase it should be hbase table name + # name: your_hbase_table_or_keyspace_name + + # # CQL driver specific properties for janusgraph + # cql: + # # Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: QUORUM + # writeConsistency: QUORUM + # replicationFactor: 3 + # localConsistencyForSysOps: true + + # # Cassandra driver specific properties for janusgraph + # cassandra: + # # Name of the Cassandra Cluster + # cluster: someclustername + # readConsistency: LOCAL_QUORUM + # writeConsistency: LOCAL_QUORUM + # replicationFactor: 3 + + # Specifies if the basic authorization is enabled + basic: + auth: + enabled: true + username: AAI + passwd: AAI + + # Active spring profiles for the resources microservice + profiles: + active: production,dmaap,aaf-auth + + # Notification event specific properties + notification: + eventType: AAI-EVENT + domain: dev + + # Schema specific properties that include supported versions of api + schema: + # Specifies if the connection should be one way ssl, two way ssl or no auth + service: + client: one-way-ssl + # Specifies which translator to use if it has schema-service, then it will make a rest request to schema service + translator: + list: schema-service + source: + # Specifies which folder to take a look at + name: onap + uri: + # Base URI Path of the application + base: + path: /aai + version: + # Current version of the REST API + api: + default: v21 + # Specifies which version the depth parameter is configurable + depth: v11 + # List of all the supported versions of the API + list: v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21 + # Specifies from which version related link should appear + related: + link: v11 + # Specifies from which version the app root change happened + app: + root: v11 + # Specifies from which version the xml namespace changed + namespace: + change: v12 + # Specifies from which version the edge label appeared in API + edge: + label: v12 + + # Keystore configuration password and filename + keystore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Truststore configuration password and filename + truststore: + filename: aai_keystore + passwd: OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0 + + # Specifies a list of files to be included in auth volume + auth: + files: + - aai_keystore + + # Specifies which clients should always default to realtime graph connection + realtime: + clients: SDNC,MSO,SO,robot-ete + + # Logback debug enabled + logback: + console: + # If enabled, container will print all logback to standard output + # This will make debugging much easier but it should only be done + # when debugging the issue and changed back as it can affect performance + # since when this is enabled, it prints a lot of information to console + enabled: false + +# application image +dockerhubRepository: registry.hub.docker.com +image: aaionap/haproxy:1.4.2 +pullPolicy: Always + +flavor: small +flavorOverride: small + +# flag to enable debugging - application support required +debugEnabled: false + +# application configuration +config: + logstashServiceName: log-ls + logstashPort: 5044 + +# default number of instances +replicaCount: 1 + +nodeSelector: {} + +affinity: {} + +# probe configuration parameters +liveness: + initialDelaySeconds: 10 + periodSeconds: 10 + # necessary to disable liveness probe when setting breakpoints + # in debugger so K8s doesn't restart unresponsive container + enabled: true + +#This section is used when localCluster is enabled. AAI will create its own cassandra cluster for its specific use. +#Below command will instantiate the aai cassandra instances: +#helm deploy demo local/onap --version=4.0.0 --namespace onap --set aai.enabled=true \ +# --set aai.global.cassandra.localCluster=true \ +# --set aai.global.cassandra.serviceName=aai-cassandra +cassandra: + nameOverride: aai-cassandra + replicaCount: 3 + service: + name: aai-cassandra + persistence: + mountSubPath: aai/cassandra + enabled: true + +readiness: + initialDelaySeconds: 10 + periodSeconds: 10 + +service: + type: NodePort + portName: aai-ssl + externalPort: 8443 + internalPort: 8443 + nodePort: 33 + # POLICY hotfix - Note this must be temporary + # See https://jira.onap.org/browse/POLICY-510 + aaiServiceClusterIp: + +ingress: + enabled: false + service: + - baseaddr: "aai.api" + name: "aai" + port: 8443 + config: + ssl: "redirect" + +resources: + small: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 1 + memory: 1Gi + large: + limits: + cpu: 4 + memory: 8Gi + requests: + cpu: 2 + memory: 2Gi + unlimited: {} + -- 2.16.6