Versions Compared

Old Version 21

changes.mady.by.user Bin Yang

Saved on

compared with

New Version Current

changes.mady.by.user Bin Yang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

1, F-GPS:

               Please refer to the patch https://gerrit.onap.org/r/#/c/78634/ which elaborate how to enhance current API to support F-GPS.

...

https://nexus.onap.org/service/local/repositories/releases/archive/org/onap/aai/aai-common/aai-schema/1.3.3/aai-schema-1.3.3.jar/!/onap/aai_swagger_html/aai_swagger_v14.html#operation--cloud-infrastructure-cloud-regions-cloud-region--cloud-owner---cloud-region-id--availability-zones-availability-zone--availability-zone-name--get

 

 



2, SO/MC integration

              

              Create Workload: https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/SO+to+Multicloud+API+enhancements

 


               AAI updating: https://wikilf-onap.onapatlassian.orgnet/wiki/pages/viewpage.action?pageId=5822888116350907

 


               SDC design: https://gerrit.onap.org/r/#/c/75851/ ,  SDC Service Software Architecture


3, FCAPS enhancement

 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-523

               https://wiki.onap.org/download/attachments/53249985/FCAPS%20enhancement%20plan.pptx?version=1&modificationDate=1548905759000&api=v2


4, Multi-Tenant Support

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-527

https://gerrit.onap.org/r/#/c/82085/

               So far MultiCloud exposed API with ID of a cloud region, assuming the consumer will issue the API request with the default tenant which are part of the AAI cloud region. With that the different tenants on the same VIM/Cloud instance can only be on-boarded into ONAP as different cloud regions.

...

                b, MultiCloud NBI should allow consumers to specify the tenant name/id during the requesting the API to MultiCloud.  This can be done on various way, the easy and backward compatible approach is to having consumers putting the tenant ID/name into the "optional" request headers of the Rest API call. 


5, Secured-communication enablement

...

  • uwsgi https option
    The multicloud services which are based on uwsgi could utilize the https feature of uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/HTTPS.html

    You probably have to rebuild uwsgi with ssl-support:

    On a debian server with uwsgi installed by pip this would be (as root):

    apt-get install libssl-dev
pip install uwsgi -I --no-cache-dir

    -I for reinstall, --no-cache-dir for building new from scratch.

  • cert files
         The question would be: who/how to generate key and cert ?

                   Follow the practice of MSB project, multicloud service will generate our own keys/certs and put them in the docker by default. And also make sure these keys/certs can be overrided by OOM helm chart , just like the logging settings.

        It is suggested that we follow the same pattern, put the generated certs under pub/ssl/cert/ with name cert.crt and cert.key

  • ENV variable to enable/disable https on the same port
    I don't believe the http and https endpoint should co-exists which make no sense from security perspective. So I recommend that the http/https should be toggled by an ENV variable and binding to the same port  
    The ENV variable could be: SSL_ENABLED, to enable https endpoint, set SSL_ENABLED=true ; otherwise just leave it unset or set to some other value (SSL_ENABLED=false, e.g.)
    The entry point of docker container will check this ENV var and determine to enable https or http mode for uwsgi.

  • example patch:       https://gerrit.onap.org/r/#/c/81829/ + https://gerrit.onap.org/r/#/c/81912/


6, Security Requirement: Run microservice as non-root user 

...

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-504

Reference:

...

Code Block
titledockerfile changes
collapsetrue

Image footprint
optimization exercises:

1, original
dockerfile => (multicloud-broker-orig: 846MB)


Dockerfile:


FROM
python:2

2, rebase to
python:2-slim => (multicloud-broker-slim1: 410MB)


Dockerfile:


FROM
python:2-slim

apt-get install -y unzip gcc

pip install -r ...

apt-get remove -y unzip gcc



3, remove unused
packages => (multicloud-broker-slim2: 296MB)


Dockerfile:

FROM
python:2-slim

apt-get install -y unzip gcc

pip install -r ...

apt-get remove -y unzip gcc


/opt/multivimbroker/requirements.txt

#redis cache
#redis==2.10.5

#for access redis cache

#redisco==0.1.4

#django-redis-cache==0.13.1

#for call openstack api
#python-keystoneclient==3.6.0
#python-glanceclient==2.5.0

#python-neutronclient==6.0.0
#for unit test

#django-nose>=1.4.0
#coverage==4.2
#mock==2.0.0
#unittest_xml_reporting==1.12.0

#for pecan framework
#pecan>=1.2.1
#oslo.concurrency>=3.21.0
#oslo.config>=4.11.0
#oslo.service>=1.25.0
#eventlet>=0.20.0


 


4, Remove all unused utils package => (multicloud-broker-slim4: 194MB)
Dockerfile:

FROM python:2-slim
apt-get install -y wget unzip gcc
apt-get --purge remove -y wget unzip gcc
apt-get -y autoremove
 

multicloud-broker-slim4   latest              4452cb69a1be        6 minutes ago       194MB
multicloud-broker-slim2   latest              3c232d46c0fa        10 minutes ago      296MB


multicloud-broker-slim1   latest              5ba81358eb19        16 minutes ago      410MB


multicloud-broker-orig    latest              7601a4382bb0        10 days ago         846MB


python                    2-slim              f2ac6489d817        10 days ago         120MB




Managing Container Image Tags