patches/offline-changes.patch

   1 diff --git a/kubernetes/appc/values.yaml b/kubernetes/appc/values.yaml
   2 index 1c20977..4b47c63 100644
   3 --- a/kubernetes/appc/values.yaml
   4 +++ b/kubernetes/appc/values.yaml
   5 @@ -29,7 +29,7 @@ global:
   6  #################################################################
   7  # application image
   8  repository: nexus3.onap.org:10001
   9 -image: onap/appc-image:1.4.0-SNAPSHOT-latest
  10 +image: onap/appc-image:1.3.0
  11  pullPolicy: Always
  12
  13  # flag to enable debugging - application support required
  14 @@ -37,10 +37,7 @@ debugEnabled: false
  15
  16  # application configuration
  17  config:
  18 -  aafExtIP: 127.0.0.1
  19 -  aafExtFQDN: aaf-onap-beijing-test.osaaf.org
  20    dbRootPassword: openECOMP1.0
  21 -  enableAAF: false
  22    enableClustering: true
  23    configDir: /opt/onap/appc/data/properties
  24    dmaapTopic: SUCCESS
  25 diff --git a/kubernetes/common/dgbuilder/templates/deployment.yaml b/kubernetes/common/dgbuilder/templates/deployment.yaml
  26 index 328e058..b359526 100644
  27 --- a/kubernetes/common/dgbuilder/templates/deployment.yaml
  28 +++ b/kubernetes/common/dgbuilder/templates/deployment.yaml
  29 @@ -35,8 +35,14 @@ spec:
  30          - name: {{ include "common.name" . }}
  31            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  32            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  33 -          command: ["/bin/bash"]
  34 -          args: ["-c", "cd /opt/onap/ccsdk/dgbuilder/ && ./start.sh sdnc1.0 && wait"]
  35 +          command:
  36 +          - /bin/bash
  37 +          - -c
  38 +          - >
  39 +            UPDATE_HOSTS_FILE >> /etc/hosts;
  40 +            UPDATE_NPM_REGISTRY;
  41 +            cd /opt/onap/ccsdk/dgbuilder/;
  42 +            ./start.sh sdnc1.0 && wait
  43            ports:
  44            - containerPort: {{ .Values.service.internalPort }}
  45            readinessProbe:
  46 @@ -94,3 +100,4 @@ spec:
  47              defaultMode: 0755
  48        imagePullSecrets:
  49        - name: "{{ include "common.namespace" . }}-docker-registry-key"
  50 +
  51 diff --git a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
  52 index acda520..8fa35f9 100644
  53 --- a/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
  54 +++ b/kubernetes/dcaegen2/charts/dcae-cloudify-manager/templates/deployment.yaml
  55 @@ -68,6 +68,8 @@ spec:
  56            - mountPath: /etc/localtime
  57              name: localtime
  58              readOnly: true
  59 +          - mountPath: /etc/pki/ca-trust/source/anchors
  60 +            name: root-ca
  61            securityContext:
  62              privileged: True
  63            lifecycle:
  64 @@ -80,6 +82,8 @@ spec:
  65                    set -ex
  66                    mkdir -p /var/run/secrets/kubernetes.io/
  67                    ln -s /secret /var/run/secrets/kubernetes.io/serviceaccount
  68 +                  echo -e '\nREQUESTS_CA_BUNDLE="/etc/ssl/certs/ca-bundle.crt"' >> /etc/sysconfig/cloudify-restservice
  69 +                  update-ca-trust extract
  70        volumes:
  71          - name: {{ include "common.fullname" . }}-config
  72            configMap:
  73 @@ -93,5 +97,8 @@ spec:
  74          - name: localtime
  75            hostPath:
  76              path: /etc/localtime
  77 +        - name: root-ca
  78 +          hostPath:
  79 +            path: CERT_PATH
  80        imagePullSecrets:
  81        - name: "{{ include "common.namespace" . }}-docker-registry-key"
  82 diff --git a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
  83 index 379fc24..4802f8b 100644
  84 --- a/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
  85 +++ b/kubernetes/dmaap/charts/message-router/templates/deployment.yaml
  86 @@ -48,6 +48,12 @@ spec:
  87          name: {{ include "common.name" . }}-readiness
  88        containers:
  89          - name: {{ include "common.name" . }}
  90 +          command:
  91 +          - /bin/sh
  92 +          - -c
  93 +          - >
  94 +            UPDATE_HOSTS_FILE >> /etc/hosts;
  95 +            ./startup.sh
  96            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
  97            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
  98            ports:
  99 diff --git a/kubernetes/onap/values.yaml b/kubernetes/onap/values.yaml
 100 index b8f15e1..fadb56e 100644
 101 --- a/kubernetes/onap/values.yaml
 102 +++ b/kubernetes/onap/values.yaml
 103 @@ -39,7 +39,8 @@ global:
 104    loggingRepository: docker.elastic.co
 105
 106    # image pull policy
 107 -  pullPolicy: Always
 108 +  #pullPolicy: Always
 109 +  pullPolicy: IfNotPresent
 110
 111    # default mount path root directory referenced
 112    # by persistent volumes and log files
 113 @@ -66,11 +67,11 @@ appc:
 114    config:
 115      openStackType: OpenStackProvider
 116      openStackName: OpenStack
 117 -    openStackKeyStoneUrl: http://localhost:8181/apidoc/explorer/index.html
 118 -    openStackServiceTenantName: default
 119 -    openStackDomain: default
 120 -    openStackUserName: admin
 121 -    openStackEncryptedPassword: admin
 122 +    openStackKeyStoneUrl: FILL-ME
 123 +    openStackServiceTenantName: FILL-ME
 124 +    openStackDomain: FILL-ME
 125 +    openStackUserName: FILL-ME
 126 +    openStackEncryptedPassword: FILL-ME
 127  clamp:
 128    enabled: true
 129  cli:
 130 @@ -97,8 +98,11 @@ nbi:
 131    enabled: true
 132    config:
 133      # openstack configuration
 134 -    openStackRegion: "Yolo"
 135 -    openStackVNFTenantId: "1234"
 136 +    openStackUserName: "FILL-ME"
 137 +    openStackRegion: "FILL-ME"
 138 +    openStackKeyStoneUrl: "FILL-ME"
 139 +    openStackServiceTenantName: "FILL-ME"
 140 +    openStackEncryptedPasswordHere: "FILL-ME"
 141  policy:
 142    enabled: true
 143  portal:
 144 @@ -112,7 +116,11 @@ sdnc:
 145
 146    replicaCount: 1
 147
 148 +  config:
 149 +    enableClustering: false
 150 +
 151    mysql:
 152 +    disableNfsProvisioner: true
 153      replicaCount: 1
 154  so:
 155    enabled: true
 156 @@ -129,11 +137,11 @@ so:
 157      # message router configuration
 158      dmaapTopic: "AUTO"
 159      # openstack configuration
 160 -    openStackUserName: "vnf_user"
 161 -    openStackRegion: "RegionOne"
 162 -    openStackKeyStoneUrl: "http://1.2.3.4:5000"
 163 -    openStackServiceTenantName: "service"
 164 -    openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
 165 +    openStackUserName: "FILL-ME"
 166 +    openStackRegion: "FILL-ME"
 167 +    openStackKeyStoneUrl: "FILL-ME"
 168 +    openStackServiceTenantName: "FILL-ME"
 169 +    openStackEncryptedPasswordHere: "FILL-ME"
 170
 171    # configure embedded mariadb
 172    mariadb:
 173 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
 174 index 72f7a74..f6b3478 100644
 175 --- a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
 176 +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/apps-install.sh
 177 @@ -114,7 +114,7 @@ else
 178      url_release
 179  fi
 180
 181 -wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip
 182 +wget "${APP_URL}" -O "${DOWNLOAD_DIR}"/apps-"${APP_NAME}".zip --no-check-certificate
 183  if [[ $? != 0 ]]; then
 184      echo "ERROR: cannot download ${DOWNLOAD_DIR}/apps-${APP_NAME}.zip"
 185      exit 1
 186 diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
 187 index a6c054d..9e48d55 100644
 188 --- a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
 189 +++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh
 190 @@ -84,8 +84,8 @@ echo "Restarting PDP-D .."
 191  echo
 192  echo
 193
 194 -POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools)
 195 -kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start"
 196 +POD=$(kubectl --namespace onap get pods | sed 's/ .*//'| grep drools)
 197 +kubectl --namespace onap exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 1 && policy start"
 198
 199  sleep 20
 200
 201 diff --git a/kubernetes/policy/resources/config/pe/push-policies.sh b/kubernetes/policy/resources/config/pe/push-policies.sh
 202 index dcd3afb..21b3171 100644
 203 --- a/kubernetes/policy/resources/config/pe/push-policies.sh
 204 +++ b/kubernetes/policy/resources/config/pe/push-policies.sh
 205 @@ -22,7 +22,7 @@ echo "Upload BRMS Param Template"
 206
 207  sleep 2
 208
 209 -wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing
 210 +wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl?h=beijing --no-check-certificate
 211
 212  sleep 2
 213
 214 diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
 215 index aea67c8..06dc17b 100644
 216 --- a/kubernetes/robot/values.yaml
 217 +++ b/kubernetes/robot/values.yaml
 218 @@ -39,49 +39,49 @@ config:
 219    # Password of the lighthttpd server.  Used for HTML auth for webpage access
 220    lightHttpdPassword: robot
 221    # gerrit branch where the latest heat code is checked in
 222 -  gerritBranch: 2.0.0-ONAP
 223 +  gerritBranch: master
 224    # gerrit project where the latest heat code is checked in
 225    gerritProject: http://gerrit.onap.org/r/demo.git
 226
 227
 228  # Demo configuration
 229  # Nexus demo artifact version.  Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
 230 -demoArtifactsVersion: "1.2.0-SNAPSHOT"
 231 +demoArtifactsVersion: "1.3.0"
 232  # Openstack medium sized flavour name.  Maps GLOBAL_INJECTED_VM_FLAVOR
 233  openStackFlavourMedium: "m1.medium"
 234  # Openstack keystone URL.  Maps to GLOBAL_INJECTED_KEYSTONE
 235 -openStackKeyStoneUrl: "http://1.2.3.4:5000"
 236 +openStackKeyStoneUrl: "FILL-ME"
 237  # UUID of the Openstack network that can assign floating ips.  Maps to GLOBAL_INJECTED_PUBLIC_NET_ID
 238 -openStackPublicNetId: "e8f51958045716781ffc"
 239 +openStackPublicNetId: "FILL-ME"
 240  # password for Openstack tenant where VNFs will be spawned.  Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD
 241 -openStackPassword: "tenantPassword"
 242 +openStackPassword: "FILL-ME"
 243  # Openstack region.  Maps to GLOBAL_INJECTED_REGION
 244  openStackRegion: "RegionOne"
 245  # Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
 246 -openStackTenantId: "47899782ed714295b1151681fdfd51f5"
 247 +openStackTenantId: "FILL-ME"
 248  # username for Openstack tenant where VNFs will be spawned.  Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
 249 -openStackUserName: "tenantUsername"
 250 +openStackUserName: "FILL-ME"
 251  # Openstack glance image name for Ubuntu 14.  Maps to GLOBAL_INJECTED_UBUNTU_1404_IMAGE
 252 -ubuntu14Image: "Ubuntu_14_trusty"
 253 +ubuntu14Image: "FILL-ME"
 254  # Openstack glance image name for Ubuntu 16.  Maps to GLOBAL_INJECTED_UBUNTU_1604_IMAGE
 255 -ubuntu16Image: "Ubuntu_16_xenial"
 256 +ubuntu16Image: "FILL-ME"
 257  # GLOBAL_INJECTED_SCRIPT_VERSION.  Maps to GLOBAL_INJECTED_SCRIPT_VERSION
 258 -scriptVersion: "1.2.0-SNAPSHOT"
 259 +scriptVersion: "1.2.1"
 260  # Openstack network to which VNFs will bind their primary (first) interface.  Maps to GLOBAL_INJECTED_NETWORK
 261 -openStackPrivateNetId: "e8f51956-00dd-4425-af36-045716781ffc"
 262 +openStackPrivateNetId: "FILL-ME"
 263
 264  # SDNC Preload configuration
 265  # Openstack subnet UUID for the network defined by openStackPrivateNetId.  Maps to onap_private_subnet_id
 266 -openStackPrivateSubnetId: "e8f51956-00dd-4425-af36-045716781ffc"
 267 +openStackPrivateSubnetId: "FILL-ME"
 268  # CIDR notation for the Openstack private network where VNFs will be spawned.  Maps to onap_private_net_cidr
 269 -openStackPrivateNetCidr: "10.0.0.0/8"
 270 +openStackPrivateNetCidr: "FILL-ME"
 271  # The first 2 octets of the private Openstack subnet where VNFs will be spawned.
 272  # Needed because sdnc preload templates hardcodes things like this 10.0.${ecompnet}.X
 273  openStackOamNetworkCidrPrefix: "10.0"
 274  # Override with Pub Key for access to VNF
 275 -vnfPubKey: "FILL_IN_WITH_PUB_KEY"
 276 -# Override with DCAE VES Collector external IP
 277 -dcaeCollectorIp: "FILL_IN_WITH_DCAE_VES_COLLECTOR_IP"
 278 +vnfPubKey: "FILL-ME"
 279 +# Override with DCAE VES Collector external IP
 280 +dcaeCollectorIp: "FILL-ME"
 281
 282  # default number of instances
 283  replicaCount: 1
 284 @@ -156,4 +156,4 @@ persistence:
 285    accessMode: ReadWriteMany
 286    size: 2Gi
 287    mountPath: /dockerdata-nfs
 288 -  mountSubPath: robot/logs
 289 \ No newline at end of file
 290 +  mountSubPath: robot/logs
 291 diff --git a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
 292 index a19c33a..b49e2c4 100644
 293 --- a/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
 294 +++ b/kubernetes/sdnc/charts/sdnc-ansible-server/templates/deployment.yaml
 295 @@ -47,8 +47,17 @@ spec:
 296          name: {{ include "common.name" . }}-readiness
 297        containers:
 298          - name: {{ include "common.name" . }}
 299 -          command: ["/bin/bash"]
 300 -          args: ["-c", "cd /opt/onap/sdnc && ./startAnsibleServer.sh"]
 301 +          command:
 302 +          - bash
 303 +          - "-c"
 304 +          - |
 305 +            pip install /root/ansible_pkg/*.whl
 306 +            dpkg -i /root/ansible_pkg/*.deb
 307 +            cp /etc/ansible/ansible.cfg /etc/ansible/ansible.cfg.orig
 308 +            cat /etc/ansible/ansible.cfg.orig | sed -e 's/#host_key_checking/host_key_checking/' > /etc/ansible/ansible.cfg
 309 +            touch /tmp/.ansible-server-installed
 310 +            cd /opt/onap/sdnc
 311 +            ./startAnsibleServer.sh
 312            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
 313            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 314            ports:
 315 @@ -74,6 +83,8 @@ spec:
 316            - mountPath: {{ .Values.config.configDir }}/RestServer_config
 317              name: config
 318              subPath: RestServer_config
 319 +          - mountPath: /root/ansible_pkg
 320 +            name: ansible-pkg
 321            resources:
 322  {{ toYaml .Values.resources | indent 12 }}
 323          {{- if .Values.nodeSelector }}
 324 @@ -92,5 +103,9 @@ spec:
 325            configMap:
 326              name: {{ include "common.fullname" . }}
 327              defaultMode: 0644
 328 +        - name: ansible-pkg
 329 +          hostPath:
 330 +            path: /root/ansible_pkg
 331        imagePullSecrets:
 332 -      - name: "{{ include "common.namespace" . }}-docker-registry-key"
 333 \ No newline at end of file
 334 +      - name: "{{ include "common.namespace" . }}-docker-registry-key"
 335 +
 336 diff --git a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
 337 index 87ed6aa..5da236d 100644
 338 --- a/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
 339 +++ b/kubernetes/sdnc/charts/sdnc-portal/templates/deployment.yaml
 340 @@ -49,8 +49,13 @@ spec:
 341          name: {{ include "common.name" . }}-readiness
 342        containers:
 343          - name: {{ include "common.name" . }}
 344 -          command: ["/bin/bash"]
 345 -          args: ["-c", "cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh"]
 346 +          command:
 347 +          - /bin/bash
 348 +          - -c
 349 +          - >
 350 +            UPDATE_HOSTS_FILE >> /etc/hosts;
 351 +            UPDATE_NPM_REGISTRY;
 352 +            cd /opt/onap/sdnc/admportal/shell && ./start_portal.sh
 353            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
 354            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 355            ports:
 356 diff --git a/kubernetes/uui/charts/uui-server/templates/deployment.yaml b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
 357 index accdff9..fa83daf 100644
 358 --- a/kubernetes/uui/charts/uui-server/templates/deployment.yaml
 359 +++ b/kubernetes/uui/charts/uui-server/templates/deployment.yaml
 360 @@ -34,6 +34,12 @@ spec:
 361          - name: {{ include "common.name" . }}
 362            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
 363            imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 364 +          command:
 365 +            - /bin/bash
 366 +            - -c
 367 +            - >
 368 +              chown -R mysql:mysql /var/lib/mysql /var/run/mysqld;
 369 +              /home/uui/bin/run.sh
 370            ports:
 371            - containerPort: {{ .Values.service.internalPort }}
 372            # disable liveness probe when breakpoints set in debugger
 373 --- oom/kubernetes/common/common/templates/_cacert.tpl  1970-01-01 00:00:00.000000000 +0000
 374 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/common/common/templates/_cacert.tpl  2018-11-02 15:09:31.781688957 +0000
 375 @@ -0,0 +1,62 @@
 376 +#This template adds volume for access to ca certificate.
 377 +#Template is ignored when cacert not set.
 378 +{{- define "common.cacert-volume" }}
 379 +{{- if .Values.global.cacert }}
 380 +- name: cacert
 381 +  configMap:
 382 +    name: {{ include "common.namespace" . }}-root-ca-cert
 383 +{{- end }}
 384 +{{- end }}
 385 +
 386 +#This template mounts the CA certificate in an ubuntu compatible way.
 387 +#It is mounted to /usr/local/share/ca-certificates/cacert.crt.
 388 +#Template is ignored if cacert not set.
 389 +{{- define "common.cacert-mount-ubuntu" }}
 390 +{{- if .Values.global.cacert }}
 391 +- mountPath: "/usr/local/share/ca-certificates/cacert.crt"
 392 +  name: cacert
 393 +  subPath: certificate
 394 +{{- end }}
 395 +{{- end }}
 396 +
 397 +#This template creates an empty volume used to store system certificates (includes java keystore).
 398 +{{- define "common.system-ca-store-volume" }}
 399 +{{- if .Values.global.cacert }}
 400 +- name: system-ca-store
 401 +  emptyDir:
 402 +{{- end }}
 403 +{{- end }}
 404 +
 405 +#This template mounts system ca store volume to /etc/ssl/certs (ubuntu specific).
 406 +#Template is ignored in case cacert is not given.
 407 +{{- define "common.system-ca-store-mount-ubuntu" }}
 408 +{{- if .Values.global.cacert }}
 409 +- mountPath: "/etc/ssl/certs"
 410 +  name: system-ca-store
 411 +{{- end }}
 412 +{{- end }}
 413 +
 414 +#This template is a template for an init container.
 415 +#This init container can be declared to update system's ca store for ubuntu containers.
 416 +#It runs as root using the same image as the main one.
 417 +#It expects /etc/ssl/certs to be mounted as a volume.
 418 +#It has to be shared with the main container.
 419 +#This template is ignored if cacert is not given as helm value.
 420 +{{- define "common.update-system-ca-store-ubuntu" }}
 421 +{{- if .Values.global.cacert }}
 422 +- command:
 423 +  - "/bin/bash"
 424 +  - "-c"
 425 +  - |
 426 +      mkdir -p /etc/ssl/certs/java
 427 +      update-ca-certificates
 428 +  name: update-system-ca-store
 429 +  imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 430 +  image: {{ include "common.repository" . }}/{{ .Values.image }}
 431 +  securityContext:
 432 +    runAsUser: 0
 433 +  volumeMounts:
 434 +{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
 435 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 2 }}
 436 +{{- end }}
 437 +{{- end }}
 438 --- oom/kubernetes/onap/templates/configmap.yaml        1970-01-01 00:00:00.000000000 +0000
 439 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/onap/templates/configmap.yaml        2018-11-02 15:09:31.804689107 +0000
 440 @@ -0,0 +1,15 @@
 441 +{{ if .Values.global.cacert -}}
 442 +apiVersion: v1
 443 +kind: ConfigMap
 444 +metadata:
 445 +  name: {{ include "common.namespace" . }}-root-ca-cert
 446 +  namespace: {{ include "common.namespace" . }}
 447 +  labels:
 448 +    app: {{ include "common.name" . }}
 449 +    chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
 450 +    release: {{ .Release.Name }}
 451 +    heritage: {{ .Release.Service }}
 452 +data:
 453 +  certificate: |
 454 +{{ .Values.global.cacert | indent 4 }}
 455 +{{- end }}
 456 --- oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml       2018-11-06 07:38:46.341849402 +0000
 457 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/brmsgw/templates/deployment.yaml       2018-11-02 15:09:31.808689133 +0000
 458 @@ -45,6 +45,7 @@
 459          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
 460          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 461          name: {{ include "common.name" . }}-readiness
 462 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
 463        containers:
 464        - command:
 465          - /bin/bash
 466 @@ -68,6 +69,8 @@
 467            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 468            periodSeconds: {{ .Values.readiness.periodSeconds }}
 469          volumeMounts:
 470 +{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
 471 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
 472          - mountPath: /etc/localtime
 473            name: localtime
 474            readOnly: true
 475 @@ -94,6 +97,8 @@
 476  {{ toYaml .Values.affinity | indent 10 }}
 477        {{- end }}
 478        volumes:
 479 +{{ include "common.cacert-volume" . | indent 8 }}
 480 +{{ include "common.system-ca-store-volume" . | indent 8 }}
 481          - name: localtime
 482            hostPath:
 483              path: /etc/localtime
 484 --- oom/kubernetes/policy/charts/drools/templates/statefulset.yaml      2018-11-06 07:38:46.343849404 +0000
 485 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/drools/templates/statefulset.yaml      2018-11-02 15:09:31.810689146 +0000
 486 @@ -51,6 +51,8 @@
 487          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
 488          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 489          name: {{ include "common.name" . }}-readiness
 490 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
 491 +{{ include "policy.update-policy-keystore" . | indent 6 }}
 492        containers:
 493          - name: {{ include "common.name" . }}
 494            image: "{{ include "common.repository" . }}/{{ .Values.image }}"
 495 @@ -78,6 +80,9 @@
 496            - name: REPLICAS
 497              value: "{{ .Values.replicaCount }}"
 498            volumeMounts:
 499 +{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
 500 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
 501 +{{ include "policy.keystore-mount" . | indent 10 }}
 502            - mountPath: /etc/localtime
 503              name: localtime
 504              readOnly: true
 505 @@ -136,6 +141,9 @@
 506  {{ toYaml .Values.affinity | indent 10 }}
 507          {{- end }}
 508        volumes:
 509 +{{ include "common.cacert-volume" . | indent 8 }}
 510 +{{ include "common.system-ca-store-volume" . | indent 8 }}
 511 +{{ include "policy.keystore-storage-volume" . | indent 8 }}
 512          - name: localtime
 513            hostPath:
 514              path: /etc/localtime
 515 --- oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-06 07:38:46.345849405 +0000
 516 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/pdp/templates/statefulset.yaml 2018-11-02 15:09:31.812689159 +0000
 517 @@ -49,6 +49,7 @@
 518          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
 519          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 520          name: {{ include "common.name" . }}-readiness
 521 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
 522        containers:
 523        - command:
 524          - /bin/bash
 525 @@ -72,6 +73,8 @@
 526            initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
 527            periodSeconds: {{ .Values.readiness.periodSeconds }}
 528          volumeMounts:
 529 +{{ include "common.cacert-mount-ubuntu" . | indent 8 }}
 530 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 8 }}
 531          - mountPath: /etc/localtime
 532            name: localtime
 533            readOnly: true
 534 @@ -121,6 +124,8 @@
 535  {{ toYaml .Values.affinity | indent 10 }}
 536          {{- end }}
 537        volumes:
 538 +{{ include "common.cacert-volume" . | indent 6 }}
 539 +{{ include "common.system-ca-store-volume" . | indent 6 }}
 540        - name: localtime
 541          hostPath:
 542            path: /etc/localtime
 543 --- oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl  1970-01-01 00:00:00.000000000 +0000
 544 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/charts/policy-common/templates/_keystore.tpl  2018-11-02 15:09:31.812689159 +0000
 545 @@ -0,0 +1,43 @@
 546 +#This template creates a volume for storing policy-keystore with imported ca.
 547 +#It is ignored if cacert was not given.
 548 +{{- define "policy.keystore-storage-volume" }}
 549 +{{- if .Values.global.cacert }}
 550 +- name: keystore-storage
 551 +  emptyDir:
 552 +{{- end }}
 553 +{{- end }}
 554 +
 555 +#This template mounts policy-keystore in appropriate place for policy components to take it.
 556 +#It is ignored if cacert is not given.
 557 +{{- define "policy.keystore-mount" }}
 558 +{{- if .Values.global.cacert }}
 559 +- mountPath: "/tmp/policy-install/config/policy-keystore"
 560 +  name: keystore-storage
 561 +  subPath: policy-keystore
 562 +{{- end }}
 563 +{{- end }}
 564 +
 565 +#This will extract a policy keystore and then import
 566 +#the root cacert of offline nexus into it.
 567 +#This template expects a volume named keystore-storage where policy-keystore will be put.
 568 +#It also expects volume named cacert where the file "certificate" will contain the cert to import.
 569 +#Template is ignored if ca certificate not given.
 570 +{{- define "policy.update-policy-keystore" }}
 571 +{{- if .Values.global.cacert }}
 572 +- command:
 573 +  - "/bin/bash"
 574 +  - "-c"
 575 +  - |
 576 +      set -e
 577 +      tar -xzf base-*.tar.gz etc/ssl/policy-keystore
 578 +      cp etc/ssl/policy-keystore keystore-storage/
 579 +      keytool -import -keystore keystore-storage/policy-keystore -storepass "Pol1cy_0nap" -noprompt -file /usr/local/share/ca-certificates/cacert.crt
 580 +  name: update-policy-keystore
 581 +  imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 582 +  image: {{ include "common.repository" . }}/{{ .Values.image }}
 583 +  volumeMounts:
 584 +  - mountPath: "/tmp/policy-install/keystore-storage"
 585 +    name: keystore-storage
 586 +{{ include "common.cacert-mount-ubuntu" . | indent 2 }}
 587 +{{- end }}
 588 +{{- end }}
 589 --- oom/kubernetes/policy/templates/deployment.yaml     2018-11-06 07:38:46.346849406 +0000
 590 +++ onap-dev/install/onap-offline/resources/oom/kubernetes/policy/templates/deployment.yaml     2018-11-02 15:09:31.813689166 +0000
 591 @@ -45,6 +45,7 @@
 592          image: "{{ .Values.global.readinessRepository }}/{{ .Values.global.readinessImage }}"
 593          imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
 594          name: {{ include "common.name" . }}-readiness
 595 +{{ include "common.update-system-ca-store-ubuntu" . | indent 6 }}
 596        containers:
 597          - command:
 598            - /bin/bash
 599 @@ -72,6 +73,8 @@
 600            - name: PRELOAD_POLICIES
 601              value: "{{ .Values.config.preloadPolicies }}"
 602            volumeMounts:
 603 +{{ include "common.cacert-mount-ubuntu" . | indent 10 }}
 604 +{{ include "common.system-ca-store-mount-ubuntu" . | indent 10 }}
 605            - mountPath: /etc/localtime
 606              name: localtime
 607              readOnly: true
 608 @@ -136,6 +139,8 @@
 609  {{ toYaml .Values.affinity | indent 10 }}
 610          {{- end }}
 611        volumes:
 612 +{{ include "common.cacert-volume" . | indent 8 }}
 613 +{{ include "common.system-ca-store-volume" . | indent 8 }}
 614          - name: localtime
 615            hostPath:
 616              path: /etc/localtime