From: aravind.est Date: Fri, 30 Aug 2024 13:22:35 +0000 (+0100) Subject: Add database support for NONRTRIC A1PMS X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=6c44bddd3fd84eaa755fa0ec1cfed8f19dd3ab6f;p=it%2Fdep.git Add database support for NONRTRIC A1PMS Database support added for the A1 policy management charts. Issue-ID: CCSDK-4033 Change-Id: I6a8e6e495b51460bd2fff1eff0997e59ebde0b31 Signed-off-by: aravind.est --- diff --git a/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml b/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml index 2c69607d..3ee685a2 100644 --- a/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml +++ b/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml @@ -99,9 +99,9 @@ policymanagementservice: policymanagementservice: imagePullPolicy: Always image: - registry: 'nexus3.o-ran-sc.org:10002/o-ran-sc' + registry: 'nexus3.o-ran-sc.org:10003/o-ran-sc' name: nonrtric-plt-a1policymanagementservice - tag: 2.8.0 + tag: 2.9.0-SNAPSHOT service: allowHttp: true httpName: http @@ -127,6 +127,24 @@ policymanagementservice: volumepermissions: groupid: 120957 userid: 120957 + database: + # By default database is disabled + # Enabling this will start postgres and use that as storage + enabled: false + password: bXlwd2Q= + # These are the postgresql installation parameters + postgresql: + fullnameOverride: policymanagementservice-db + auth: + username: a1pms + existingSecret: policymanagementservice-pg-secret + database: a1pms + primary: + persistence: + # Persistence disabled by default. + # Restarting postgres container will clear the data. + # Persistence can be enabled by providing volume details in the below section (size, volumeName, storageClass). + enabled: false # A1 Controller may take few more minutes to start. Increase the initialDelaySeconds in liveness to avoid container restart. a1controller: diff --git a/nonrtric/helm/policymanagementservice/requirements.yaml b/nonrtric/helm/policymanagementservice/requirements.yaml index f3b3ecd4..75e7020f 100644 --- a/nonrtric/helm/policymanagementservice/requirements.yaml +++ b/nonrtric/helm/policymanagementservice/requirements.yaml @@ -1,5 +1,6 @@ ################################################################################ -# Copyright (c) 2020 Nordix Foundation. # +# Copyright (c) 2020-2023 Nordix Foundation. # +# Copyright (C) 2023-2024 OpenInfra Foundation Europe. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -18,3 +19,7 @@ dependencies: - name: nonrtric-common version: ^2.0.0 repository: "@local" + - name: postgresql + version: 15.5.27 + repository: "https://charts.bitnami.com/bitnami" + condition: policymanagementservice.database.enabled diff --git a/nonrtric/helm/policymanagementservice/resources/config/application.yaml b/nonrtric/helm/policymanagementservice/resources/config/application.yaml index f70aaad7..69f40961 100644 --- a/nonrtric/helm/policymanagementservice/resources/config/application.yaml +++ b/nonrtric/helm/policymanagementservice/resources/config/application.yaml @@ -1,5 +1,6 @@ ################################################################################ -# Copyright (c) 2020 Nordix Foundation. # +# Copyright (c) 2020-2023 Nordix Foundation. All rights reserved. # +# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # @@ -14,63 +15,130 @@ # limitations under the License. # ################################################################################ -spring: - profiles: - active: prod - main: - allow-bean-definition-overriding: true - aop: - auto: false -management: - endpoints: - web: - exposure: - # Enabling of springboot actuator features. See springboot documentation. - include: "loggers,logfile,health,info,metrics,threaddump,heapdump" - -logging: - # Configuration of logging - level: - ROOT: ERROR - org.springframework: ERROR - org.springframework.data: ERROR - org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR - org.onap.ccsdk.oran.a1policymanagementservice: INFO - file: - name: /var/log/policy-agent/application.log - -server: - # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. - # See springboot documentation. - port : 8433 - http-port: 8081 - ssl: - key-store-type: JKS - key-store-password: policy_agent - key-store: /opt/app/policy-agent/etc/cert/keystore.jks - key-password: policy_agent - key-alias: policy_agent app: - # Location of the component configuration file. The file will only be used if the Consul database is not used; - # configuration from the Consul will override the file. + # A file containing an authorization token, which shall be inserted in each HTTP header (authorization). + # If the file name is empty, no authorization token is sent. + auth-token-file: + # A URL to authorization provider such as OPA. Each time an A1 Policy is accessed, a call to this + # authorization provider is done for access control. If this is empty, no fine grained access control is done. + authorization-provider: + # the config-file-schema-path referres to a location in the jar file. If this property is empty or missing, + # no schema validation will be executed. + config-file-schema-path: /application_configuration_schema.json + # Postgres database usage is enabled using the below parameter. + # If this is enabled, the application will use postgres database for storage. + # This overrides the s3(s3.bucket) or file store(vardata-directory) configuration if enabled. + database-enabled: {{ .Values.policymanagementservice.database.enabled }} + # Location of the component configuration file. filepath: /var/policy-management-service/application_configuration.json + # S3 object store usage is enabled by defining the bucket to use. This will override the vardata-directory parameter. + s3: + endpointOverride: http://localhost:9000 + accessKeyId: minio + secretAccessKey: miniostorage + bucket: webclient: + # Configuration of usage of HTTP Proxy for the southbound accesses. + # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s + # proxy-type can be either HTTP, SOCKS4 or SOCKS5 + http.proxy-host: + http.proxy-port: 0 + http.proxy-type: HTTP # Configuration of the trust store used for the HTTP client (outgoing requests) # The file location and the password for the truststore is only relevant if trust-store-used == true # Note that the same keystore as for the server is used. trust-store-used: false trust-store-password: policy_agent trust-store: /opt/app/policy-agent/etc/cert/truststore.jks - # Configuration of usage of HTTP Proxy for the southbound accesses. - # The HTTP proxy (if configured) will only be used for accessing NearRT RIC:s - http.proxy-host: - http.proxy-port: 0 - http.proxy-type: HTTP - # path where the service can store data + # path where the service can store data. This parameter is not relevant if S3 Object store is configured. vardata-directory: /var/policy-management-service - # the config-file-schema-path referres to a location in the jar file. If this property is empty or missing, - # no schema validation will be executed. - config-file-schema-path: /application_configuration_schema.json - # A file containing an authorization token, which shall be inserted in each HTTP header (authorization). - # If the file name is empty, no authorization token is sent. - auth-token-file: \ No newline at end of file +lifecycle: + timeout-per-shutdown-phase: "20s" +logging: + # Configuration of logging + file: + name: /var/log/policy-agent/application.log + level: + ROOT: INFO + org.onap.ccsdk.oran.a1policymanagementservice: INFO + org.springframework: ERROR + org.springframework.data: ERROR + org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR + org.springframework.web.servlet.DispatcherServlet: ERROR + # org.postgresql: DEBUG + # org.onap.ccsdk.oran.a1policymanagementservice.datastore: DEBUG + pattern: + console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] [%thread] %logger{20} - %msg%n" + file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] [%thread] %logger{20} - %msg%n" +management: + endpoint: + shutdown: + enabled: true + endpoints: + web: + exposure: + # Enabling of springboot actuator features. See springboot documentation. + include: "loggers,logfile,health,info,metrics,threaddump,heapdump,shutdown" + tracing: + propagation: + produce: ${ONAP_PROPAGATOR_PRODUCE:[W3C]} + sampling: + probability: 1.0 +otel: + exporter: + otlp: + traces: + endpoint: ${ONAP_OTEL_EXPORTER_ENDPOINT:http://jaeger:4317} + protocol: ${ONAP_OTEL_EXPORTER_PROTOCOL:grpc} + logs: + exporter: none + metrics: + exporter: none + sdk: + disabled: ${ONAP_SDK_DISABLED:true} + south: ${ONAP_TRACING_SOUTHBOUND:true} + tracing: + sampler: + jaeger_remote: + endpoint: ${ONAP_OTEL_SAMPLER_JAEGER_REMOTE_ENDPOINT:http://jaeger:14250} +server: + # Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework. + # See springboot documentation. + port : 8433 + http-port: 8081 + shutdown: "graceful" + ssl: + key-store-type: JKS + key-store-password: policy_agent + key-store: /opt/app/policy-agent/etc/cert/keystore.jks + key-password: policy_agent + key-alias: policy_agent + # trust-store-password: + # trust-store: +spring: + aop: + auto: false + application: + name: a1-pms + flyway: + # Configuration of the postgres database to be used for database migration. + # This is where the flyway maintains the information about the sql files loaded. + # These values can be passed via configmap/secret/env variable based on the installation. + # By default, Flyway uses location classpath:db/migration to load the sql files. + # This can be overridden using "flyway.locations" to have a different location. + # Password will be injected via secret/env configuration + baseline-on-migrate: true + url: "jdbc:postgresql://policymanagementservice-db:5432/a1pms" + user: a1pms + main: + allow-bean-definition-overriding: true + profiles: + active: prod + r2dbc: + # Configuration of the postgres database to be used by the application. + # These values can be passed via configmap/secret/env variable based on the installation. + # Password will be injected via secret/env configuration + url: "r2dbc:postgresql://policymanagementservice-db:5432/a1pms" + username: a1pms +springdoc: + show-actuator: true \ No newline at end of file diff --git a/nonrtric/helm/policymanagementservice/templates/pg-secret.yaml b/nonrtric/helm/policymanagementservice/templates/pg-secret.yaml new file mode 100644 index 00000000..36b09bb6 --- /dev/null +++ b/nonrtric/helm/policymanagementservice/templates/pg-secret.yaml @@ -0,0 +1,26 @@ +# ============LICENSE_START=============================================== +# Copyright (C) 2024 OpenInfra Foundation Europe. All rights reserved. +# ======================================================================== +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END================================================= +# + +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "common.name.policymanagementservice" . }}-pg-secret +type: Opaque +data: + password: &a1pmsdbpwd {{ .Values.policymanagementservice.database.password }} + postgres-password: *a1pmsdbpwd + replication-password: *a1pmsdbpwd diff --git a/nonrtric/helm/policymanagementservice/templates/statefulset.yaml b/nonrtric/helm/policymanagementservice/templates/statefulset.yaml index fd4a34ad..918916cb 100644 --- a/nonrtric/helm/policymanagementservice/templates/statefulset.yaml +++ b/nonrtric/helm/policymanagementservice/templates/statefulset.yaml @@ -43,6 +43,19 @@ spec: spec: hostname: {{ include "common.name.policymanagementservice" . }} initContainers: + {{ if .Values.policymanagementservice.database.enabled }} + - name: check-db-ready + image: busybox:1.28 + command: ['sh', '-c'] + args: + - | + until nc -z -v -w20 {{ .Values.postgresql.fullnameOverride }} 5432 + do + echo "waiting for postgres to be running"; + sleep 2; + done; + echo "Postgres is up and running"; + {{ end }} - name: copy image: busybox:1.28 command: @@ -68,6 +81,19 @@ spec: protocol: TCP - containerPort: {{ .Values.policymanagementservice.service.targetPort2 }} protocol: TCP + {{ if .Values.policymanagementservice.database.enabled }} + env: + - name: SPRING_FLYWAY_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.name.policymanagementservice" . }}-pg-secret + key: password + - name: SPRING_R2DBC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "common.name.policymanagementservice" . }}-pg-secret + key: password + {{ end }} readinessProbe: tcpSocket: port: {{ .Values.policymanagementservice.service.targetPort1 }} diff --git a/nonrtric/helm/policymanagementservice/values.yaml b/nonrtric/helm/policymanagementservice/values.yaml index 8103bfb6..b82eff68 100644 --- a/nonrtric/helm/policymanagementservice/values.yaml +++ b/nonrtric/helm/policymanagementservice/values.yaml @@ -47,4 +47,22 @@ policymanagementservice: #Volumepermissions needs to align with the container build arguments volumepermissions: groupid: 120957 - userid: 120957 \ No newline at end of file + userid: 120957 + database: + # By default database is disabled + # Enabling this will start postgres and use that as storage + enabled: false + password: bXlwd2Q= +# These are the postgresql installation parameters +postgresql: + fullnameOverride: policymanagementservice-db + auth: + username: a1pms + existingSecret: policymanagementservice-pg-secret + database: a1pms + primary: + # Persistence disabled by default. + # Restarting postgres container will clear the data. + # Persistence can be enabled by providing volume details in the below section (size, volumeName, storageClass). + persistence: + enabled: false