Here we can check and give feedback to findings of OOM users.
CI/CD for open source SMO
Louis Li (louis li <louis890404@gmail.com>) prepared slides about his findings and experience with the OOM deployment stored here:
Contributions - SMO - Confluence (o-ran-sc.org)
Facts:
- it/dep project uses helm charts from the ONAP OOM project
- By including onap_oom as a git submodule in it/dep code base
- The latest update for submodule onap_oom was in Nov 2022
- With ONAP Jakarta release (released in June 2022)
Q&A
- Page 2: "Problem: Has ONAP Montreal finished its release cycle?"
- yes, sign-off at 14.12.2023
- Page 3: "By default, the message router no longer exposes NodePort We expose this port for testing"
Could be also exposed via ingress by enabling it in values.yaml of DMAAP:
message-router: ingress: enabled: true service: - baseaddr: "dmaap-mr-api" name: "message-router" port: *svc_port config: ssl: "redirect"
- Page 3: "Upgrades strimzi-operator from 0.28.0 to 0.36.1, Add podAntiAffinity to avoid deploying replica pods on the same node, We change strimzi replica count in helm override from 3 to 1 for single
node Kubernetes"- is added to "Montreal" release: https://gerrit.onap.org/r/c/oom/+/136590
- Page 5: "Does ONAP Plan to Deprecate DMaaP MR?"
- Yes, initially this was planned in London, but not implemented by all components (Policy, SDNC, DCAE,...)
- Plans:
- Policy: POLICY-4402 - Getting issue details... STATUS
- DCAE (some components) by DT
- AAI
- Still (in NewDelhi) missing component support:
- Planned updates:
- AAI
- SO
- Policy
- some DCAE components
Fixes/Improvements
- Page 7: DMaaP mediator listens to MR topics
- To be checked
- Page 8: Move configurations to Values file
- Would gain more flexibility, but also much additional text in values.yaml
- Possibly only certain variable fields could be exposed
- Page 9/10: No reusable nonrtric-common chart / Common Templates
- good idea, also done in ONAP
- but adds dependency
- Page 11: Remove nested chart variables
- Or use "global.xxx" variables
- Page 12: YAML File Comparison
- use "helm/k8s recommended labels" → absolutely correct
- but allow to add own labels (e.g. "app", "version",...) in each chart or globally, as e.g. Istio, ArgoCD,... required special ones
- Page 13: Values File Changes
- Service definitions in "values.yaml" depends in ONAP much on the template definition (see https://git.onap.org/oom/tree/kubernetes/common/common/templates/_service.tpl)
Additional Improvement ideas
Mail (Louis Li):
- SDNC's dgbuilder is broken; it shows an UnsupportedClassVersionError when clicking "display graph". It seems that dgbuilder lacks an upgrade. Is dgbuilder still an active component, or has it been deprecated? (SDNC is using openjdk 17.0.6 [class version 55], while dgbuilder is using openjdk 11.0.18 [class version 61]. I think we need to upgrade the base image for dgbuilder's Dockerfile in `ccsdk-distribution` from openjdk11 to openjdk17.)
2. ONAP OOM uses the legacy Keycloak or WildFly version, while OSC OAM projects use the Quarkus version. I have noticed that the APIs of these two versions are not fully compatible. I am not familiar with Keycloak, but it seems that Quarkus is the trend?
3. When trying to enable SDNC OAuth, SDNC reads the config file `/opt/onap/sdnc/data/oauth-aaa-app-config.xml`. Then I found the default config file in the SDNC image is not working. After comparing with the config used by OSC OAM, the image default uses `org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter/ODLHttpAuthenticationFilter2` for `anyroles` and `authcBearer`. However, these two classes do not exist in `opendaylight/aaa`. OAM uses `org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.AnyRoleHttpAuthenticationFilter/BearerAndBasicHttpAuthenticationFilter`, which is workable. I am not sure if this is a historical problem or not. Also, `/**/config/aaa*/**` needs to be changed to `/rests/**/aaa*/**`.
4. OOM SDNC can configure the OAuth provider in the values file; however, the example fields in the values file do not match with the valid configuration. Currently, the fields include: id, type, host, clientID, secret, scope, title, roleMapping. After reviewing `sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java` and referring to OAM's configuration, I think the correct fields might be: id, type, url, clientId, openIdConfigUrl, secret, scope, title, roleMapping, realmName, trustAll.