Table of Contents |
---|
Known Issues
https://jira.onap.org/browse/UCA-22
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Creating a Service Instance
In this tutorial we show how to take a service design that has been distributed and create a running instance of the service.
Notice the service you created in VID
To simplify this we are going to use scripts (with some selenium robot scripts) to create the design, pre-load customer and network information, and orchestrate parts of the virtual firewall closed loop example. The following steps assume that you have completed and understand basic concepts from the setting up the platform and using the portal tutorials.
Let's start by finding the IP Address of vm1-robot in the Rackspace list of servers. Use this vm1-robot IP address, your Rackspace private key, and the PuTTY client to login to vm1-robot as root.
Note: The current default LCP Region is IAD - to use DFW switch the example zip in the last section - currently though we have hardcoding that must be fixed:
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
...
osx$ ssh-add onap_rsa
osx$ ssh root@104.130.170.232
At the command prompt type
...
root@vm1-robot:~# cd /opt
root@vm1-robot:/opt# ./demo.sh init
Wait for all steps to complete (will take 60-120 sec) as shown below
If you want to see the details of what ran, you can open report.html in a browser. (located within openecompete_container docker container)
...
root@vm1-robot:/opt# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f99954f00ab2 nexus3.onap.org:10001/openecomp/testsuite:1.0-STAGING-latest "lighttpd -D -f /e..." 19 hours ago Up 19 hours 0.0.0.0:88->88/tcp openecompete_container
root@vm1-robot:/opt# docker exec -it openecompete_container bash
root@f99954f00ab2:/# cat /share/logs/demo/InitDemo/
log.html output.xml report.html
From the ONAP portal, login to the VID application using demo user, browse to locate the demo SDC Service Models, and Deploy an instance of the service you created - not the pre-populated demoVFW.
(Note: deploy your "service" above - not demoVFW or demoVLB - these 2 are leftover pre-population artifacts of the init script and will be removed)
Fill in the information (Instance Name=DemoInstance, Demonstration, vFW) for a Service Instance as shown below and press Confirm.
Wait for a response and close the window
You should now see a service instance displayed.
Add a VNF using the drop down button, complete, and enter the following information. The tenant and LCP region drop down choices may be different for your Rackspace account. Both IAD and DFW support heat templates - but currently only IAD is supported in this demo until
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Wait for and close the response window.
Return to the PuTTY window and type the command to load VNF configuration information
DO NOT Navigate from the Deploy page before adding the VF Module below - or you will need to search for it - then hit edit
./demo.sh preload <vnf_name> <module_name>
example
./demo.sh preload DemoVNF DemoModule
Wait for the results as shown below
Add a VF Module using the drop down button.
Fill in information for the VF module (service name = Service) and confirm.
Watch as the 3 VMs for the VF start to come up on Rackspace (dialog is still up)
Create VF Module hangs - vFW VMs are created
Eventually you will see a (red-herring) poll timeout - we need to adjust the wait time and # of retries here - anyway the 3 VM's are up (with pings but not necessarily with 200 health checks on the processes)
see
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Select close, and later cancel (for now) - as the VMs are actually up
For now cancel the Create VF Module dialog (the VMs were created)
Browse our new vFW service
Wait for the response and close the window as was done in prior steps. The VF Module creation can also be viewed as a stack in Rackspace as shown below.
To complete the service instance we will run one more script that mounts the Traffic Generator on the Application Controller to enable policy driven configuration changes. Return to the PuTTY window, type the command and wait for the response as shown below.
...
see the vFW sink page - to view traffic generation stats
We are currently having issues with the traffic generator - both starting the stream and also actually sshing to the VM (looks like the ssh key in the env is not picked up)
Fix: the repo URL in the vFW zip has changed to
#repo_url: https://ecomp-nexus:8443/repository/raw/org.openecomp.simpledemo
repo_url: https://nexus.onap.org/content/sites/raw/org.openecomp.demo/vnfs/vfw/1.0.0-SNAPSHOT
Also the private key for the 3 vFW VM's is in /testsuite/robot/assets/keys/robot_ssh_private_key.pvt
Note: the overrides in the env are not picked up for the network/IPs as well - these are the sample py defaults - a JIRA is open
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
The platform and virtual function interactions in the control loop are summarized here.
Error Handling
Handle MSO Failure on RAM Quota exceeded
A default rackspace account is only allocated 128G but we will require
...
"requestState": "FAILED",
"statusMessage": "Received vfModuleException from VnfAdapter: category='INTERNAL' message='Exception during create VF 0 : Stack error (CREATE_FAILED):
Resource CREATE failed: Forbidden: resources.vsn_0: Quota exceeded for ram:
Requested 4096, but already used 130048 of 131072 ram (HTTP 403) (Request-ID: req-02439f0a-c8a4-4fe7-8d79-d6fa99bd4f57) - stack successfully deleted' rolledBack='true'",
"percentProgress": 100,
"finishTime": "Tue, 23 May 2017 22:19:11 GMT"
Handle MSO Failure on Create VF Module
Update: 20170523: looks like the template defaults are not being modified - and pass through
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
This type of MSO failure means the demo VNF was retried with the same defaults - a retry will just fail on another IP conflict for the port.
The openstack tenant also happens to have other instances of the VNF that look like they are causing a port resource contention - clean/reset your VM's for now.
...
onap@server-01:~/onap$ openstack port list | grep ip_address=.10.1.0.
| 6d4c9ef9-ceec-4c62-85b1-fa6f2de34256 | FirewallSvcModule-vfw_private_2_port-ewvqxhjdm2tv | BC:76:4E:20:57:DB | ip_address='10.1.0.11', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE |
| 7861e542-600f-4bfa-96d0-47e1be19331d | FirewallSvcModule-vpg_private_1_port-ctu2jymvh2yr | BC:76:4E:20:3B:75 | ip_address='10.1.0.12', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE |
| b22e7d79-58e6-4c16-8acc-f1a4c358c8c9 | FirewallSvcModule-vsn_private_1_port-xit2fdnpz2yd | BC:76:4E:20:3B:63 | ip_address='10.1.0.13', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE |
05/18/17 15:05:57 HTTP Status: OK (200)
{
"request": {
"requestId": "6c0afeaf-42a4-4628-9312-2305e533f673",
"startTime": "Wed, 17 May 2017 19:04:56 GMT",
"requestScope": "vfModule",
"requestType": "createInstance",
...
"requestStatus": {
"requestState": "FAILED",
"statusMessage": "Received vfModuleException from VnfAdapter: category='INTERNAL' message='Exception during create VF 0 : Stack error (CREATE_FAILED): Resource CREATE failed: IpAddressInUseClient: resources.vsn_private_1_port:
...
Table of Contents |
---|
TODO:
20171120: Brian Freeman has commented on R1 changes - need to verify these in a live system before posting here
VNF preload is now part of VID in a checkbox - so we don't require the sdnc rest call as part of demo.sh preload
Robot in OOM is run in oom/kubernetes/robot now
Creating a Service Instance
In this tutorial we show how to take a service design that has been distributed and create a running instance of the service.
SDNC preload fragment |
---|
"service-type": "11819dd6-6332-42bc-952c-1a19f8246663", above is the vf-module (3 of 3 in the diagram below) avove ios the vnf (2 of 3) |
Gliffy | ||||
---|---|---|---|---|
|
To simplify this we are going to use scripts (with some selenium robot scripts) to create the design, pre-load customer and network information, and orchestrate parts of the virtual firewall closed loop example. The following steps assume that you have completed and understand basic concepts from the setting up the platform and using the portal tutorials.
Let's start by finding the IP Address of vm1-robot in the Rackspace list of servers. Use this vm1-robot IP address, your Rackspace private key, and the PuTTY client to login to vm1-robot as root.
Note: The current default LCP Region is IAD - to use DFW switch the example zip in the last section - currently though we have hardcoding that must be fixed:
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
osx$ ssh-add onap_rsa osx$ ssh root@104.130.170.232 |
---|
Run Robot demo.sh init
At the command prompt type
root@vm1-robot:~# cd /opt root@vm1-robot:/opt# ./demo.sh init |
---|
Wait for all steps to complete (will take 60-120 sec) as shown below
If you want to see the details of what ran, you can open report.html in a browser. (located within openecompete_container docker container)
root@vm1-robot:/opt# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f99954f00ab2 nexus3.onap.org:10001/openecomp/testsuite:1.0-STAGING-latest "lighttpd -D -f /e..." 19 hours ago Up 19 hours 0.0.0.0:88->88/tcp openecompete_container root@vm1-robot:/opt# docker exec -it openecompete_container bash root@f99954f00ab2:/# cat /share/logs/demo/InitDemo/ log.html output.xml report.html |
---|
Deploy Service Instance in VID
From the ONAP portal, login to the VID application using demo user, browse to locate the demo SDC Service Models, and Deploy an instance of the service you created - not the pre-populated demoVFW.
(Note: deploy your "service" above - not demoVFW or demoVLB - these 2 are leftover pre-population artifacts of the init script and will be removed)
Use the generated demoVFW above (you don't need to onboard/distribute your own)
Fill in the information (Instance Name=DemoInstance, Demonstration, vFW) for a Service Instance as shown below and press Confirm.
adjust above for project and owning entity and vFWCL/vSNK
Wait for a response and close the window
You should now see a service instance displayed.
Add a Virtual Network Function under the Service Instance in VID
Add a VNF using the drop down button, complete, and enter the following information. The tenant and LCP region drop down choices may be different for your Rackspace account. Both IAD and DFW support heat templates.
Wait for and close the response window.
Run Robot demo.sh preload of DemoModule
Return to the PuTTY/ssh window and type the command to load VNF configuration information
DO NOT Navigate from the Deploy page before adding the VF Module below - or you will need to search for it - then hit edit
./demo.sh preload <vnf_name> <module_name>
example
./demo.sh preload DemoVNF DemoModule
Wait for the results as shown below
For any error/debug logs looks into
Code Block |
---|
/opt/eteshare/logs/demo/PreloadDemo/output.xml |
Preload Flow
see overall Tutorial: Verifying and Observing a deployed Service Instance#vFirewallFlow
demo.sh calls runTags.sh in the docker container in robot - which runs the robot test framework scripts starting with PreLoad VNF in demo.robot
Preload VNF
Preload User Model ${VNF_NAME} ${MODULE_NAME}
which calls demo_preload.robot (although it screen scrapes the Service ID previously from VID - in this call it does a rest call to VID to package up the vm modules list) and calls SDNC preload with these (the diagram needs a 25-2 for robot to VID as well for this sub-step)
Preload User Model
Login To VID GUI
${vf_modules}= Get Module Names from VID ${invariantUUID}
Preload Vnf ${service_instance_id} ${vnf_name} ${vnf_type} ${vf_module_name} ${vf_modules} ${service} demo
which calls sdngc_interface.robot (logs in and posts to sdnc/mobility/addVnfProfile)
Preload Vnf Profile
Login To SDNGC Admin GUI
Go To ${SDNGC_ADMIN_VNF_PROFILE_URL}
Click Button xpath=//button[@data-target='#add_vnf_profile']
Click Button xpath=//button[contains(.,'Submit')]
which calls the post form
<form name="addForm" role="form" action="/mobility/addVnfProfile" method="POST">
http://sdnc:8843/mobility/getVnfProfile
which runs a backend DB insert operation on SDNC (calling the DB directly here is likely not advised, also there is no parameter checking on the resultant SQL, we should also be using an ORM framework)
/sdnc-oam/admportal/mobility.js router.post('/addVnfNetwork', csp.checkAuth, function(req,res){ |
---|
Add a VF Module in VID
Option 1: REST call to MSO
POST to http://{{mso_ip}}:8080/ecomp/mso/infra/serviceInstances/v2/<id>/vnfs/<id>/vfModules - see UCA-20 OSS JAX-RS 2 Client
Option 2: VID GUI
Add a VF Module using the drop down button.
Fill in information for the VF module (service name = Service) and confirm.
Create VF Module - polling hangs - vFW VMs are created though
Eventually you will see a (red-herring) poll timeout - we need to adjust the wait time and # of retries here - anyway the 3 VM's are up (with pings but not necessarily with 200 health checks on the processes)
see
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Select close, and later cancel (for now) - as the VMs are actually up
For now cancel the Create VF Module dialog (the VMs were created)
Watch VF VM stack creation
Watch as the 3 VMs for the VF start to come up on Rackspace (dialog is still up)
Note: Openstack users with RegionOne may see failures here. Looks into the below ticker to update MSO docker container /shared/mso-docker.json file with RegionOne settings. For logs use
Panel |
---|
docker logs -f testlab_mso_1 |
Browse our new vFW service
Verify VNF Profile
create an account on SDNC http://sdnc-ip:8843/signup
login http://sdnc-ip:8843/login
Check VNF Profile in Profile menu
Wait for the response and close the window as was done in prior steps. The VF Module creation can also be viewed as a stack in Rackspace as shown below.
Run Robot demo.sh appc on DemoModule to mount the Traffic Generator
To complete the service instance we will run one more script that mounts the Traffic Generator on the Application Controller to enable policy driven configuration changes. Return to the PuTTY window, type the command and wait for the response as shown below.
./demo.sh appc DemoModule
To summarize: here are all 3 orchestration assistance runs (init, preload, appc) between interleaved Service, VNF and VF-Module UI actions - to summarize
see the vFW sink page on the snk VM - to view traffic generation stats
Note: the overrides in the env are not picked up for the network/IPs as well - these are the sample py defaults - a JIRA is open
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
Control Loop Flows
The platform and virtual function interactions in the control loop are summarized here.
Tutorial: Verifying and Observing a deployed Service Instance#vFirewallFlow
Error Handling
Handle MSO Failure on RAM Quota exceeded
A default rackspace account is only allocated 128G but we will require
"requestState": "FAILED",
"statusMessage": "Received vfModuleException from VnfAdapter: category='INTERNAL' message='Exception during create VF 0 : Stack error (CREATE_FAILED): Resource CREATE failed: Forbidden: resources.vsn_0: Quota exceeded for ram: Requested 4096, but already used 130048 of 131072 ram (HTTP 403) (Request-ID: req-02439f0a-c8a4-4fe7-8d79-d6fa99bd4f57) - stack successfully deleted' rolledBack='true'",
"percentProgress": 100,
"finishTime": "Tue, 23 May 2017 22:19:11 GMT" |
---|
Handle MSO Failure on Create VF Module
Update: 20170523: looks like the template defaults are not being modified - and pass through
Jira Legacy | ||||||
---|---|---|---|---|---|---|
|
This type of MSO failure means the demo VNF was retried with the same defaults - a retry will just fail on another IP conflict for the port.
The openstack tenant also happens to have other instances of the VNF that look like they are causing a port resource contention - clean/reset your VM's for now.
onap@server-01:~/onap$ openstack port list | grep ip_address=.10.1.0. | 6d4c9ef9-ceec-4c62-85b1-fa6f2de34256 | FirewallSvcModule-vfw_private_2_port-ewvqxhjdm2tv | BC:76:4E:20:57:DB | ip_address='10.1.0.11', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE | | 7861e542-600f-4bfa-96d0-47e1be19331d | FirewallSvcModule-vpg_private_1_port-ctu2jymvh2yr | BC:76:4E:20:3B:75 | ip_address='10.1.0.12', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE | | b22e7d79-58e6-4c16-8acc-f1a4c358c8c9 | FirewallSvcModule-vsn_private_1_port-xit2fdnpz2yd | BC:76:4E:20:3B:63 | ip_address='10.1.0.13', subnet_id='5a4808b2-2fca-40ab-ba43-10d21a9e5b64' | ACTIVE | |
---|
05/18/17 15:05:57 HTTP Status: OK (200)
{
"request": {
"requestId": "6c0afeaf-42a4-4628-9312-2305e533f673",
"startTime": "Wed, 17 May 2017 19:04:56 GMT",
"requestScope": "vfModule",
"requestType": "createInstance",
...
"requestStatus": {
"requestState": "FAILED",
"statusMessage": "Received vfModuleException from VnfAdapter: category='INTERNAL' message='Exception during create VF 0 : Stack error (CREATE_FAILED): Resource CREATE failed: IpAddressInUseClient: resources.vsn_private_1_port: Unable to complete operation for network 6dfab28d-183e-4ffd-8747-b360aa41b078. The IP address 10.1.0.13 is in use. - stack successfully deleted' rolledBack='true'",
"percentProgress": 100,
"finishTime": "Wed, 17 May 2017 19:05:48 GMT"
}
}
}
|
---|
Handle outdated vFW (201702xx) zip causing Traffic Generation not to start
Fix: Use the 1.0.0 template in Nexus - or the updated one on this wiki
1) The vFW zip attached to the onap.org wiki that we were using will not work with 1.0.0-SNAPSHOT or 1.0.0 (disabled/replacing it) – we are using the official yaml now from 1.0.0 - this fixes the userdata bootstrap script on the PGN instance – where nexus pulls of TG scripts was failing (why the demo did not work in the past) – we now use (with modified ssh key, ips and networks)
Heat template:
https://nexus.onap.org/content/sites/raw/org.openecomp.demo/heat/vFW/1.0.0/
Scripts to verify on the pgn VM:
https://nexus.onap.org/content/sites/raw/org.openecomp.demo/vnfs/vfw/1.0.0/
After this we were able to run ./demo.sh appc – to start the TG
Issue:
We are currently having issues with the traffic generator - both starting the stream and also actually sshing to the VM (looks like the ssh key in the env is not picked up)
Fix: the repo URL in the vFW zip has changed to
#repo_url: https://ecomp-nexus:8443/repository/raw/org.openecomp.simpledemo
repo_url: https://nexus.onap.org/content/sites/raw/org.openecomp.demo/vnfs/vfw/1.0.0-SNAPSHOT
Check your TG VM and look for scripts in /config like the following that should have been copied over
wget --user=$REPO_USER --password=$REPO_PASSWD $REPO_URL/v_firewall_init.sh
Also the private key for the 3 vFW VM's is in /testsuite/robot/assets/keys/robot_ssh_private_key.pvt
TODO: 20181023 during the Academic Conference : the SDNC preload checkbox does not actually run the preload robot script - - still need a manual preload via the rest call in Vetted vFirewall Demo - Full draft how-to for F2F and ReadTheDocs - it just tells SO to pull in data from SDNC
Install the vFWCL first because it has the network
to do repeated instantiations - adjust the network values in the preload-vnf-topology-operation rest call - being automated in casablanca - 92,96, put the right service-type (Service Instance ID - top right in the gui)