Versions Compared

Old Version 22

changes.mady.by.user Bin Yang

Saved on

compared with

New Version Current

changes.mady.by.user Bin Yang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


 

1, F-GPS:

               Please refer to the patch https://gerrit.onap.org/r/#/c/78634/ which elaborate how to enhance current API to support F-GPS.

...

https://nexus.onap.org/service/local/repositories/releases/archive/org/onap/aai/aai-common/aai-schema/1.3.3/aai-schema-1.3.3.jar/!/onap/aai_swagger_html/aai_swagger_v14.html#operation--cloud-infrastructure-cloud-regions-cloud-region--cloud-owner---cloud-region-id--availability-zones-availability-zone--availability-zone-name--get

 

 



2, SO/MC integration

              

              Create Workload: https://wikilf-onap.onapatlassian.orgnet/wiki/display/DW/SO+to+Multicloud+API+enhancements 


               AAI updating: https://wikilf-onap.onapatlassian.orgnet/wiki/pages/viewpage.action?pageId=58228881 16350907


               SDC design: https://gerrit.onap.org/r/#/c/75851/ ,  SDC Service Software Architecture


3, FCAPS enhancement

 

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-523

               https://wiki.onap.org/download/attachments/53249985/FCAPS%20enhancement%20plan.pptx?version=1&modificationDate=1548905759000&api=v2


4, Multi-Tenant Support

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-527

...

                b, MultiCloud NBI should allow consumers to specify the tenant name/id during the requesting the API to MultiCloud.  This can be done on various way, the easy and backward compatible approach is to having consumers putting the tenant ID/name into the "optional" request headers of the Rest API call.

 


5, Secured-communication enablement

...

  • uwsgi https option
    The multicloud services which are based on uwsgi could utilize the https feature of uwsgi: https://uwsgi-docs.readthedocs.io/en/latest/HTTPS.html

    You probably have to rebuild uwsgi with ssl-support:

    On a debian server with uwsgi installed by pip this would be (as root):

    apt-get install libssl-dev
pip install uwsgi -I --no-cache-dir

    -I for reinstall, --no-cache-dir for building new from scratch.

  • cert files
         The question would be: who/how to generate key and cert ?

                   Follow the practice of MSB project, multicloud service will generate our own keys/certs and put them in the docker by default. And also make sure these keys/certs can be overrided by OOM helm chart , just like the logging settings.

        It is suggested that we follow the same pattern, put the generated certs under pub/ssl/cert/ with name cert.crt and cert.key

  • ENV variable to enable/disable https on the same port
    I don't believe the http and https endpoint should co-exists which make no sense from security perspective. So I recommend that the http/https should be toggled by an ENV variable and binding to the same port  
    The ENV variable could be: SSL_ENABLED, to enable https endpoint, set SSL_ENABLED=true ; otherwise just leave it unset or set to some other value (SSL_ENABLED=false, e.g.)
    The entry point of docker container will check this ENV var and determine to enable https or http mode for uwsgi.

  • example patch:       https://gerrit.onap.org/r/#/c/81829/ + https://gerrit.onap.org/r/#/c/81912/


6, Security Requirement: Run microservice as non-root user 

...

Jira Legacy
serverSystem Jira
serverId4733707d-2057-3a0f-ae5e-4fd8aff50176
keyMULTICLOUD-504

Reference:

...

Code Block
titledockerfile changes
collapsetrue

Image footprint
optimization exercises:

1, original
dockerfile => (multicloud-broker-orig: 846MB)


Dockerfile:


FROM
python:2

2, rebase to
python:2-slim => (multicloud-broker-slim1: 410MB)


Dockerfile:


FROM
python:2-slim

apt-get install -y unzip gcc

pip install -r ...

apt-get remove -y unzip gcc



3, remove unused
packages => (multicloud-broker-slim2: 296MB)


Dockerfile:

FROM
python:2-slim

apt-get install -y unzip gcc

pip install -r ...

apt-get remove -y unzip gcc


/opt/multivimbroker/requirements.txt

#redis cache
#redis==2.10.5

#for access redis cache

#redisco==0.1.4

#django-redis-cache==0.13.1

#for call openstack api
#python-keystoneclient==3.6.0
#python-glanceclient==2.5.0

#python-neutronclient==6.0.0
#for unit test

#django-nose>=1.4.0
#coverage==4.2
#mock==2.0.0
#unittest_xml_reporting==1.12.0

#for pecan framework
#pecan>=1.2.1
#oslo.concurrency>=3.21.0
#oslo.config>=4.11.0
#oslo.service>=1.25.0
#eventlet>=0.20.0


 


4, Remove all unused utils package => (multicloud-broker-slim4: 194MB)
Dockerfile:

FROM python:2-slim
apt-get install -y wget unzip gcc
apt-get --purge remove -y wget unzip gcc
apt-get -y autoremove
 

multicloud-broker-slim4   latest              4452cb69a1be        6 minutes ago       194MB
multicloud-broker-slim2   latest              3c232d46c0fa        10 minutes ago      296MB


multicloud-broker-slim1   latest              5ba81358eb19        16 minutes ago      410MB


multicloud-broker-orig    latest              7601a4382bb0        10 days ago         846MB


python                    2-slim              f2ac6489d817        10 days ago         120MB




Managing Container Image Tags