From: sebdet Date: Thu, 16 Dec 2021 15:12:09 +0000 (+0100) Subject: Fix ORU-APP https X-Git-Tag: f-release~17^2 X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?p=it%2Fdep.git;a=commitdiff_plain;h=7c43af18d5c739aadfd74942b0fa360869007332 Fix ORU-APP https Fix the ORU_APP https connection to SDNC with AAF certificates + Update OOM pointer to latest istanbul (required as containing the AAF fix) Issue-ID: NONRTRIC-613 Signed-off-by: xuegao Signed-off-by: sebdet Change-Id: I596b31ec07ae1eae2192780a22a1409b34f6713e --- diff --git a/bin/verify-smo-install b/bin/verify-smo-install index b98f2682..dacef3b3 100755 --- a/bin/verify-smo-install +++ b/bin/verify-smo-install @@ -24,4 +24,8 @@ set -x $IT_DEP_FOLDER/scripts/layer-0/0-setup-charts-museum.sh $IT_DEP_FOLDER/scripts/layer-0/0-setup-helm3.sh +git -C $IT_DEP_FOLDER submodule init +git -C $IT_DEP_FOLDER submodule update +# Some ORAN charts have onap dependencies (for AAF) +$IT_DEP_FOLDER/scripts/sub-scripts/build-onap.sh $IT_DEP_FOLDER/scripts/sub-scripts/build-oran.sh diff --git a/ci/Dockerfile-smo-install b/ci/Dockerfile-smo-install index 148644b9..58d82958 100644 --- a/ci/Dockerfile-smo-install +++ b/ci/Dockerfile-smo-install @@ -21,5 +21,6 @@ RUN apt-get update && apt-get -y install curl ca-certificates wget ARG TGT=/tmp/it-dep COPY . $TGT +RUN ls -latr /tmp/it-dep # Remove the smo-install as this one will be verified in another verify job RUN $TGT/bin/verify-smo-install diff --git a/smo-install/onap_oom b/smo-install/onap_oom index 865cde01..50c285b5 160000 --- a/smo-install/onap_oom +++ b/smo-install/onap_oom @@ -1 +1 @@ -Subproject commit 865cde019d04f0d470c4a3064c5a0c619c25636b +Subproject commit 50c285b56ae6198420ea3afcfe37086b8a4e9fcf diff --git a/smo-install/oran_oom/nonrtric/requirements.yaml b/smo-install/oran_oom/nonrtric/requirements.yaml index 4fd72e73..a2d81b95 100644 --- a/smo-install/oran_oom/nonrtric/requirements.yaml +++ b/smo-install/oran_oom/nonrtric/requirements.yaml @@ -73,3 +73,8 @@ dependencies: version: ~1.0.0 repository: "@local" condition: nonrtric.installDmaapadapterservice + + - name: cert-wrapper + version: ~9.x-0 + repository: '@local' + condition: cert-wrapper.enabled \ No newline at end of file diff --git a/smo-install/oran_oom/nonrtric/values.yaml b/smo-install/oran_oom/nonrtric/values.yaml index d30c241c..568e125a 100644 --- a/smo-install/oran_oom/nonrtric/values.yaml +++ b/smo-install/oran_oom/nonrtric/values.yaml @@ -39,3 +39,5 @@ kong: installCRDs: false admin: enabled: true +cert-wrapper: + enabled: true \ No newline at end of file diff --git a/smo-install/oran_oom/oru-app/requirements.yaml b/smo-install/oran_oom/oru-app/requirements.yaml new file mode 100644 index 00000000..c51ac3df --- /dev/null +++ b/smo-install/oran_oom/oru-app/requirements.yaml @@ -0,0 +1,27 @@ +# Copyright © 2021 AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +dependencies: + - name: common + version: ~9.x-0 + repository: '@local' + - name: certInitializer + version: ~9.x-0 + repository: '@local' + - name: repositoryGenerator + version: ~9.x-0 + repository: '@local' + - name: serviceAccount + version: ~9.x-0 + repository: '@local' diff --git a/smo-install/oran_oom/oru-app/templates/deployment.yaml b/smo-install/oran_oom/oru-app/templates/deployment.yaml index c3f5603a..d5df28e8 100644 --- a/smo-install/oran_oom/oru-app/templates/deployment.yaml +++ b/smo-install/oran_oom/oru-app/templates/deployment.yaml @@ -17,7 +17,11 @@ spec: name: oru-app release: {{ .Release.Name }} chart: {{ .Chart.Name }} - spec: + spec: + initContainers: + {{- if .Values.global.aafEnabled }} + {{ include "common.certInitializer.initContainer" . | indent 6 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}/{{ .Values.image.name}}:{{ .Values.image.tag }}" @@ -25,24 +29,33 @@ spec: tty: true stdin: true env: - - name: CURL_CA_BUNDLE - value: '' + - name: REQUESTS_CA_BUNDLE + value: "{{ .Values.conf.caCertificate }}" envFrom: - configMapRef: name: oru-app-configmapenv volumeMounts: - - name: oru-app-config-volume - subPath: o-ru-to-o-du-map.txt - mountPath: /usr/src/app/o-ru-to-o-du-map.txt + {{- if .Values.global.aafEnabled }} + {{ include "common.certInitializer.volumeMount" . | nindent 10 }} + {{- end }} + - name: oru-app-config-volume + subPath: o-ru-to-o-du-map.txt + mountPath: /usr/src/app/o-ru-to-o-du-map.txt securityContext: capabilities: add: - SYS_ADMIN - SYS_PTRACE - volumes: - - name: oru-app-config-volume - configMap: - name: oru-app-configmap - items: - - key: o-ru-to-o-du-map.txt - path: o-ru-to-o-du-map.txt + {{- if .Values.global.aafEnabled }} + serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . ) }} + {{- end }} + volumes: + {{- if .Values.global.aafEnabled }} + {{ include "common.certInitializer.volumes" . | nindent 6 }} + {{- end }} + - name: oru-app-config-volume + configMap: + name: oru-app-configmap + items: + - key: o-ru-to-o-du-map.txt + path: o-ru-to-o-du-map.txt diff --git a/smo-install/oran_oom/oru-app/values.yaml b/smo-install/oran_oom/oru-app/values.yaml index 6d92c37a..d98eff62 100644 --- a/smo-install/oran_oom/oru-app/values.yaml +++ b/smo-install/oran_oom/oru-app/values.yaml @@ -6,12 +6,40 @@ image: tag: 1.0.0 pullPolicy: IfNotPresent +global: + aafEnabled: true + service: type: NodePort ports: port: 830 nodePort: 30835 +certInitializer: + readinessCheck: + namespace: "onap" + aaf_namespace: "onap" + nameOverride: oru-app-cert-initializer + fqdn: "sdnc" + app_ns: "org.osaaf.aaf" + fqi: "sdnc@sdnc.onap.org" + fqi_namespace: "org.onap.sdnc" + public_fqdn: "sdnc.onap.org" + aafDeployFqi: "deployer@people.osaaf.org" + aafDeployPass: demo123456! + cadi_latitude: "38.0" + cadi_longitude: "-72.0" + addconfig: true + credsPath: /opt/app/osaaf/local + aaf_add_config: > + cd /opt/app/osaaf/local; + mkdir -p certs; + export $(/opt/app/aaf_config/bin/agent.sh local showpass | grep '^c' | xargs -0); + keytool -exportcert -rfc -file certs/cacert.pem -keystore {{ .Values.fqi_namespace }}.trust.jks -alias ca_local_0 -storepass $cadi_truststore_password; + openssl pkcs12 -in {{ .Values.fqi_namespace }}.p12 -out certs/cert.pem -passin pass:$cadi_keystore_password_p12 -passout pass:$cadi_keystore_password_p12; + cp {{ .Values.fqi_namespace }}.key certs/key.pem; + chmod -R 755 certs; + simulators: - simRu: o-ru-11221 simDu: o-du-1122 @@ -22,4 +50,10 @@ conf: sdnrHost: https://sdnc.onap sdnrPort: 8443 verbose: on - + caCertificate: /opt/app/osaaf/local/certs/cacert.pem + +#Pods Service Account +serviceAccount: + nameOverride: oru-app + roles: + - read \ No newline at end of file