TODO: update/link Running the ONAP Demos
TODO :20171207
- To Conclude Cloud-Config.json for using MultiCloud for creating the Vf Module .
OOM Challenges
-
TODO: update/link Running the ONAP Demos
TODO :20171207
- To Conclude Cloud-Config.json for using MultiCloud for creating the Vf Module .
TODO :20171207
OOM Challenges
- TO have a list of small list of kubectl commands needed for OOM .
...
a.6 vFWCL/vDNS/vLB requires some additional steps to make them pingable .
KubeCtl Commands Commands (OOM Use)
1. Edit the mso-docker.json file
I see two ways of doing this:
- from the pods itself
kubectl --namespace=onap-mso exec -it mso-3784963895-brdxx bash
vi /shared/mso-docker.json
...
16.1 create the user if not created already .<sdnc_ip>:8843/signup
16.2 Once sign up done and then <sdnc_ip>:8843/login
16.3 Add VNF Profile , Important thing to Note is VNF Type to be filled in .
17 . uploading the VNF Topology JSON FIle using SDNC VNF API
17.1SDNC VM – login/password for the SDNC API Access .
username: admin
password: Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U
17.2 Access <sdnc_ip>:8282/apidoc/explorer/index.html on the SDNC VM.
17.3 Click on VNF-API
17.4 Scroll down to the POST /operations/VNF-API:preload-vnf-topology-operation
17.5 filled JSON vFW Files from our environment
{
"input":
{
"request-information":
{
"notification-url":"openecomp.org",
"order-number":"1",
"order-version":"1",
"request-action":"PreloadVNFRequest",
"request-id": "robot20"
},
"sdnc-request-header":
{
"svc-action": "reserve",
"svc-notification-url": "http://openecomp.org:8080/adapters/rest/SDNCNotify",
"svc-request-id":"robot20"
},
"vnf-topology-information":
{
"vnf-assignments":
{
"availability-zones":[],
"vnf-networks":[],
"vnf-vms":[]
},
"vnf-parameters":
[
{"vnf-parameter-name":"vfw_private_ip_2","vnf-parameter-value": "10.0.100.4"},
{"vnf-parameter-name":"public_net_id","vnf-parameter-value": "87cdc31f-362f-4bdc-8b50-a7894ed759e9"},
{"vnf-parameter-name":"key_name","vnf-parameter-value":"onapviokey"},
{"vnf-parameter-name":"pub_key","vnf-parameter-value":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4CegUDC7k2bqru0KkQ2HzSXZMZJ0cJBizQkt82CZ4Z8RlLFbxNwYhcuI67zEEB3PeVGzw6xsDDo0Su9OT1DxzFsLy14yxWI7+4K0kv/FYKw0ULT7UrBi3sjZI+e65Y/YL7tSZxiPHnPSncBFhMqXZT+WpKJF3BPDIpzbgnvbTH0O1OOQPYmN63Z87Alu8abZKCkClwbdmfl1dnEUoIve1/0f8jZTMC/qO1mQt04s59V7HNQyykZ6POSItH/cgjy3HI7e7gr8E/MseK/LOGu0mVPpcay/FcUKxI+u+sZ/GqY5+1nMQKKVnBWhc5P+cRoMMWjlNs7AiJmrnueAbNDLl Generated-by-Nova"},
{"vnf-parameter-name":"repo_url","vnf-parameter-value":"https://nexus.onap.org/content/sites/raw"}
],
"vnf-topology-identifier":
{
"service-type":"7a9ae3bc-caef-4200-a2f7-2afdbaa41e0d",
"generic-vnf-name":"demo4VFWVNF20",
"generic-vnf-type":"c38867a1-c1b8-422f-8808 0",
"vnf-name":"demo4VFWVNF20-1",
"vnf-type":"C38867a1C1b8422f8808..base_vfw..module-0"
}
}
}
}
17.6 filled JSON vLb Files from our environment
{
"input":
{
"request-information":
{
"notification-url":"openecomp.org",
"order-number":"1",
"order-version":"1",
"request-action":"PreloadVNFRequest",
"request-id": "robot20"
},
"sdnc-request-header":
{
"svc-action": "reserve",
"svc-notification-url": "http://openecomp.org:8080/adapters/rest/SDNCNotify",
"svc-request-id":"robot20"
},
"vnf-topology-information":
{
"vnf-assignments":
{
"availability-zones":[],
"vnf-networks":[],
"vnf-vms":[]
},
"vnf-parameters":
[
{"vnf-parameter-name":"public_net_id","vnf-parameter-value": "aa83b3d9-dda6-4106-b776-9280799993ce"},
{"vnf-parameter-name":"vfw_private_ip_2","vnf-parameter-value": "10.0.100.4.100.4"},
{"vnf-parameter-name":"vfw_image_name","vnf-parameter-value": "ubuntu_16.04"},
{"vnf-parameter-name":"key_name","vnf-parameter-value":"onapkey"},
{"vnf-parameter-name":"vfwpub_image_namekey","vnf-parameter-value":"ubuntu_16.04ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4CegUDC7k2bqru0KkQ2HzSXZMZJ0cJBizQkt82CZ4Z8RlLFbxNwYhcuI67zEEB3PeVGzw6xsDDo0Su9OT1DxzFsLy14yxWI7+4K0kv/FYKw0ULT7UrBi3sjZI+e65Y/YL7tSZxiPHnPSncBFhMqXZT+WpKJF3BPDIpzbgnvbTH0O1OOQPYmN63Z87Alu8abZKCkClwbdmfl1dnEUoIve1/0f8jZTMC/qO1mQt04s59V7HNQyykZ6POSItH/cgjy3HI7e7gr8E/MseK/LOGu0mVPpcay/FcUKxI+u+sZ/GqY5+1nMQKKVnBWhc5P+cRoMMWjlNs7AiJmrnueAbNDLl Generated-by-Nova"},
{"vnf-parameter-name":"keyrepo_nameurl","vnf-parameter-value":"onapkeyhttps://nexus.onap.org/content/sites/raw"}
],
"vnf-topology-identifier":
{
"service-type":"7a9ae3bc-caef-4200-a2f7-2afdbaa41e0d",
"generic-vnf-parameter-name":"pub_keydemo4VFWVNF10",
"generic-vnf-parameter-valuetype":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4CegUDC7k2bqru0KkQ2HzSXZMZJ0cJBizQkt82CZ4Z8RlLFbxNwYhcuI67zEEB3PeVGzw6xsDDo0Su9OT1DxzFsLy14yxWI7+4K0kv/FYKw0ULT7UrBi3sjZI+e65Y/YL7tSZxiPHnPSncBFhMqXZT+WpKJF3BPDIpzbgnvbTH0O1OOQPYmN63Z87Alu8abZKCkClwbdmfl1dnEUoIve1/0f8jZTMC/qO1mQt04s59V7HNQyykZ6POSItH/cgjy3HI7e7gr8E/MseK/LOGu0mVPpcay/FcUKxI+u+sZ/GqY5+1nMQKKVnBWhc5P+cRoMMWjlNs7AiJmrnueAbNDLl Generated-by-Nova"},
{"vnf-parameter-name":"repo_url","vnf-parameter-value":"https://nexus.onap.org/content/sites/raw"}
],
"vnf-topology-identifier":
{
"service-type":"7a9ae3bc-caef-4200-a2f7-2afdbaa41e0d",
"generic-vnf-name":"demo4VFWVNF10",
"generic-vnf-type":"c38867a1-c1b8-422f-8808 0",
"vnf-name":"demo4VFWVNF10-1",
"vnf-type":"C38867a1C1b8422f8808..base_vfw..module-0"
}
}
}
}
18. Go To Portal GUI and From VID - create VF Module
18.a SO↔VIM(Openstack/VIO) - This does not use Multi Cloud
c38867a1-c1b8-422f-8808 0",
"vnf-name":"demo4VFWVNF10-1",
"vnf-type":"C38867a1C1b8422f8808..base_vfw..module-0"
}
}
}
}
18. Go To Portal GUI and From VID - create VF Module
18.a SO↔VIM(Openstack/VIO) - This does not use Multi Cloud
a.1 Cloud-Config.JSON inside /etc/mso/config.d
root@mso:/etc/mso/config.d# cat cloud_config.json
{
"cloud_config":
{
"identity_services":
{
"DEFAULT_KEYSTONE":
{
"identity_url": "KEYSTONE_URL",
a.1 Cloud-Config.JSON inside /etc/mso/config.d "mso_id": "onap",
root@"mso:/etc/mso/config.d# cat cloud_config.json_pass": "f8cf78bd37b4e258e85076eabb161977",
{"admin_tenant": "service",
"cloudmember_configrole": "admin",
{
"tenant_metadata": true,
"identity_server_servicestype": "KEYSTONE",
{
"identity_authentication_type": "USERNAME_PASSWORD"
"DEFAULT_KEYSTONE":}
{},
"identitycloud_url": "KEYSTONE_URL",
sites":
{
"mso_idnova": "onap",
"mso_pass": "f8cf78bd37b4e258e85076eabb161977",
{
"adminregion_tenantid": "servicenova",
"member_roleclli": "adminnova",
"tenantaic_metadataversion": true"2.5",
"identity_serverservice_typeid": "DEFAULT_KEYSTONE",
"identity_authentication_type": "USERNAME_PASSWORD"}
}
},
"cloud_sites":}
{
18b. SO<->MultiCloud↔(Openstack/VIO ) - This interaction is via MultiCloud
TBConfirmed - "nova":MultiCloud Configuration in SO .
{
"regioncloud_idconfig": "nova",
"clli": "nova",{
"aicidentity_versionservices": "2.5",
"identity_service_id": "DEFAULT_KEYSTONE"{
}"DEFAULT_KEYSTONE":
}{
}
}"identity_url": "http://10.0.14.1/api/multicloud/v0/vmware_vio/identity/v2.0",
root@"mso:/etc/mso/config.d#_id": "onap",
18b. SO<->MultiCloud↔(Openstack/VIO ) - This interaction is via MultiCloud
TBConfirmed - MultiCloud Configuration in SO .
"mso_pass": "f8cf78bd37b4e258e85076eabb161977",
{"admin_tenant": "service",
"cloudmember_configrole": "admin",
{ "tenant_metadata": true,
"identity_server_servicestype": "KEYSTONE",
{
"identity_authentication_type": "USERNAME_PASSWORD"
"DEFAULT_KEYSTONE":}
{},
"identitycloud_url": sites"http://10.0.14.1/api/multicloud/v0/vmware_vio/identity/v2.0",
"mso_id": "onap",
{
"mso_passnova": "f8cf78bd37b4e258e85076eabb161977",
"admin_tenant": "service",{
"memberregion_roleid": "adminnova",
"tenant_metadataclli": true"nova",
"identityaic_server_typeversion": "KEYSTONE2.5",
"identity_authenticationservice_typeid": "USERNAMEDEFAULT_PASSWORDKEYSTONE"
}
},
"cloud_sites":}
{ }
"nova":
{
"region_id": "nova",
"clli": "nova",
"aic_version": "2.5",
"identity_service_id": "DEFAULT_KEYSTONE"
}
}
}
}
18.2 registering MultiCloud to AAI-ESR
There are two ways to register a VIM to A&AI
You can register VIM from esr gui http://MSB_SERVER_IP:80/iui/aai-esr-gui/extsys/vim/vimView.html . For the ESR usage detail you can refer to http://onap.readthedocs.io/en/latest/submodules/aai/esr-gui.git/docs/platform/installation.html.
2. Register VIM with the API from A&AI, here is an example
PUT https://A&AI_SERVER_IP:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/ZTE/region-one
Authorization:
header:
body:
{
"cloud-owner": "ZTE",
"cloud-region-id": "region-one",
"cloud-type": "openstack",
"owner-defined-type": "owner-defined-type",
"cloud-region-version": "ocata",
"cloud-zone": "cloud zone",
"complex-name": "complex name",
"sriov-automation": false,
"cloud-extra-info": "cloud-extra-info",
"esr-system-info-list": {
"esr-system-info": [
{
"esr-system-info-id": "432ac032-e996-41f2-84ed-9c7a1766eb29",
"service-url": "http://10.74.151.22:5000/v2.0",18.2 registering MultiCloud to AAI-ESR
There are two ways to register a VIM to A&AI
You can register VIM from esr gui http://MSB_SERVER_IP:80/iui/aai-esr-gui/extsys/vim/vimView.html . For the ESR usage detail you can refer to http://onap.readthedocs.io/en/latest/submodules/aai/esr-gui.git/docs/platform/installation.html.
2. Register VIM with the API from A&AI, here is an example
PUT https://A&AI_SERVER_IP:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/ZTE/region-one
Authorization:
header:
body:
{
"cloud-owner": "ZTE",
"cloud-region-id": "region-one",
"cloud-type": "openstack",
"owner-defined-type": "owner-defined-type",
"cloud-region-version": "ocata",
"cloud-zone": "cloud zone",
"complex-name": "complex name",
"sriov-automation": false,
"cloud-extra-info": "cloud-extra-info",
"esr-system-info-list": {
"esr-system-info": [
{
"esr-system-info-id": "432ac032-e996-41f2-84ed-9c7a1766eb29",
"service-url": "http://10.74.151.22:5000/v2.0",
"user-name": "admin",
"password": "admin",
"system-type": "VIM",
"ssl-insecure": true,
"cloud-domain": "cloud-domain"
}
]
}
}
19. vFW Network Topology
20 Additional Step For vFWCL on VIO 20171207-
1- for each of the network - i create Router in the horizon .
2 . I update /etc/resolve.conf in firewall VM to point to external DNS (10.112.64.1 ) So that VM Can reach out to Open Internet .
3. Check on Horizon under the network to see if the Gateway IP address of the subnet/network is showen as "router:interface"
4 Since we are updating the network given in the sdnc preload - please make sure you login to each VM (Firewall VM , Sink VM and PktGen VM )
4.1 Login using tenant network and remove every other network .
4.2 once logged into VM update the ip address and cidr files present in /opt/config in each VM
"user-name": "admin",
"password": "admin",
4.3 also update the /etc/network/interfaces files for eth1 , eth2 for Sink and PktGen VM and eth1 ,eth2 , eth3 for Firewall VM .
"system-type": "VIM",
"ssl-insecure": true,
"cloud-domain": "cloud-domain" 4.4 attach the Network via Horizon to each of these VM for Firewall VM , try disabling the v_firewall_install.sh and v_firewall_init.sh after running these script onces .
}
]
}
}
19. vFW Network Topology
toConfirm 20171203-
1- for each of the network - i create Router in the horizon .
2 . I update /etc/resolve.conf in each VM to point to external DNS So that VM Can reach out to Open Internet .
3.
4. Sink VM and PktGen VM are generally able to ping on Tenant and ONAP OOM network including Robot VM .
4 5 Sink VM can ping the protected network gateway .
56. PktGen can not can ping unprotected network gateway .
67. firewall VM Can not ping Gateway of ONAP OOM , Protected and unprotected ..
tocompare with 20171205
Network Toplogy Example from a successful vFWCL Lab Lab on Openstack /OOM
2. Nothing was done as in doing additional steps .
3. 667 Port was not open on Sink VM in successful vFW Demo case .
19 .TODO – Issues faced from step13 to Step18 and workaround used .
...