stx-sdo-armada-app + build fix

This is the Final commit for the feature testing.

- centos files: files related with the infra and docker images
- rst files: files with doc about SDO-rv-app
- stx-sdo-helm folder: files related with helm charts and
  the app creation

  NOTE: Tested on BUILD_ID="20210202T000311Z"

Story: 2008117
Task: 41489
Closes-Bug: 1917330

Change-Id: I59ae8186b8def756d2cd72f3a39c618a54ccc6d9
Signed-off-by: Poornima <poornima.y.n@intel.com>

.gitignore

@@ -0,0 +1,3 @@
+.vscode
+*.egg-info
+.tox

CONTRIBUTING.rst

@@ -0,0 +1,16 @@
+If you would like to contribute to the development of OpenStack,
+you must follow the steps in this page:
+
+   https://docs.openstack.org/infra/manual/developers.html
+
+Once those steps have been completed, changes to OpenStack
+should be submitted for review via the Gerrit tool, following
+the workflow documented at:
+
+   https://docs.openstack.org/infra/manual/developers.html#development-workflow
+
+Pull requests submitted through GitHub will be ignored.
+
+Bugs should be filed in Launchpad:
+
+   https://bugs.launchpad.net/starlingx

HACKING.rst

@@ -0,0 +1,17 @@
+StarlingX SDO-rv-service Style Commandments
+================================================================
+
+- Step 1: Read the OpenStack style commandments
+  https://docs.openstack.org/hacking/latest/
+- Step 2: Read on
+
+SDO-rv-service Specific Commandments
+---------------------------------------------------------
+
+None so far
+
+Running tests
+-------------
+The approach to running tests is to simply run the command ``tox``. This will
+create virtual environments, populate them with dependencies and run all of
+the tests that OpenStack CI systems run.

centos_build_layer.cfg

@@ -0,0 +1 @@
+flock

centos_pkg_dirs

@@ -0,0 +1 @@
+stx-sdo-helm

github_sync.trigger

@@ -0,0 +1,2 @@
+# to trigger the upload job to sync to GitHub
+1

stx-sdo-helm/centos/build_srpm.data

@@ -0,0 +1,3 @@
+SRC_DIR="stx-sdo-helm"
+
+TIS_PATCH_VER=PKG_GITREVCOUNT

stx-sdo-helm/centos/stx-sdo-helm.spec

@@ -0,0 +1,60 @@
+%global helm_folder  /usr/lib/helm
+%global armada_folder  /usr/lib/armada
+%global app_folder  /usr/lib/application
+%global toolkit_version 0.1.0
+%global helmchart_version 0.1.0
+
+Summary: StarlingX SDO Application Helm charts
+Name: stx-sdo-helm
+Version: 1.0
+Release: %{tis_patch_ver}%{?_tis_dist}
+License: Apache-2.0
+Group: base
+Packager: Intel
+URL: unknown
+
+Source0: %{name}-%{version}.tar.gz
+
+BuildArch: noarch
+
+BuildRequires: helm
+BuildRequires: chartmuseum
+BuildRequires: openstack-helm-infra
+
+%description
+StarlingX SDO Application Helm charts
+
+%prep
+%setup
+
+%build
+# Stage helm-toolkit in the local repo
+cp %{helm_folder}/helm-toolkit-%{toolkit_version}.tgz helm-charts/
+
+# Host a server for the charts
+chartmuseum --debug --port=8879 --context-path='/charts' --storage="local" --storage-local-rootdir="./helm-charts" &
+sleep 2
+helm repo add local http://localhost:8879/charts
+
+# Make the charts. These produce a tgz file
+cd helm-charts
+make sdo
+cd -
+
+# terminate helm server (the last backgrounded task)
+kill %1
+
+%install
+# helm_folder is created by openstack-helm-infra
+install -d -m 755 ${RPM_BUILD_ROOT}%{app_folder}
+install -p -D -m 755 files/metadata.yaml ${RPM_BUILD_ROOT}%{app_folder}
+install -d -m 755 ${RPM_BUILD_ROOT}%{helm_folder}
+install -p -D -m 755 helm-charts/*.tgz ${RPM_BUILD_ROOT}%{helm_folder}
+install -d -m 755 ${RPM_BUILD_ROOT}%{armada_folder}
+install -p -D -m 755 manifests/*.yaml ${RPM_BUILD_ROOT}%{armada_folder}
+
+%files
+%defattr(-,root,root,-)
+%{helm_folder}/*
+%{armada_folder}/*
+%{app_folder}/*

stx-sdo-helm/stx-sdo-helm/README

@@ -0,0 +1,5 @@
+This directory contains all StarlingX charts that need to be built for this
+application. Some charts are common across applications. These common charts
+reside in the stx-config/kubernetes/helm-charts directory. To include these in
+this application update the build_srpm.data file and use the COPY_LIST_TO_TAR
+mechanism to populate these common charts.

stx-sdo-helm/stx-sdo-helm/files/index.yaml

@@ -0,0 +1,3 @@
+apiVersion: v1
+entries: {}
+generated: 2019-01-07T12:33:46.098166523-06:00

stx-sdo-helm/stx-sdo-helm/files/metadata.yaml

@@ -0,0 +1 @@
+maintain_user_overrides: true

stx-sdo-helm/stx-sdo-helm/files/repositories.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+generated: 2019-01-02T15:19:36.215111369-06:00
+repositories:
+- caFile: ""
+  cache: /builddir/.helm/repository/cache/local-index.yaml
+  certFile: ""
+  keyFile: ""
+  name: local
+  password: ""
+  url: http://127.0.0.1:8879/charts
+  username: ""

stx-sdo-helm/stx-sdo-helm/helm-charts/Makefile

@@ -0,0 +1,43 @@
+#
+# Copyright 2017 The Openstack-Helm Authors.
+#
+# Copyright (c) 2020 Intel Corporation, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# It's necessary to set this because some environments don't link sh -> bash.
+SHELL := /bin/bash
+TASK  := build
+
+EXCLUDES := helm-toolkit doc tests tools logs tmp
+CHARTS := helm-toolkit $(filter-out $(EXCLUDES), $(patsubst %/.,%,$(wildcard */.)))
+
+.PHONY: $(EXCLUDES) $(CHARTS)
+
+all: $(CHARTS)
+
+$(CHARTS):
+	@if [ -d $@ ]; then \
+		echo; \
+		echo "===== Processing [$@] chart ====="; \
+		make $(TASK)-$@; \
+	fi
+
+init-%:
+	if [ -f $*/Makefile ]; then make -C $*; fi
+	if [ -f $*/requirements.yaml ]; then helm dep up $*; fi
+
+lint-%: init-%
+	if [ -d $* ]; then helm lint $*; fi
+
+build-%:
+	if [ -d $* ]; then helm package $*; fi
+
+clean:
+	@echo "Clean all build artifacts"
+	rm -f */templates/_partials.tpl */templates/_globals.tpl
+	rm -f *tgz */charts/*tgz */requirements.lock
+	rm -rf */charts */tmpcharts
+
+%:
+	@:

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/.helmignore

@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+appVersion: "1.0"
+description: SDO RV service
+name: sdo
+version: 1.0.0

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/templates/_helpers.tpl

@@ -0,0 +1,33 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sdo.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this
+(by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sdo.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "sdo.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/templates/redis.yml

@@ -0,0 +1,36 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: redis
+  template:
+    metadata:
+      name: redis
+      labels:
+        app: redis
+    spec:
+      containers:
+      - name: redis
+        image: {{ .Values.images.tags.redisimage }}
+        ports:
+         - containerPort: 6379
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: redis
+spec:
+  type: NodePort
+  selector:
+    app: redis
+  ports:
+    - name: redis-port
+      port: 6379
+      targetPort: 6379
+      nodePort: 31118
+

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/templates/u-rendezvous-service.yml

@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: rv.deploy
+  labels:
+    app: sdo-rv
+    release: {{ .Release.Name }}
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: RV-Service
+  template:
+    metadata:
+      name: rv.pod
+      labels:
+        app: RV-Service
+    spec:
+      initContainers:
+      - name: init-redis
+        image: busybox:1.28
+        command: ['sh', '-c', "until nslookup redis.$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace).svc.cluster.local; do echo waiting for redis; sleep 2; done"]
+      containers:
+      - name: u-rendezvous-service
+        image: {{ .Values.images.tags.rv }}
+        imagePullPolicy: IfNotPresent
+        ports:
+         - containerPort: 8000
+         - containerPort: 8001
+        env:
+          - name: RENDEZVOUS_SIGNATUREVERIFICATION
+            value: {{ .Values.env.rv_var.RV_SIGNATUREVERIFICATION | quote }}
+          - name: RENDEZVOUS_OPKEYVERIFICATION
+            value: {{ .Values.env.rv_var.RV_OPKEYVERIFICATION | quote }}
+          - name: RENDEZVOUS_TOTOKENEXPIRATIONTIME
+            value: {{ .Values.env.rv_var.RV_TOTOKENEXPIRATIONTIME | quote }}
+          - name: RENDEZVOUS_OWNERSHIPVOUCHERMAXENTRIES
+            value: {{ .Values.env.rv_var.RV_OWNERSHIPVOUCHERMAXENTRIES | quote }}
+          - name: RENDEZVOUS_WAITSECONDSLIMIT
+            value: {{ .Values.env.rv_var.RV_WAITSECONDSLIMIT | quote }}
+          - name: REDIS_HOST
+            value: {{ .Values.env.rv_var.REDIS_HOST | quote }}
+          - name: REDIS_PORT
+            value: {{ .Values.env.rv_var.REDIS_PORT | quote }}
+          - name: RENDEZVOUS_VERIFICATIONSERVICEHOST
+            value: {{ .Values.env.rv_var.RV_VERIFICATIONSERVICEHOST | quote }}
+          - name: SSL_TRUST_STORE_PASSWORD
+            value: {{ .Values.env.rv_var.SSL_TRUST_STORE_PASSWORD | quote }}
+          - name: SSL_KEY_STORE_PASSWORD
+            value: {{ .Values.env.rv_var.SSL_KEY_STORE_PASSWORD | quote }}
+          - name: http_proxy
+            value:
+          - name: https_proxy
+            value:
+        volumeMounts:
+        - name: sdo-trust-store-config
+          mountPath: /home/sdouser/certs/trustedRootCA.jks
+        - name: sdo-key-store-config
+          mountPath: /home/sdouser/certs/ssl.jks
+
+      volumes:
+      - name: sdo-trust-store-config
+        configMap:
+        hostPath:
+          path: /home/sysadmin/certs/rendezvous-trusterRootCA.jks
+      - name: sdo-key-store-config
+        configMap:
+        hostPath:
+          path: /home/sysadmin/certs/rendezvous-keystore.jks
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: rvdeploy-int
+spec:
+  type: NodePort
+  selector:
+    app: RV-Service
+  ports:
+    - name: rendezvous-port
+      port: 8000
+      targetPort: 8000
+    - name: rendezvous-port2
+      port: 8001
+      targetPort: 8001
+      nodePort: 31117

stx-sdo-helm/stx-sdo-helm/helm-charts/sdo/values.yaml

@@ -0,0 +1,30 @@
+images:
+  tags:
+    rv: 15201086/rendezvous-service:1.10
+    redisimage: 15201086/redis:050220213WKAgo
+env:
+  rv_var:
+    RV_SIGNATUREVERIFICATION: "true"
+    RV_OPKEYVERIFICATION: "true"
+    RV_TOTOKENEXPIRATIONTIME: "15"
+    RV_OWNERSHIPVOUCHERMAXENTRIES: "10"
+    RV_WAITSECONDSLIMIT: "2419200"
+    REDIS_HOST: "redis"
+    REDIS_PORT: "6379"
+    SSL_TRUST_STORE_PASSWORD: "123456"
+    SSL_KEY_STORE_PASSWORD: "123456"
+
+    # To use Verification Service in the Cloud change RENDEZVOUS_VERIFICATIONSERVICEHOST variable to point to proper address and set PROXY for SDO service if needed
+# Do not set http_proxy and https_proxy if you use local Verification Service
+# Non-production environment cloud verification sevice:(commented for now)re-enable when required
+#RV_VERIFICATIONSERVICEHOST: "https://verify.epid-sbx.trustedservices.intel.com"
+# Production environment cloud verification sevice:
+# RENDEZVOUS_VERIFICATIONSERVICEHOST=https://verify.epid.trustedservices.intel.com:443
+# RENDEZVOUS_VERIFICATIONSERVICEHOST=https://u-verification-service:1180
+# http_proxy=
+# https_proxy=
+
+# Default values for helm.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+

stx-sdo-helm/stx-sdo-helm/manifests/sdo_manifest.yaml

@@ -0,0 +1,45 @@
+---
+schema: armada/Chart/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sdo
+data:
+  chart_name: sdo
+  release: sdo
+  namespace: stx-sdo
+  source:
+    location: http://172.17.0.1:8080/helm_charts/starlingx/sdo-1.0.0.tgz
+    subpath: sdo
+    type: tar
+    reference: master
+  wait:
+    timeout: 1800
+  install:
+    no_hooks: false
+  upgrade:
+    no_hooks: false
+    pre:
+      delete:
+        - type: job
+          labels:
+            app: sdo
+  dependencies: []
+---
+schema: armada/ChartGroup/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sdo
+data:
+  description: "StarlingX SDO"
+  sequenced: false
+  chart_group:
+    - sdo
+---
+schema: armada/Manifest/v1
+metadata:
+  schema: metadata/Document/v1
+  name: sdo-manifest
+data:
+  release_prefix: rv
+  chart_groups:
+    - sdo

test-requirements.txt

@@ -1,3 +1,2 @@
-# hacking pulls in flake8
-hacking!=0.13.0,<0.14,>=0.12.0 # Apache-2.0
-bashate >= 0.2
+# nothing
+#To be added If there are one