From: Lusheng Ji Date: Fri, 29 May 2020 17:42:13 +0000 (+0000) Subject: Merge "Enable https in nonrtric A1 simulator" X-Git-Tag: f-release~101 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=8c3573e016c2f12579383b54eef7f62c652e5ff4;hp=e5a6ed0aa2e296561249541ee57fe8b4ed55a290;p=it%2Fdep.git Merge "Enable https in nonrtric A1 simulator" --- diff --git a/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml b/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml index a13d2c92..8482f6cf 100644 --- a/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml +++ b/nonrtric/RECIPE_EXAMPLE/example_recipe.yaml @@ -32,11 +32,22 @@ a1controller: image: registry: 'nexus3.o-ran-sc.org:10004/o-ran-sc' name: nonrtric-a1-controller - tag: 1.7.4 + tag: 1.7.5 replicaCount: 1 service: - internalPort: 8181 - externalPort: 8282 + allowHttp: true + httpName: http + internalPort1: 8282 + targetPort1: 8181 + httpsName: https + internalPort2: 8383 + targetPort2: 8443 + liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + readiness: + initialDelaySeconds: 60 + periodSeconds: 10 a1simulator: a1simulator: @@ -77,8 +88,21 @@ controlpanel: tag: 1.0.0 replicaCount: 1 service: - internalPort: 8080 - externalPort: 30090 + allowHttp: true + httpName: http + internalPort1: 8080 + targetPort1: 8080 + externalPort1: 30091 + httpsName: https + internalPort2: 8081 + targetPort2: 8082 + externalPort2: 30092 + liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + readiness: + initialDelaySeconds: 20 + periodSeconds: 10 # Need to check the external port Availability policymanagementservice: @@ -89,5 +113,18 @@ policymanagementservice: name: nonrtric-policy-agent tag: 1.0.0 service: - internalPort: 8081 - externalPort: 30091 \ No newline at end of file + allowHttp: true + httpName: http + internalPort1: 9080 + targetPort1: 8081 + externalPort1: 30093 + httpsName: https + internalPort2: 9081 + targetPort2: 8433 + externalPort2: 30094 + liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + readiness: + initialDelaySeconds: 20 + periodSeconds: 10 \ No newline at end of file diff --git a/nonrtric/helm/a1controller/templates/deployment.yaml b/nonrtric/helm/a1controller/templates/deployment.yaml index d84bb37b..c5eb5964 100644 --- a/nonrtric/helm/a1controller/templates/deployment.yaml +++ b/nonrtric/helm/a1controller/templates/deployment.yaml @@ -52,13 +52,20 @@ spec: command: - /opt/onap/sdnc/bin/startODL.sh ports: - - containerPort: {{ .Values.a1controller.service.internalPort }} + - containerPort: {{ .Values.a1controller.service.targetPort1 }} + protocol: TCP + - containerPort: {{ .Values.a1controller.service.targetPort2 }} protocol: TCP readinessProbe: tcpSocket: - port: {{ .Values.a1controller.service.internalPort }} - initialDelaySeconds: 15 - periodSeconds: 15 + port: {{ .Values.a1controller.service.targetPort1 }} + initialDelaySeconds: {{ .Values.a1controller.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.a1controller.readiness.periodSeconds }} + livenessProbe: + tcpSocket: + port: {{ .Values.a1controller.service.targetPort1 }} + initialDelaySeconds: {{ .Values.a1controller.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.a1controller.liveness.periodSeconds }} --- apiVersion: apps/v1 kind: Deployment diff --git a/nonrtric/helm/a1controller/templates/service.yaml b/nonrtric/helm/a1controller/templates/service.yaml index cb6ad895..5259bb84 100644 --- a/nonrtric/helm/a1controller/templates/service.yaml +++ b/nonrtric/helm/a1controller/templates/service.yaml @@ -27,9 +27,16 @@ metadata: spec: type: ClusterIP ports: - - port: {{ .Values.a1controller.service.externalPort }} + {{if eq .Values.a1controller.service.allowHttp true -}} + - name: {{ index .Values.a1controller.service.httpName }} + port: {{ .Values.a1controller.service.internalPort1 }} + targetPort: {{ .Values.a1controller.service.targetPort1 }} + protocol: TCP + {{- end }} + - name: {{ index .Values.a1controller.service.httpsName }} + port: {{ .Values.a1controller.service.internalPort2 }} + targetPort: {{ .Values.a1controller.service.targetPort2 }} protocol: TCP - targetPort: {{ .Values.a1controller.service.internalPort }} selector: app: {{ include "common.namespace.nonrtric" . }}-{{ include "common.name.a1controller" . }} release: {{ .Release.Name }} diff --git a/nonrtric/helm/a1controller/values.yaml b/nonrtric/helm/a1controller/values.yaml index 6b0e5d37..80af1f0c 100644 --- a/nonrtric/helm/a1controller/values.yaml +++ b/nonrtric/helm/a1controller/values.yaml @@ -22,8 +22,19 @@ a1controller: image: registry: 'nexus3.o-ran-sc.org:10002/o-ran-sc' name: nonrtric-a1-controller - tag: 1.7.4 + tag: 1.7.5 replicaCount: 1 service: - internalPort: 8181 - externalPort: 8282 \ No newline at end of file + allowHttp: true + httpName: http + internalPort1: 8282 + targetPort1: 8181 + httpsName: https + internalPort2: 8383 + targetPort2: 8443 + liveness: + initialDelaySeconds: 60 + periodSeconds: 10 + readiness: + initialDelaySeconds: 60 + periodSeconds: 10 diff --git a/nonrtric/helm/controlpanel/resources/application.properties b/nonrtric/helm/controlpanel/resources/application.properties index acf20928..2ffa5b7c 100644 --- a/nonrtric/helm/controlpanel/resources/application.properties +++ b/nonrtric/helm/controlpanel/resources/application.properties @@ -14,8 +14,15 @@ # limitations under the License. # ################################################################################ server.port = 8082 +server.ssl.key-store-type = PKCS12 +server.ssl.key-store-password = ericsson_kwdjfhw +server.ssl.key-store = classpath:keystore.jks +server.ssl.key-password = ericsson_kwdjfhw server.http.port = 8080 -policycontroller.url.prefix = http://policymanagementservice:8081 +# https api +policycontroller.url.prefix = https://policymanagementservice:9081 +# http api +#policycontroller.url.prefix = http://policymanagementservice:9080 userfile = users.json portalapi.decryptor = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalSdkDecryptorAes portalapi.usercookie = UserId diff --git a/nonrtric/helm/controlpanel/templates/deployment.yaml b/nonrtric/helm/controlpanel/templates/deployment.yaml index d2fbd579..0d08ea44 100644 --- a/nonrtric/helm/controlpanel/templates/deployment.yaml +++ b/nonrtric/helm/controlpanel/templates/deployment.yaml @@ -45,9 +45,10 @@ spec: image: {{ .Values.controlpanel.image.registry }}/{{ .Values.controlpanel.image.name }}:{{ .Values.controlpanel.image.tag }} imagePullPolicy: {{ .Values.controlpanel.imagePullPolicy }} ports: - - name: http - containerPort: {{ .Values.controlpanel.service.internalPort }} - protocol: TCP + - containerPort: {{ .Values.controlpanel.service.targetPort1 }} + protocol: TCP + - containerPort: {{ .Values.controlpanel.service.targetPort2 }} + protocol: TCP volumeMounts: - name: configmap mountPath: /maven/application.properties @@ -55,9 +56,14 @@ spec: readOnly: true readinessProbe: tcpSocket: - port: {{ .Values.controlpanel.service.internalPort }} - initialDelaySeconds: 15 - periodSeconds: 15 + port: {{ .Values.controlpanel.service.targetPort1 }} + initialDelaySeconds: {{ .Values.controlpanel.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.controlpanel.liveness.periodSeconds }} + livenessProbe: + tcpSocket: + port: {{ .Values.controlpanel.service.targetPort1 }} + initialDelaySeconds: {{ .Values.controlpanel.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.controlpanel.liveness.periodSeconds }} volumes: - name: configmap configMap: diff --git a/nonrtric/helm/controlpanel/templates/service.yaml b/nonrtric/helm/controlpanel/templates/service.yaml index cf0d36fb..1a61ed75 100644 --- a/nonrtric/helm/controlpanel/templates/service.yaml +++ b/nonrtric/helm/controlpanel/templates/service.yaml @@ -27,10 +27,18 @@ metadata: spec: type: NodePort ports: - - port: {{ .Values.controlpanel.service.internalPort }} - nodePort: {{ .Values.controlpanel.service.externalPort }} + {{if eq .Values.controlpanel.service.allowHttp true -}} + - name: {{ index .Values.controlpanel.service.httpName }} + port: {{ .Values.controlpanel.service.internalPort1 }} + targetPort: {{ .Values.controlpanel.service.targetPort1 }} + nodePort: {{ .Values.controlpanel.service.externalPort1 }} + protocol: TCP + {{- end }} + - name: {{ index .Values.controlpanel.service.httpsName }} + port: {{ .Values.controlpanel.service.internalPort2 }} + targetPort: {{ .Values.controlpanel.service.targetPort2 }} + nodePort: {{ .Values.controlpanel.service.externalPort2 }} protocol: TCP - targetPort: {{ .Values.controlpanel.service.internalPort }} selector: app: {{ include "common.namespace.nonrtric" . }}-{{ include "common.name.controlpanel" . }} release: {{ .Release.Name }} \ No newline at end of file diff --git a/nonrtric/helm/controlpanel/values.yaml b/nonrtric/helm/controlpanel/values.yaml index 23fe2fda..d7a6285d 100644 --- a/nonrtric/helm/controlpanel/values.yaml +++ b/nonrtric/helm/controlpanel/values.yaml @@ -26,5 +26,18 @@ controlpanel: tag: 1.0.0 replicaCount: 1 service: - internalPort: 8080 - externalPort: 30090 + allowHttp: true + httpName: http + internalPort1: 8080 + targetPort1: 8080 + externalPort1: 30091 + httpsName: https + internalPort2: 8081 + targetPort2: 8082 + externalPort2: 30092 + liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + readiness: + initialDelaySeconds: 20 + periodSeconds: 10 diff --git a/nonrtric/helm/policymanagementservice/resources/config/application_configuration.json b/nonrtric/helm/policymanagementservice/resources/config/application_configuration.json index 86379d94..706d0d59 100644 --- a/nonrtric/helm/policymanagementservice/resources/config/application_configuration.json +++ b/nonrtric/helm/policymanagementservice/resources/config/application_configuration.json @@ -3,7 +3,7 @@ "controller": [ { "name": "controller1", - "baseUrl": "http://a1controller:8282", + "baseUrl": "https://a1controller:8383", "userName": "admin", "password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U" } diff --git a/nonrtric/helm/policymanagementservice/templates/deployment.yaml b/nonrtric/helm/policymanagementservice/templates/deployment.yaml index 9f059590..1a541542 100644 --- a/nonrtric/helm/policymanagementservice/templates/deployment.yaml +++ b/nonrtric/helm/policymanagementservice/templates/deployment.yaml @@ -45,13 +45,21 @@ spec: image: {{ .Values.policymanagementservice.image.registry }}/{{ .Values.policymanagementservice.image.name }}:{{ .Values.policymanagementservice.image.tag }} imagePullPolicy: {{ .Values.policymanagementservice.imagePullPolicy }} ports: - - containerPort: {{ .Values.policymanagementservice.service.internalPort }} + - containerPort: {{ .Values.policymanagementservice.service.targetPort1 }} + protocol: TCP + - containerPort: {{ .Values.policymanagementservice.service.targetPort2 }} protocol: TCP readinessProbe: tcpSocket: - port: {{ .Values.policymanagementservice.service.internalPort }} - initialDelaySeconds: 5 - periodSeconds: 15 + port: {{ .Values.policymanagementservice.service.targetPort1 }} + initialDelaySeconds: {{ .Values.policymanagementservice.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.policymanagementservice.liveness.periodSeconds }} + livenessProbe: + httpGet: + path: /status + port: {{ .Values.policymanagementservice.service.targetPort1 }} + initialDelaySeconds: {{ .Values.policymanagementservice.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.policymanagementservice.liveness.periodSeconds }} volumeMounts: - name: {{ include "common.name.policymanagementservice" . }}-policy-conf mountPath: /opt/app/policy-agent/config/application_configuration.json diff --git a/nonrtric/helm/policymanagementservice/templates/service.yaml b/nonrtric/helm/policymanagementservice/templates/service.yaml index f7bde7cd..23586928 100644 --- a/nonrtric/helm/policymanagementservice/templates/service.yaml +++ b/nonrtric/helm/policymanagementservice/templates/service.yaml @@ -26,10 +26,18 @@ metadata: heritage: {{ .Release.Service }} spec: ports: - - name: {{ .Values.policymanagementservice.service.name }} - protocol: TCP - port: {{ .Values.policymanagementservice.service.internalPort }} - nodePort: {{ .Values.policymanagementservice.service.externalPort }} + {{if eq .Values.policymanagementservice.service.allowHttp true -}} + - name: {{ index .Values.policymanagementservice.service.httpName }} + port: {{ .Values.policymanagementservice.service.internalPort1 }} + targetPort: {{ .Values.policymanagementservice.service.targetPort1 }} + nodePort: {{ .Values.policymanagementservice.service.externalPort1 }} + protocol: TCP + {{- end }} + - name: {{ index .Values.policymanagementservice.service.httpsName }} + port: {{ .Values.policymanagementservice.service.internalPort2 }} + targetPort: {{ .Values.policymanagementservice.service.targetPort2 }} + nodePort: {{ .Values.policymanagementservice.service.externalPort2 }} + protocol: TCP selector: app: {{ include "common.namespace.nonrtric" . }}-{{ include "common.name.policymanagementservice" . }} release: {{ .Release.Name }} diff --git a/nonrtric/helm/policymanagementservice/values.yaml b/nonrtric/helm/policymanagementservice/values.yaml index bafe0954..45593cde 100644 --- a/nonrtric/helm/policymanagementservice/values.yaml +++ b/nonrtric/helm/policymanagementservice/values.yaml @@ -25,7 +25,20 @@ policymanagementservice: name: nonrtric-policy-agent tag: 1.0.0 service: - internalPort: 8081 - externalPort: 30091 + allowHttp: true + httpName: http + internalPort1: 9080 + targetPort1: 8081 + externalPort1: 30093 + httpsName: https + internalPort2: 9081 + targetPort2: 8433 + externalPort2: 30094 + liveness: + initialDelaySeconds: 20 + periodSeconds: 10 + readiness: + initialDelaySeconds: 20 + periodSeconds: 10 diff --git a/tools/k8s/etc/infra.rc b/tools/k8s/etc/infra.rc index 1b3da348..1e90a93c 100644 --- a/tools/k8s/etc/infra.rc +++ b/tools/k8s/etc/infra.rc @@ -1,7 +1,16 @@ # modify below for RIC infrastructure (docker-k8s-helm) component versions +# RIC tested INFRA_DOCKER_VERSION="" +INFRA_HELM_VERSION="2.12.3" INFRA_K8S_VERSION="1.16.0" INFRA_CNI_VERSION="0.7.5" +# older RIC tested +#INFRA_DOCKER_VERSION="" +#INFRA_HELM_VERSION="2.12.3" #INFRA_K8S_VERSION="1.13.3" #INFRA_CNI_VERSION="0.6.0" -INFRA_HELM_VERSION="2.12.3" +# ONAP Frankfurt +#INFRA_DOCKER_VERSION="18.09.7" +#INFRA_K8S_VERSION="1.15.9" +#INFRA_CNI_VERSION="0.7.5" +#INFRA_HELM_VERSION="2.16.6" diff --git a/tools/k8s/heat/scripts/k8s_vm_install.sh b/tools/k8s/heat/scripts/k8s_vm_install.sh index 8b8f62de..1ecdb188 100644 --- a/tools/k8s/heat/scripts/k8s_vm_install.sh +++ b/tools/k8s/heat/scripts/k8s_vm_install.sh @@ -131,7 +131,7 @@ if [[ ${UBUNTU_RELEASE} == 16.* ]]; then elif [[ ${UBUNTU_RELEASE} == 18.* ]]; then echo "Installing on Ubuntu $UBUNTU_RELEASE (Bionic Beaver)" if [ ! -z "${DOCKERV}" ]; then - DOCKERVERSION="${DOCKERV}-0ubuntu1~18.04.5" + DOCKERVERSION="${DOCKERV}-0ubuntu1~18.04.4" fi else echo "Unsupported Ubuntu release ($UBUNTU_RELEASE) detected. Exit." @@ -148,8 +148,7 @@ echo "APT::Acquire::Retries \"3\";" > /etc/apt/apt.conf.d/80-retries # install low latency kernel, docker.io, and kubernetes apt-get update - -RES=$(apt-get install -y virt-what curl jq netcat make 2>&1) +RES=$(apt-get install -y virt-what curl jq netcat make ipset 2>&1) if [[ $RES == */var/lib/dpkg/lock* ]]; then echo "Fail to get dpkg lock. Wait for any other package installation" echo "process to finish, then rerun this script" @@ -260,7 +259,7 @@ apiVersion: kubeproxy.config.k8s.io/v1alpha1 kind: KubeProxyConfiguration mode: ipvs EOF - elif [[ ${KUBEV} == 1.16.* ]]; then + elif [[ ${KUBEV} == 1.15.* ]] || [[ ${KUBEV} == 1.16.* ]]; then cat </root/config.yaml apiVersion: kubeadm.k8s.io/v1beta2 kubernetesVersion: v${KUBEV} @@ -314,7 +313,8 @@ EOF mkdir -p .kube cp -i /etc/kubernetes/admin.conf /root/.kube/config chown root:root /root/.kube/config - export KUBECONFIG=/root/.kube/config + export KUBECONFIG=/root/.kube/config + echo "KUBECONFIG=${KUBECONFIG}" >> /etc/environment # at this point we should be able to use kubectl kubectl get pods --all-namespaces @@ -354,7 +354,8 @@ EOF helm init --service-account tiller fi helm init -c - export HELM_HOME="/root/.helm" + export HELM_HOME="$(pwd)/.helm" + echo "HELM_HOME=${HELM_HOME}" >> /etc/environment # waiting for tiller pod to be in running state while ! helm version; do @@ -404,4 +405,4 @@ EOF docker pull ${__RUNRICENV_DOCKER_HOST__}:${__RUNRICENV_DOCKER_PORT__}/whoami:0.0.1 fi -if [ "$(uname -r)" != "4.15.0-45-lowlatency" ]; then reboot; fi \ No newline at end of file +if [ "$(uname -r)" != "4.15.0-45-lowlatency" ]; then reboot; fi