Verifying your ONAP Deployment
Warning: Draft Content
This wiki is under construction
Motivation: Having issues with MSO provisioning on Rackspace - need all REST API endpoints
Use or combine with Overall Deployment Architecture to determine what a fully functional set of VMs, processes and containers should look like for 1.0.0 and 1.1.0 - so we can be sure that the ONAP deployment is sound as much as possible before provisioning VFs.
http://onap.readthedocs.io/en/latest/index.html
ONAP GUIs
see https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-services/
APP | Name | URL | Docker port | Kubernetes port | Heat port |
---|---|---|---|---|---|
AAI | http://146.20.65.5:9517/services/aai/webapp/index.html#/viewInspect | 9517 | |||
Grafana | Grafana | Part of the Kubernetes distribution - expose via last lines of https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh kubectl expose -n kube-system deployment monitoring-grafana --type=LoadBalancer --name monitoring-grafana-client |
Monitoring
watch for DCAE collector traffic -
tcpdump -i eth0 port not 22 | grep 3904
We have monitoring currently in DCAE Project Proposal (5/11/17). Proposed monitoring functionality is in Holmes (5/11/17) and ONAP Operations Manager / ONAP on Containers. For the purposes of this demo, we would like to see some overall system/jvm/rest level monitoring while we exercise the demo.
One option is using New Relic agents.
Run the following (use your own account/token) on each VM (Note: JVM processes in docker containers will be visible to the host - so currently - until I run into issues - we don't need to expose extra ports on the containers)
echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list wget -O- https://download.newrelic.com/548CIEEE16BF.gpg | apt-key add - apt-get update apt-get install newrelic-sysmond nrsysmond-config --set license_key=<akey> /etc/init.d/newrelic-sysmond start |
---|
Postman/Curl REST calls
Passwords in /testsuite/properties/integration_robot_properties.py
Remember to load each server URL in chrome to accept the cert (save it for curls)
Note AAI V11 is a flat model (no child nodes) - V8 is deep - IE the region contains the tenant
VM | Name | Req | Res | |
---|---|---|---|---|
AAI | https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW/service-instances/ | {"service-instance": [{ | ||
AAI | CURL (will require the aai certificate (export it from firefox) root@ip-172-31-82-46:~# curl -X GET https://127.0.0.1:30233/aai/v11/cloud-infrastructure/cloud-regions/ -H "authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=" -H "X-TransactionId:jimmy-postman" -H "X-FromAppId:AAI" -H "Content-Type:application/json" -H "Accept:application/json" --cacert aaiapisimpledemoopenecomporg_20171003.crt -k {"requestError":{"serviceException":{"messageId":"SVC3001","text":"Resource not found for %1 using id %2 (msg=%3) (ec=%4)","variables":["GET","cloud-infrastructure/cloud-regions/","Node Not Found:No Node of type cloud-region found at: cloud-infrastructure/cloud-regions/","ERR.5.4.6114"]}}}root@ip-172-31-82-46:~# update after | |||
AAI | cloud-region put - to fix above - and before we run init PUT /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne HTTP/1.1 { on the CD server curl -X PUT https://127.0.0.1:30233/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne --data "@aai-cloud-region-put.json" -H "authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=" -H "X-TransactionId:jimmy-postman" -H "X-FromAppId:AAI" -H "Content-Type:application/json" -H "Accept:application/json" --cacert aaiapisimpledemoopenecomporg_20171003.crt -k | |||
AAI | customer post demo.sh init https://{{aai_ip}}:8443/aai/v8/business/customers auth: AAI:AAI or Basic QUFJOkFBSQ== rootTarget.request().header("X-FromAppId", "AAI").get(String.class) | { "customer": [ { | ||
AAI | Same as above - but different customer endpoint https://{{aai_ip}}:8443/aai/v8/business/customers/customer | {"global-customer-id": "Demonstration","subscriber-name": "Demonstration","subscriber-type": "INFRA", | ||
aai | GET https://{{aai_ip}}:{{aai_port}}/aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/RegionOne | { | ||
appc | restconf http://{{appc_ip}}:30230/restconf/config/network-topology:network-topology/topology/topology-netconf user:pass ? | |||
DCAE | ||||
DCAE DMaaP | http://{{collector_ip}}:3904/events/unauthenticated.TCA_EVENT_OUTPUT/group3/sub1?timeout=30000 | |||
DCAE DMaaP | http://{{collector_ip}}:3904/events/unauthenticated.SEC_MEASUREMENT_OUTPUT/group3/sub1?timeout=3000 | [ "{\"event\":{\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":1.1,\"vNicUsageArray\":[{\"multicastPacketsIn\":0,\"bytesIn\":10,\"unicastPacketsIn\":0,\"multicastPacketsOut\":0,\"broadcastPacketsOut\":0,\"packetsOut\":0,\"bytesOut\":0,\"packetsIn\":500,\"broadcastPacketsIn\":0,\"vNicIdentifier\":\"eth1\",\"unicastPacketsOut\":0}]},\"commonEventHeader\":{\"reportingEntityName\":\"mux1-vnf\",\"startEpochMicrosec\":1486118565570584,\"lastEpochMicrosec\":1486118575570584,\"eventId\":\"1\",\"sourceName\":\"mux_key_gIr3\",\"sequence\":1,\"priority\":\"Normal\",\"functionalRole\":\"vFirewall\",\"domain\":\"measurementsForVfScaling\",\"reportingEntityId\":\"No UUID available\",\"version\":1.1,\"sourceId\":\"b49a2e0e-ee40-48c0-8f9e-842712bea52a\"}}}"] | ||
dmaap | Get the list of topics with this: curl -X GET http://dmaap-hostname:3904/topics Create a missing topic with this: curl -X POST -H "content-type: application/json" --data @bogus-empty-event.json http://dmaap-hostname:3904/events/POA-AUDIT-INIT | |||
Holmes | ||||
MSO | API history for service instance http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=serviceInstanceId%3AEQUALS%3Ac54316d8-464e-4967-bece-8c2b2f458b66 auth: InfraPortalClient:password1$ or Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== | ... | ||
Policy | auth: testrest:3c0mpU#h01@N1c3 or Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz | |||
SDC | auth: sdcclient:password or Basic c2RjY2xpZW50OnBhc3N3b3Jk Example: A GET query sent from VID to SDC to retrieve a service metadata URL: http://{sdc_ip}:8080/sdc/v1/catalog/services/1eec58c0-d5e2-45c5-be9c-c873a1749541/metadata Headers: Authorization:Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU= verify curl -X GET http://{{your-server}}:8080/sdc2/rest/v1/catalog/services/serviceName/vepc/serviceVersion/1.0 -H 'user_id: cs0008' verify $ curl -X GET http://sdc:8080/sdc/v1/catalog/resources -H "authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" -H "x-ecomp-instanceid:AAI" | { | ||
SDNC | auth: admin:Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U or Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ== | |||
VID | 8080/vid auth <null>:<null> or Basic Og== |
Additional sources:
just found consolidated auth info in the oom repo
root@obriensystemskub0:~/oom/kubernetes/config# vi ../config/docker/init/src/config/robot/eteshare/config/integration_robot_properties.py
Username / Password / Authorization Token
An aside: (I didn't realize or I forgot an aspect of base64 - dthat we could reverse engineer the password/username combination from the encoded <alphanumeric_token> in the header key:value = Authorization:Basic <alphanumeric_token>. Again thanks Yves - use a public site like https://www.base64decode.org/ For example for MSO we take the token SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== and get InfraPortalClient:password1$ which is defined throughout the ONAP codebase in for example the VID DockerFile.
Prerequisites
If running postman https endpoints (some of our VM's run SSL like AAI - but MSO for example will still run straight HTTP) - trust the server certificate in Postman (thank you Yves): You won't be able to run an https endpoint until the certificate is trusted in Chrome - paste an https request into the browser - one time - to enable the trusted certificate in postman.
For example: postman will work against AAI after launching the following (your IP) in chrome
https://{{aai_ip}}:8443/aai/v8/cloud-infrastructure/cloud-regions/
For programmatic JAX-RS 2.0 clients add the following
// fix java.security.cert.CertificateException: No subject alternative names present |
---|
MSO VM
WIP: work in progress
An example get on a specific vFW VF from the demo. In this case we use the cs0001 user to get the Vf Module ID from the edit page of a service instance's VF in VID
Postman Request | Query API History for VF Module GET /ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c HTTP/1.1 |
---|---|
Postman Response | {"requestList": [ {"request": { |
curl | obrienbiometrics:onap michaelobrien$ curl -X GET -H "Authorization: Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==" -H "Content-Type: application/json" -aH "Cache-Control" -d '' http://104.130.169.999:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c {"requestList":[{"request":{"requestId":"8230aa5f-cbcf-492d-817a-37243475b46f","startTime":"Mon, 15 May 2017 12:25:25 GMT","requestScope":"vfModule","requestType":"createInstance","requestDetails":{"modelInfo":{"modelCustomizationName":null,"modelInvariantId":"ce3e0e4e-3189-4798-b4b2-f60f3d69e378","modelType":"vfModule","modelNameVersionId":"d55da365-52e2-47ee-8d48-011891909f4f","m...... |
AAI
Add Sample data set to AAI for Sparky
GET /aai/v8/service-design-and-creation/services HTTP/1.1 | {"service": [{ |
---|---|
Workarounds for Distribution and Deployment
SDC Distribution failure
20170914: SDC service distribution is failing - a partial workaround is to run ./demo.sh distribute - after manually adding the "Demonstration" customer and associating with a new cloud region.
PUT /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/IAD HTTP/1.1
Host: 146.20.65.5:8443
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic QUFJOkFBSQ==
Cache-Control: no-cache
Postman-Token: db2cb2b2-5ecc-1acf-3d9b-a08cdf53102c
{
"cloud-owner": "IAD",
"cloud-region-id": "IAD",
"cloud-region-version": "v1",
"cloud-type": "SharedNode",
"cloud-zone": "CloudZone",
"owner-defined-type": "OwnerType",
"tenants": {
"tenant": [{
"tenant-id": "1035021",
"tenant-name": "ecomp-dev"
}]
}
}
GET /aai/v8/cloud-infrastructure/cloud-regions/ HTTP/1.1
Host: 146.20.65.5:8443
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: jimmy-postman
Authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=
Cache-Control: no-cache
Postman-Token: 48cc0bab-4a34-af53-ea77-48fa4a536813
{
"cloud-region": [
{
"cloud-owner": "IAD",
"cloud-region-id": "IAD",
"cloud-type": "SharedNode",
"owner-defined-type": "OwnerType",
"cloud-region-version": "v1",
"cloud-zone": "CloudZone",
"resource-version": "1505416531254",
"tenants": {
"tenant": [
{
"tenant-id": "1035021",
"tenant-name": "ecomp-dev",
"resource-version": "1505416532060"
}
]
}
}
]
}
GET /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/IAD/tenants/tenant/1035021 HTTP/1.1
Host: 146.20.65.5:8443
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic QUFJOkFBSQ==
Cache-Control: no-cache
Postman-Token: bf5b90a0-38f3-1767-d3d0-c97ee1dfe2f0
{
"tenant-id": "1035021",
"tenant-name": "ecomp-dev",
"resource-version": "1505416532060"
}