Requirements No | Requirements Description | Implemented or Not In VNFSDK |
---|---|---|
R-87234 | The VNF package provided by a VNF vendor **MAY** be either with TOSCA-Metadata directory (CSAR Option 1) or without TOSCA-Metadata directory (CSAR Option 2) as specified in ETSI GS NFV-SOL004. On-boarding entity (ONAP SDC) must support both options. **Note:** SDC supports only the CSAR Option 1 in Casablanca. The Option 2 will be considered in future ONAP releases,VNFMAYVNF Package Structure and Format | No |
R-01123 | The VNF package Manifest file MUST contain: VNF package meta-data, a list of all artifacts (both internal and external) entry’s including their respected URI’s, an algorithm to calculate a digest and a digest result calculated on the content of each artifacts, as specified in ETSI GS NFV-SOL004. The VNF Package MUST include VNF Identification Data to uniquely identify the resource for a given VNF provider. The identification data must include: an identifier for the VNF, the name of the VNF as was given by the VNF provider, VNF description, VNF provider, and version. | |
R-21322 | The VNF provider MUST provide their testing scripts to support testing as specified in ETSI NFV-SOL004 - Testing directory in CSAR | |
R-40820 | The VNF provider MUST enumerate all of the open source licenses their VNF(s) incorporate. CSAR License directory as per ETSI SOL004. for example ROOT\Licenses\ License_term.txt | |
R-35854 | The VNF Descriptor (VNFD) provided by VNF vendor MUST comply with TOSCA/YAML based Service template for VNF descriptor specified in ETSI NFV-SOL001. Note: As the ETSI NFV-SOL001 is work in progress the below tables summarizes the TOSCA definitions agreed to be part of current version of NFV profile and that VNFD MUST comply with in ONAP Release 2+ Requirements. | |
R-65486 | The VNFD MUST comply with ETSI GS NFV-SOL001 document endorsing the above mentioned NFV Profile and maintaining the gaps with the requirements specified in ETSI GS NFV-IFA011 standard. | |
R-17852 | The VNFD MAY include TOSCA/YAML definitions that are not part of NFV Profile. If provided, these definitions MUST comply with TOSCA Simple Profile in YAML v.1.2. | |
R-46527 | A VNFD is a deployment template which describes a VNF in terms of deployment and operational behavior requirements. It contains virtualized resources (nodes) requirements as well as connectivity and interfaces requirements and MUST comply with info elements specified in ETSI GS NFV-IFA 011. The main parts of the VNFD are the following:
Note: The deployment aspects (deployment flavour etc.) are postponed for future ONAP releases.
| |
R-15837 | The table defines the major TOSCA Types specified in ETSI NFV-SOL001 standard draft. The VNFD provided by a VNF vendor MUST comply with the below definitions | |
R-26885 | The VNF provider MUST provide the binaries and images needed to instantiate the VNF (VNF and VNFC images) either as:
Note: Currently, ONAP doesn’t have the capability of Image management, we upload the image into VIM/VNFM manually. | |
R-51347 | The VNF package **MUST** be arranged as a CSAR archive as specified in TOSCA Simple Profile in YAML 1.2. VNF MUST VNF Package Structure and Format | No |
R-10087 | The VNF package **MUST** contain all standard artifacts as specified in ETSI GS NFV-SOL004 including Manifest file, VNFD (or Main TOSCA/YAML based Service Template) and other optional artifacts. CSAR Manifest file as per SOL004 - for example ROOT\\ **MainServiceTemplate.mf** VNF MUST VNF Package Contents | No |
R-02454 | The VNF MUST support the existence of multiple major/minor versions of the VNF software and/or sub-components and interfaces that support both forward and backward compatibility to be transparent to the Service Provider usage. | Yes |
R-04298 | The xNF provider MUST provide their testing scripts to support testing. | Yes |
R-07879 | The VNF Package MUST include all relevant playbooks to ONAP to be loaded on the Ansible Server. Note: Only applicable if the VNF providers claim this product support Chef, Ansible. | Yes |
R-09467 | The VNF MUST utilize only NCSP standard computing resource profile (CPU, Disk, Memory, etc.) compute flavors. | Yes |
R-13390 | The VNF Package MUST include a cookbook to be loaded on the appropriate server if the VNF is managed via Chef. Note: Only applicable if the VNF providers claim this product support Chef, Ansible. | Yes |
R-23823 | The VNF Package MUST include appropriate credentials so that ONAP can interact with the Chef Server | Yes |
R-26881 | The VNF provider MUST provide the binaries and images needed to instantiate the VNF (VNF and VNFC images). | Yes |
R-27310 | The VNF Package MUST include all relevant Chef artifacts (roles/cookbooks/recipes) required to execute VNF actions requested by ONAP for loading on appropriate Chef Server. Note: Only applicable if the VNF providers claim this product support Chef, Ansible. | Yes |
R-35851 | The VNF Package MUST include VNF topology that describes basic network and application connectivity internal and external to the VNF including Link type, KPIs, Bandwidth, latency, jitter, QoS (if applicable) for each interface. | Yes |
R-40293 | The VNF MUST make available (or load on VNF Ansible Server) playbooks that conform to the ONAP requirement. Note: Only applicable if the VNF providers claim this product support Chef, Ansible. | Yes |
R-43958 | The VNF Package MUST include documentation describing the tests that were conducted by the VNF provider and the test results. | Yes |
R-66070 | The VNF Package MUST include VNF Identification Data to uniquely identify the resource for a given VNF provider. The identification data must include: an identifier for the VNF, the name of the VNF as was given by the VNF provider, VNF description, VNF provider, and version. | Yes |
R-77707 | The VNF provider MUST include a Manifest File that contains a list of all the components in the VNF package. | Yes |
R-77786 | The VNF Package MUST include all relevant cookbooks to be loaded on the ONAP Chef Server. Note: Only applicable if the VNF providers claim this product support Chef, Ansible. | Yes |
...
Test Case | Description | Implemented or Not In VNFSDK | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Manifest File check | Verifies the MANIFEST file (MainServiceTemplate.mf) and checks that the defined directories of the PNF package against the manifest file. The following VNFRQTS JIRA items contribute this this requirement: R-10087: | |||||||||||||||||
TOSCA MetaFile LICENSE Term File Exists Check | VNF SDK will check a License Term File Check in the PNF package. TOSCA meta file points to a License. Just a check that the file exists no content check at all. | |||||||||||||||||
TOSCA MetaFile CERTIFICATE Check | (Test only) CERTIFICATE check. In the PNF package it is expected that there will be MainServiceTemplate.cert. This is mentioned in the TOSCA MetaFile. For example, in the TOSCA MetaFile, it could be mentioned "Entry-Certificate: Artifacts/resource-gnodeb-template.cert". And VNF SDK would check to make sure that the resource-gnodeb-template.cert file exists in the mentioned directory, the Artifacts in this case. VNF SDK does not look inside this file. (Needs Investigation) SOL004 has option 1 (signing each artifact individually / individual digest) and option 2 (sign entire package). It would be nice if VNF SDK supported both Option 1 and Option 2. | |||||||||||||||||
SOL004 PNF Tags | Check keywords. needs VNF SDK to check the PNF keywords. in the MainServiceTemplate.mf there are new tags:
and the NON ETSI MANO artifact tags public tags. These public tags are under the "non_mano_artifact_sets". This would be NEW development in VNF SDK. An example Manifest file is shown in this diagram: metadata:pnf_product_name: gNBpnf_provider_id: Ericssonpnf_package_version:1.0pnf_release_date_time:2018-12-03T08:44:00-05:00non_mano_artifact_sets:onap_ves_events:source: Artifacts/Deployment/Events/VES_registration.yamlonap_pm_dictionary:source: Artifacts/Deployment/Measurements/PM_Dictionary.yamlonap_yang_module:source: Artifacts/Deployment/Yang_module/Yang_module.yamlonap_others:source: Artifacts/Informational/scripts/install.shsource: Artifacts/Informational/user_guide.txtsource: Artifacts/Other/installation_guide.txtsource: Artifacts/Other/review_log.txt which shows the use of some of these fields. ASSOCIATED DEVELOPMENT: VNFSDK-339 - Support PNF CSAR structure based SOL004 OPEN | |||||||||||||||||
VALIDATION FOR META DATA CHECK | Following ETSI SOL004 Validation for Meta-Data file and Manufacturer file, this is the TOSCA.meta file that is part of the PNF Package. Both VNF SDK implementing only meta-data option, in the package there is a meta file. Check TOSCA.meta, while this file is not mandatory, when it is included that it follows the SOL004 standard (ETSI). We expect that "TOSCA-Meta-Version" and "CSAR-Version" and "Created by" are already supported, and new checks for "Entry definition, Entry-manifest, Entry-change-log, Entry-tests, Entry-certificates" would be new VNF SDK development work (needs to be verified). Following VNFRQTS JIRA items contribute to this requirement:
| |||||||||||||||||
SOL004 Security | Driven from SOL004: Option 1 (Supported in R4 Dublin): TOSCA.meta (exists) Meta-directory based, XML based approach. Option 2 (NOT support in R4 Dublin): CSAR without TOSCA.meta. Manifest (.mf) file that has everything (so the TOSCA.meta is redundant). Yaml-based approach. The Public Key a key to open the package. SOL004 Option 1, 2 and use key to open the package - X.509 certificates public key, private key to sign the package and private key correspond to the private key of the package also delivered with the package. a package, a signature, and public key certificate delivered together. There may be more than one signature. Option 1 there is a digest for every file. All of those digests are listed in the manifest file. The manifest file is signed, one signature on the manifest. One signature and one key/pair & 1 certificate. Still optional to sign other files. The signature is a file beside. myimage.iso myimage.xyz but the same file/directory. Every file signed should have a signature files. CSAR file signed in a .sm file, package signature. The public key is signed can be signed by a root certificate. An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate. |
...