Table of Contents |
---|
Note | ||
---|---|---|
| ||
This wiki is under construction - this is an evolving POC |
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Purpose: prototype a REST client on top of ONAP - specifically for VF-Module creation fixes Jira Legacy
Analysis
vFirewall Demo Sequence of Events
...
Seq | Name | Source | Target | Actor | REST write | REST read | REST delete |
---|---|---|---|---|---|---|---|
deploy service model | vid | aai | demo user | 9023f592-5c64-4a5b-9333-3287fdc9d304 | |||
create service instance | vid | aai | demo user | Input: InstanceName=DemoInstance Output: 07/27/17 12:10:39 HTTP Status: OK (200) { "request": { "requestId": "96dcaa23-88cb-41ac-bf8c-e1e5bb423232", "startTime": "Wed, 26 Jul 2017 16:10:26 GMT", "requestScope": "service", "requestType": "createInstance", "requestDetails": { "modelInfo": { "modelCustomizationName": null, "modelInvariantId": "43d59b70-8829-4a50-a3f7-d261b220ceef", "modelType": "service", "modelNameVersionId": "dcb40136-9cec-45be-b080-2a36b31c2f06", "modelName": "vfservice", "modelVersion": "1.0" }, "requestInfo": { "billingAccountNumber": null, "callbackUrl": null, "correlator": null, "orderNumber": null, "productFamilyId": null, "orderVersion": null, "source": "VID", "instanceName": "DemoInstance", "suppressRollback": false }, "relatedInstanceList": null, "subscriberInfo": { "globalSubscriberId": "Demonstration", "subscriberName": null }, "cloudConfiguration": null, "requestParameters": { "subscriptionServiceType": "vFW", "userParams": [] } }, "instanceReferences": { "serviceInstanceId": "cd2eb659-2463-461b-9c3b-3bf03619c167", "serviceInstanceName": "DemoInstance", "vnfInstanceId": null, "vnfInstanceName": null, "vfModuleInstanceId": null, "vfModuleInstanceName": null, "volumeGroupInstanceId": null, "volumeGroupInstanceName": null, "networkInstanceId": null, "networkInstanceName": null }, "requestStatus": { "requestState": "COMPLETE", "statusMessage": "Service Instance has been created successfully.", "percentProgress": 100, "finishTime": "Wed, 26 Jul 2017 16:10:31 GMT" } } } 07/27/17 12:10:28 HTTP Status: Accepted (202) { "requestReferences": { "instanceId": "cd2eb659-2463-461b-9c3b-3bf03619c167", "requestId": "96dcaa23-88cb-41ac-bf8c-e1e5bb423232" } } | https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW/service-instances/ { "service-instance": [{ | http://{{mso_ip}}:8080/ecomp/mso/infra/serviceInstances/v2/cd2eb659-2463-461b-9c3b-3bf03619c167 { |
...
Seq | Name | Source | Target | Actor | REST write | REST read | REST delete | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
create Vf module <DemoModule> | vid | demo user | Success without running VID! - workaround for Output: VfModuleID=5a08199b-4161-4181-9b2d-da29f6df1410 via OpenStack openstack server list 4be336b3-a31c-4be0-9261-0cb1cb51227d | demofwl01fwl | ACTIVE | oam_ecomp_LbMf=10.1.0.11; demofwl_unprotected=192.168.110.100; public=104.239.230.93, | || | | | 2001:4802:7803:104:be76:4eff:fe20:377b; demofwl_protected=192.168.120.100 post call http://{{mso_ip}}:8080/ecomp/mso/infra/serviceInstances/v2/<id>/vnfs/<id>/vfModules inputs: serviceInstance id = c543... from relatedInstance:type=service vnf id = 6229.. from relatedInstance:type=vnf using https://{{aai_ip}}:8443/aai/v8/network/generic-vnfs get: "relatedInstance": { "instanceId": "6229cdee-10f6-4ec4-a5e0-0593154e6d83", from: {"generic-vnf": [{"vnf-id": "6229cdee-10f6-4ec4-a5e0-0593154e6d83" get: modelInvariantId": "7425ba97-e159-4c0f-87dd-3af3b439148b" from: "persona-model-id": "7425ba97-e159-4c0f-87dd-3af3b439148b" using https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW/service-instances/ get: "instanceReferences": { "serviceInstanceId": "c54316d8-464e-4967-bece-8c2b2f458b66" from: { "service-instance": [{"service-instance-id": "c54316d8-464e-4967-bece-8c2b2f458b66", body : { "requestDetails": { however there is more to this than just a rest call - no heat stack means no vf instances yet http://{{mso_ip}}:8080/ecomp/mso/infra/serviceInstances/v2/cd2eb659-2463-461b-9c3b-3bf03619c167/vnfs/110f0e9c-52f9-4b12-8bd8-fa2980e48454/vfModules { however a call to the following - shows we need to get the right network name in the preload http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vnfInstanceId%3AEQUALS%3A110f0e9c-52f9-4b12-8bd8-fa2980e48454 "requestStatus": { retry after redoing preload with proper subnet name oam_ecomp_QbZ1 200 OK { "requestReferences": { | http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A5a08199b-4161-4181-9b2d-da29f6df1410 http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vnfInstanceId%3AEQUALS%3A110f0e9c-52f9-4b12-8bd8-fa2980e48454 http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3Ad5508965-35c6-4720-a7f0-4b0e17f25c9d { "requestList": [{ "request": { | get ID via http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3Ad5508965-35c6-4720-a7f0-4b0e17f25c9d { ... DEL to http://{{mso_ip}}:8080/ecomp/mso/infra/serviceInstances/v2/cd2eb659-2463-461b-9c3b-3bf03619c167/vnfs/110f0e9c-52f9-4b12-8bd8-fa2980e48454/vfModules/d5508965-35c6-4720-a7f0-4b0e17f25c9d fails - referencing an older preload { | ||||||||||
...
DI 1: 20170712: AAI Cert required for HTTPS REST calls
Use postman for adhoc rest calls - but if you want to code up call chains or hammer an endpoint use Spring RestController or the Rest client in JAX-RS 2.0
...
Below we import the cert into the default keystore. Where did I get the cert? by extracting it from Firefox - however it is in the code base - looking it up
$ ls $JAVA_HOME/jre/lib/security/cacerts
...
CURL commands need the certificate - see Verifying your ONAP Deployment#Postman/CurlRESTcalls
Note: we will need to replace the AAI Certificate before 1 Dec 2017 -
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
$ ls $JAVA_HOME/jre/lib/security/cacerts /Library/Java/JavaVirtualMachines/jdk1.8.0_121.jdk/Contents/Home/jre/lib/security/cacerts sudo keytool -import -trustcacerts -alias aai -file /config/certs/aai/aaiapisimpledemoopenecomporg.cer -keystore $JAVA_HOME/jre/lib/security/cacerts on robot root@vm1-robot:~# keytool -list -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -v sudo scp aaiapisimpledemoopenecomporg.cer root@robot:/opt keytool -import -trustcacerts -alias aai -file aaiapisimpledemoopenecomporg.cer -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts the aai keystore password does not work - I will use my own truststore "AAI_KEYSTORE_PASSWD_X": "OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0" |
---|
Running an https rest target using this certificate - if the cert is in a default keystore - you dont need to define it.
...
// require: cert, username, password, headers(X-FromAppId,Accept), Authenticator
public String run(boolean isSSL, String url, String port, String path) {
String record = null;
Client client = null;
WebTarget latestTarget = null;
WebTarget rootTarget = null;
if(isSSL) {
SslConfigurator sslConfig = SslConfigurator.newInstance();
SSLContext sslContext = sslConfig.createSSLContext();
HostnameVerifier verifier = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession sslSession) {
return true; // TODO: security breach
}};
client = ClientBuilder.newBuilder().sslContext(sslContext).hostnameVerifier(verifier).build();
client.register(new Authenticator("AAI","AAI"));
} else {
client = ClientBuilder.newClient();
}
rootTarget = client.target(url);
latestTarget = rootTarget.path(path);
try {
try { Thread.sleep(1); } catch (InterruptedException ie) { Thread.currentThread().interrupt(); }
record = finalTarget.request()
.header("X-FromAppId", "AAI").header("Accept", "application/json")
.get(String.class);
...
Installing the AAI certificate in your own keystore on the Robot VM
root@vm1-robot:/opt# keytool -import -trustcacerts -alias aai -file aaiapisimpledemoopenecomporg.cer -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts Enter keystore password: // use our own keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect root@vm1-robot:/opt# keytool -genkey -alias onap -keyalg RSA -keystore KeyStore.jks -keysize 2048 Enter keystore password: Is CN=Michael OBrien, OU=onap, O=onap, L=Unknown, ST=Unknown, C=Unknown correct? Enter key password for <onap> (RETURN if same as keystore password): Re-enter new password: // import cer root@vm1-robot:/opt# keytool -import -trustcacerts -alias aai -file aaiapisimpledemoopenecomporg.cer -keystore KeyStore.jks Enter keystore password: Owner: EMAILADDRESS=aai-host@api.simpledemo.openecomp.org, CN=aai.api.simpledemo.openecomp.org, OU=SimpleDemo, O=OpenECOMP, L=Bedminster, ST=NJ, C=US Issuer: EMAILADDRESS=simpledemo@openecomp.org, CN=OpenECOMP simpledemo Server CA X1, OU=simpledemo, O=OpenECOMP, L=Bedminster, ST=NJ, C=US Serial number: 83ca7c32dc9f7329 Valid from: Wed Nov 30 15:38:39 UTC 2016 until: Thu Nov 30 15:38:39 UTC 2017 Trust this certificate? [no]: yes Certificate was added to keystore |
---|
Running an https rest target using this certificate - if the cert is in a default keystore - you dont need to define it - otherwise set your own trust/keystore as below.
// require: cert, username, password, headers(X-FromAppId,Accept), Authenticator public String run(boolean isSSL, String url, String port, String path) { String record = null; // SslConfigurator sslConfig = SslConfigurator.newInstance(); SslConfigurator sslConfig =SslConfigurator.newInstance() .trustStoreFile("/opt/KeyStore.jks") .trustStorePassword("changeme")//"changeit") .keyStoreFile("/opt/KeyStore.jks") .keyPassword("changeme");//"changeit"); SSLContext sslContext = sslConfig.createSSLContext();this.user = user; this.pass = password; } public void filter(ClientRequestContext requestContext) throws IOException { MultivaluedMap<String, Object> headMap = requestContext.getHeaders return true; // TODO: security breach client = ClientBuilder.newClient();String basicAuth = null;}try {rootTarget = client.target(url);String aToken = user + ":" + pass; basicAuth = "BASIC " + DatatypeConverter.printBase64Binary(aToken.getBytes("UTF-8")); = rootTarget.path(path);UnsupportedEncodingException InterruptedExceptionuee ie) {throw new IllegalStateException("Encoding with UTF-8 failed", uee);} headMap.add("Authorization", basicAuth); } } |
---|
Creating a custom keystore on the robot VM
DI 2: 20170712: Spring Boot Backend Framework
Instead of using a full Tomcat deployment server - we will use an embedded Jetty container.
...
pom.xml
<parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>1.5.3.RELEASE</version></parent>
<dependencies>
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency>
<!-- avoid restarts --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><optional>true</optional></dependency>
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency>
<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency>
</dependencies>
<build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId>
<!-- may not be required --><configuration><addResources>true</addResources> </configuration></plugin></plugins></build>
DI 3: 20170712: JAX-RS 2.0 API Framework
DI 4: 20170712: 3D Framework: Three js OpenGL 3D wrapper on Canvas
Di 5: 20170712: Javascript Timer Framework
DI 6: 20170712: Three js Listener
DI 7: 20170712: Three js Edges between Nodes
DI 8: 20170712: Three js Click Context
...
Thread.currentThread().interrupt(); } |
---|
public class Authenticator implements ClientRequestFilter { |
---|
Creating a custom keystore on the robot VM
DI 2: 20170712: Spring Boot Backend Framework
Instead of using a full Tomcat deployment server - we will use an embedded Jetty container.
pom.xml <parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>1.5.3.RELEASE</version></parent> <dependencies> <!-- avoid restarts --><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-devtools</artifactId><optional>true</optional></dependency> <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-actuator</artifactId></dependency> <build><plugins><plugin><groupId>org.springframework.boot</groupId><artifactId>spring-boot-maven-plugin</artifactId> |
---|
DI 3: 20170712: JAX-RS 2.0 API Framework
DI 4: 20170712: 3D Framework: Three js OpenGL 3D wrapper on Canvas
changing state
scene.getObjectByName(arrowToFlash).line.material.color.set(flashOnColor); scene.getObjectByName(arrowToFlash).cone.material.color.set(flashOnColor); aDmaap.material.color.set(flashOnColor); aFirewall.material.color.set(flashOnColor); |
---|
Di 5: 20170712: Javascript Timer Framework
DI 6: 20170712: Three js Listener
DI 7: 20170712: Three js Edges between Nodes
var vmFromNames = ["generator", "firewall", "service-firewall", "firewall", "appc", "policy","policy"]; var vmToNames = ["firewall", "sink", "firewall", "dmaap", "generator", "dmaap", "appc"]; var edgeColors = [ colorRed, colorRed, colorGreen, colorRed, colorRed, colorBlue, colorBlue]; for(var vm=0; vm<vmFromNames.length; vm++) { threejsFlashStates[vmNames[vm]] = 0; var startObject = scene.getObjectByName(vmFromNames[vm]); var endObject = scene.getObjectByName(vmToNames[vm]); var startPoint = new THREE.Vector3(startObject.position.x, startObject.position.y, startObject.position.z); var endPoint = new THREE.Vector3(endObject.position.x, endObject.position.y, endObject.position.z); var direction = new THREE.Vector3().subVectors(endPoint, startPoint).normalize(); var arrow = new THREE.ArrowHelper(direction, startPoint, startPoint.distanceTo(endPoint), edgeColors[vm] ); arrow.line.material.linewidth = 4; // no effect on windows var vName = "edge-" + vmFromNames[vm] + "-" + vmToNames[vm]; console.log(vName); arrow.name = vName; group.add(arrow); } |
---|
DI 8: 20170712: Three js Click Context
DI 9: 20170712: AJAX JAX-RS Channel
Example: getCustomer() from AAI
AJAX client
function getCustomer() { $.ajax({url: "/api", data: { action: 'customer-read' }, success: function( data ) { var returnedData = JSON.parse(data.content); console.log(returnedData); document.getElementById('config-customer-value').bgColor='#c0ff30' $( "#config-customer-value" ).html( "<strong>" + returnedData['global-customer-id'] + "</strong>" ); }}); } |
---|
JAX-RS NBI
@Controller @RequestMapping("/api") publicclassApiController{ @RequestMapping(method=RequestMethod.GET) public@ResponseBodyApiprocess(@RequestParam(value="action",required=true,defaultValue="undefined")String action){ content = client.run(true,Configuration.get(Configuration.DC,"aai-ip"),"8443","aai/v8/business/customers/customer","AAI","AAI","AAI"); |
---|
JAX-RS SBI
record = rootTarget.request() .header("X-FromAppId", appId).header("Accept","application/json") .get(String.class); |
---|
DI 10: 20170712: WebSocket Channel
...
/testsuite/properties/demo.sh not /testsuite/docker/demo.sh /testsuite/runtags.sh /testsuite/resources/demo_preload.robot "Load Customer And Models" "Create Customer For VNF Demo" create_customer.robot (aai put /aai/v8//business/customers/customer/) create_service.robot (aai put /aai/v8/service-design-and-creation/services "Load Models" | Distribute Model | Model Distribution For Directory in model_test_template.robot | Distribute Model From ASDC in addc_interface.robot (Add ASDC Catalog Service, Setup ASDC Catalog Resource, Get ASDC Catalog Resource, Add ASDC Resource Instance, Get ASDC Catalog Service, Checkin ASDC Catalog Service, Request Certify ASDC Catalog Service, Start Certify ASDC Catalog Service, Certify ASDC Catalog Service, Approve ASDC Catalog Service, Distribute ASDC Catalog Service, Get ASDC Catalog Service, Check Catalog Service Distributed) Preload VNF:demo.robot ( Preload User Model:demo_preload.robot ( Get Service Instance Get Relationship Data Get Persona Model Id Login To VID GUI Get Module Names from VID Preload Vnf:sdngc_interface.robot( Update Module Name Preload Vnf Profile( Login To SDNGC Admin GUI goto sdnc:8843/mobility/getVnfProfile click add_vnf_profile inserts directly to the DB from the client (for now) /sdnc-oam/admportal/mobility.js router.post('/addVnfNetwork', csp.checkAuth, function(req,res){ ) Preload One Vnf Topology ))) |
---|
DI 20: 20170721: Rest API Chaining
...
"'," + "'" + req.body.nf_network_role + "')"; ) Preload One Vnf Topology ))) |
---|
DI 20: 20170721: Rest API Chaining
DI 21: 20170727: Parse VF-Module IPs from endpoint after VF-Module creation
DI 22: 20170728: Determine Healthcheck for vFW VMs are ready for appc Closed-Loop
The box should be ready for DMaaP TCA events - not just up with a 200.
Check port 667 on the sink vm.
DI 23: 20170728: Add granular Policy healthcheck for PDBD/PAP/PDP
http://{{policy_ip}}:6969/healthcheck Content-Type:application/json |
---|
DI 24: 20170728: Add TCA topic event capture between Policy and APPC
DI 25: 20170806: Add jcloud API to query VMs via Nova
http://jclouds.apache.org/guides/openstack/
DI 26: 20170806: Add docker ps parse calls to get docker health
ssh root@aai1 -o StrictHostKeyChecking=no 'docker ps'
will return results to calling server.
Notes
The MSO Rest post workaround to avoid VID for VF-Module creation fixes Jira Legacy server System Jira serverId 4733707d-2057-3a0f-ae5e-4fd8aff50176 key VID-19