Warning: Draft Content
This wiki is under construction
Motivation: Having issues with MSO provisioning on Rackspace - need all REST API endpoints
Use or combine with Overall Deployment Architecture to determine what a fully functional set of VMs, processes and containers should look like for 1.0.0 and 1.1.0 - so we can be sure that the ONAP deployment is sound as much as possible before provisioning VFs.
http://onap.readthedocs.io/en/latest/index.html
Monitoring
watch for DCAE collector traffic -
tcpdump -i eth0 port not 22 | grep 3904
We have monitoring currently in DCAE (5/11/17). Proposed monitoring functionality is in Holmes (5/11/17) and ONAP Operations Manager / ONAP on Containers. For the purposes of this demo, we would like to see some overall system/jvm/rest level monitoring while we exercise the demo.
One option is using New Relic agents.
Run the following (use your own account/token) on each VM (Note: JVM processes in docker containers will be visible to the host - so currently - until I run into issues - we don't need to expose extra ports on the containers)
echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list wget -O- https://download.newrelic.com/548CIEEE16BF.gpg | apt-key add - apt-get update apt-get install newrelic-sysmond nrsysmond-config --set license_key=<akey> /etc/init.d/newrelic-sysmond start |
|---|
Postman/Curl REST calls
Passwords in /testsuite/properties/integration_robot_properties.py
Remember to load each server URL in chrome to accept the cert
| VM | Name | Req | Res | |
|---|---|---|---|---|
| AAI | https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW/service-instances/ | {"service-instance": [{ | ||
| AAI | customer post demo.sh init https://{{aai_ip}}:8443/aai/v8/business/customers auth: AAI:AAI or Basic QUFJOkFBSQ== rootTarget.request().header("X-FromAppId", "AAI").get(String.class) | { "customer": [ { | ||
| AAI | Same as above - but different customer endpoint https://{{aai_ip}}:8443/aai/v8/business/customers/customer | {"global-customer-id": "Demonstration","subscriber-name": "Demonstration","subscriber-type": "INFRA", | ||
| DCAE | DCAE API Documentation | |||
| DCAE DMaaP | http://{{collector_ip}}:3904/events/unauthenticated.TCA_EVENT_OUTPUT/group3/sub1?timeout=30000 | |||
| DCAE DMaaP | http://{{collector_ip}}:3904/events/unauthenticated.SEC_MEASUREMENT_OUTPUT/group3/sub1?timeout=3000 | [ "{\"event\":{\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":1.1,\"vNicUsageArray\":[{\"multicastPacketsIn\":0,\"bytesIn\":10,\"unicastPacketsIn\":0,\"multicastPacketsOut\":0,\"broadcastPacketsOut\":0,\"packetsOut\":0,\"bytesOut\":0,\"packetsIn\":500,\"broadcastPacketsIn\":0,\"vNicIdentifier\":\"eth1\",\"unicastPacketsOut\":0}]},\"commonEventHeader\":{\"reportingEntityName\":\"mux1-vnf\",\"startEpochMicrosec\":1486118565570584,\"lastEpochMicrosec\":1486118575570584,\"eventId\":\"1\",\"sourceName\":\"mux_key_gIr3\",\"sequence\":1,\"priority\":\"Normal\",\"functionalRole\":\"vFirewall\",\"domain\":\"measurementsForVfScaling\",\"reportingEntityId\":\"No UUID available\",\"version\":1.1,\"sourceId\":\"b49a2e0e-ee40-48c0-8f9e-842712bea52a\"}}}"] | ||
| Holmes | Health Check | |||
| MSO | API history for service instance http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=serviceInstanceId%3AEQUALS%3Ac54316d8-464e-4967-bece-8c2b2f458b66 auth: InfraPortalClient:password1$ or Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== | ... | ||
| Policy | auth: testrest:3c0mpU#h01@N1c3 or Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz | |||
| SDC | auth: sdcclient:password or Basic c2RjY2xpZW50OnBhc3N3b3Jk Example: A GET query sent from VID to SDC to retrieve a service metadata URL: http://{sdc_ip}:8080/sdc/v1/catalog/services/1eec58c0-d5e2-45c5-be9c-c873a1749541/metadata Headers: Authorization:Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= verify curl -X GET http://{{your-server}}:8080/sdc2/rest/v1/catalog/services/serviceName/vepc/serviceVersion/1.0 -H 'user_id: cs0008' verify $ curl -X GET http://sdc:8080/sdc/v1/catalog/resources -H "authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" -H "x-ecomp-instanceid:AAI" | { | ||
| SDNC | auth: admin:Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U or Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== | |||
| VID | 8080/vid auth <null>:<null> or Basic Og== |
Additional sources:
just found consolidated auth info in the oom repo
root@obriensystemskub0:~/oom/kubernetes/config# vi ../config/docker/init/src/config/robot/eteshare/config/integration_robot_properties.py
Username / Password / Authorization Token
An aside: (I didn't realize or I forgot an aspect of base64 - dthat we could reverse engineer the password/username combination from the encoded <alphanumeric_token> in the header key:value = Authorization:Basic <alphanumeric_token>. Again thanks Yves - use a public site like https://www.base64decode.org/ For example for MSO we take the token SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== and get InfraPortalClient:password1$ which is defined throughout the ONAP codebase in for example the VID DockerFile.
Prerequisites
If running postman https endpoints (some of our VM's run SSL like AAI - but MSO for example will still run straight HTTP) - trust the server certificate in Postman (thank you Yves): You won't be able to run an https endpoint until the certificate is trusted in Chrome - paste an https request into the browser - one time - to enable the trusted certificate in postman.
For example: postman will work against AAI after launching the following (your IP) in chrome
https://{{aai_ip}}:8443/aai/v8/cloud-infrastructure/cloud-regions/
For programmatic JAX-RS 2.0 clients add the following
// fix java.security.cert.CertificateException: No subject alternative names present |
|---|
MSO VM
WIP: work in progress
An example get on a specific vFW VF from the demo. In this case we use the cs0001 user to get the Vf Module ID from the edit page of a service instance's VF in VID
Postman Request | Query API History for VF Module GET /ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c HTTP/1.1 |
|---|---|
Postman Response | {"requestList": [ {"request": { |
| curl | obrienbiometrics:onap michaelobrien$ curl -X GET -H "Authorization: Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==" -H "Content-Type: application/json" -aH "Cache-Control" -d '' http://104.130.169.999:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c {"requestList":[{"request":{"requestId":"8230aa5f-cbcf-492d-817a-37243475b46f","startTime":"Mon, 15 May 2017 12:25:25 GMT","requestScope":"vfModule","requestType":"createInstance","requestDetails":{"modelInfo":{"modelCustomizationName":null,"modelInvariantId":"ce3e0e4e-3189-4798-b4b2-f60f3d69e378","modelType":"vfModule","modelNameVersionId":"d55da365-52e2-47ee-8d48-011891909f4f","m...... |
AAI
GET /aai/v8/service-design-and-creation/services HTTP/1.1 | {"service": [{ |
|---|---|
Swagger API Endpoints
TODO: get swagger docs for all servers
This is an expanding list of API endpoints to verify your ONAP deployment - ideally we would post a postman config and environment file.
| VM | Container | ext port | URL | user:pass | gerrit source | Generating Artifacts |
| AAI | AAI API#GeneratingAAIAPIDocs | |||||
| SDNC | sdnc_controller_container | 8282 | http://sdnc:8282/apidoc/explorer/index.html | admin:Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U |
Robot Healthcheck
There actually is a set of scripts already on the robot vm inside its docker container - currently attempting to get these to pass (won't check your VFs though)
root@16e8d4997655:/var/opt/OpenECOMP_ETE# ./runTags.sh -i health h -d ./html -V /share/config/robot_properties_ete.py |
|---|
| ID | VM | Container | Process | Healthcheck |
|---|---|---|---|---|
| AAI | ||||
| MSO | ||||
| Policy | drools docker exec -it -u 0 drools su - policy | note: escape any special chars like the exclamation point in the password curl http://healthcheck:zb\!XztG34@policy:6969/healthcheck {"healthy":true,"details":[{"name":"PDP-D","url":"self","healthy":true,"code":200,"message":"alive"},{"name":"PAP","url":"http://pap:9091/pap/test","healthy":true,"code":200,"message":""},{"name":"PDP","url":"http://pdp:8081/pdp/test","healthy":true,"code":200,"message":""}]} for postman: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0 { "healthy": true, |
Portals
Portal
SDC - http://sdnc:8843/user/listUsers
Demo VMs
ssh keys
The private key for the 3 vFW demo VM's is in /testsuite/robot/assets/keys/robot_ssh_private_key.pvt
obrienbiometrics:onap michaelobrien$ ssh -i robot_ssh_private_key.pvt root@172.99.67.148 root@demofwl01pgn:~# history |
|---|
Artifacts Required
log files for each VM and set of docker containers - or how to aggregate them - not necessarily at the SumoLogic level
- VM/container or JVM health checks - ideally something like New Relic agents on the box
- Would be nice to have something we can run on vm1-robot that would automate a healthcheck on all the containers