Verifying your ONAP Deployment

Warning: Draft Content

This wiki is under construction

Motivation: Having issues with MSO provisioning on Rackspace - need all REST API endpoints

Use or combine with Overall Deployment Architecture to determine what a fully functional set of VMs, processes and containers should look like for 1.0.0 and 1.1.0 - so we can be sure that the ONAP deployment is sound as much as possible before provisioning VFs.

http://onap.readthedocs.io/en/latest/index.html

ONAP GUIs

see https://kubernetes.io/docs/tasks/administer-cluster/access-cluster-services/

APP

Name

URL

Docker port

Kubernetes port

Heat port

APP

Name

URL

Docker port

Kubernetes port

Heat port

AAI



http://146.20.65.5:9517/services/aai/webapp/index.html#/viewInspect



OOM-347: Expose AAI sparky-be view&Inspect UI 9517 port as nodePort: {{ .Values.nodePortPrefix }}20Closed

9517













Grafana

Grafana

Part of the Kubernetes distribution -

https://aws.onap.info:8880/r/projects/1a7/kubernetes:6443/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy

expose via last lines of

https://git.onap.org/logging-analytics/tree/deploy/rancher/oom_rancher_setup.sh

kubectl expose -n kube-system deployment monitoring-grafana --type=LoadBalancer --name monitoring-grafana-client













Monitoring

watch for DCAE collector traffic - 

tcpdump -i eth0 port not 22 | grep 3904



We have monitoring currently in DCAE Project Proposal (5/11/17).  Proposed monitoring functionality is in Holmes (5/11/17) and ONAP Operations Manager / ONAP on Containers.  For the purposes of this demo, we would like to see some overall system/jvm/rest level monitoring while we exercise the demo.

One option is using New Relic agents.

Run the following (use your own account/token) on each VM (Note: JVM processes in docker containers will be visible to the host - so currently - until I run into issues - we don't need to expose extra ports on the containers)

    echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

    wget -O- https://download.newrelic.com/548CIEEE16BF.gpg | apt-key add -

    apt-get update

    apt-get install newrelic-sysmond

    nrsysmond-config --set license_key=<akey>

    /etc/init.d/newrelic-sysmond start

    echo deb http://apt.newrelic.com/debian/ newrelic non-free >> /etc/apt/sources.list.d/newrelic.list

    wget -O- https://download.newrelic.com/548CIEEE16BF.gpg | apt-key add -

    apt-get update

    apt-get install newrelic-sysmond

    nrsysmond-config --set license_key=<akey>

    /etc/init.d/newrelic-sysmond start

Postman/Curl REST calls

Passwords in /testsuite/properties/integration_robot_properties.py

Remember to load each server URL in chrome to accept the cert (save it for curls) 

Note AAI V11 is a flat model (no child nodes) - V8 is deep - IE the region contains the tenant

VM

Name

Req

Res



VM

Name

Req

Res



AAI



https://{{aai_ip}}:8443/aai/v8/business/customers/customer/Demonstration/service-subscriptions/service-subscription/vFW/service-instances/

{"service-instance": [{
"service-instance-id": "4ed1d78a-00c7-4493-89bc-a4d3e98247f7",
"service-instance-name": "DemoInstance",
"persona-model-id": "ea53cfa6-4429-41bc-8672-c36c4336aa75",
"persona-model-version": "1.0","resource-version": "1497379146",
"relationship-list": {"relationship": [{"related-to": "generic-vnf",
"related-link": "https://aai:8443/aai/v8/network/generic-vnfs/generic-vnf/724feb61-37b0-4d40-bbbe-dc3655d27937/",
"relationship-data": [{"relationship-key": "generic-vnf.vnf-id","relationship-value": "724feb61-37b0-4d40-bbbe-dc3655d27937"}],
"related-to-property": [{"property-key": "generic-vnf.vnf-name","property-value": "DemoVNF"}]}]}}]}



AAI



CURL (will require the aai certificate (export it from firefox)

root@ip-172-31-82-46:~# curl -X GET https://127.0.0.1:30233/aai/v11/cloud-infrastructure/cloud-regions/ -H "authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=" -H "X-TransactionId:jimmy-postman" -H "X-FromAppId:AAI" -H "Content-Type:application/json" -H "Accept:application/json" --cacert aaiapisimpledemoopenecomporg_20171003.crt -k

{"requestError":{"serviceException":{"messageId":"SVC3001","text":"Resource not found for %1 using id %2 (msg=%3) (ec=%4)","variables":["GET","cloud-infrastructure/cloud-regions/","Node Not Found:No Node of type cloud-region found at: cloud-infrastructure/cloud-regions/","ERR.5.4.6114"]}}}root@ip-172-31-82-46:~#

update after





AAI



cloud-region put - to fix above - and before we run init

PUT /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne HTTP/1.1
Host: 34.194.214.186:30233
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic QUFJOkFBSQ==
Cache-Control: no-cache
Postman-Token: 9f71f570-043c-ec79-6685-d0d599fb2c6f

{
"cloud-owner": "CloudOwner",
"cloud-region-id": "RegionOne",
"cloud-region-version": "v2",
"cloud-type": "SharedNode",
"cloud-zone": "CloudZone",
"owner-defined-type": "OwnerType",
"tenants": {
"tenant": [{
"tenant-id": "1035022",
"tenant-name": "ecomp-dev"
}]
}
}

on the CD server

curl -X PUT https://127.0.0.1:30233/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/CloudOwner/RegionOne --data "@aai-cloud-region-put.json" -H "authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=" -H "X-TransactionId:jimmy-postman" -H "X-FromAppId:AAI" -H "Content-Type:application/json" -H "Accept:application/json" --cacert aaiapisimpledemoopenecomporg_20171003.crt -k







AAI



customer post demo.sh init

https://{{aai_ip}}:8443/aai/v8/business/customers

auth: AAI:AAI or Basic QUFJOkFBSQ==



rootTarget.request().header("X-FromAppId", "AAI").get(String.class)



{ "customer": [ {
"global-customer-id": "Demonstration","subscriber-name": "Demonstration", "subscriber-type": "INFRA", "resource-version": "1499992251",
"service-subscriptions": {"service-subscription": [ {
"service-type": "vFW","resource-version": "1499992251",
"relationship-list": {"relationship": [{"related-to": "tenant",
"related-link": "https://aai:8443/aai/v8/cloud-infrastructure/cloud-regions/cloud-region/Rackspace/DFW/tenants/tenant/1035021/",
"relationship-data": [ { "relationship-key": "cloud-region.cloud-owner",
"relationship-value": "Rackspace" }, {
"relationship-key": "cloud-region.cloud-region-id",
"relationship-value": "DFW" }, {
"relationship-key": "tenant.tenant-id",
"relationship-value": "1035021"} ],
"related-to-property": [{ "property-key": "tenant.tenant-name",
"property-value": "1035021"} ] } ] } }, {
"service-type": "vLB",
"resource-version": "1499992251","relationship-list": { "relationship": [ { "related-to": "tenant",
"related-link": "https://aai:8443/aai/v8/cloud-infrastructure/cloud-regions/cloud-region/Rackspace/DFW/tenants/tenant/1035021/",
"relationship-data": [ { "relationship-key": "cloud-region.cloud-owner",
"relationship-value": "Rackspace" }, {
"relationship-key": "cloud-region.cloud-region-id",
"relationship-value": "DFW" }, {
"relationship-key": "tenant.tenant-id",
"relationship-value": "1035021" } ],
"related-to-property": [ { "property-key": "tenant.tenant-name",
"property-value": "1035021" } ] } ] } } ] } } ]}



AAI



Same as above - but different customer endpoint

https://{{aai_ip}}:8443/aai/v8/business/customers/customer

{"global-customer-id": "Demonstration","subscriber-name": "Demonstration","subscriber-type": "INFRA",



aai



GET

https://{{aai_ip}}:{{aai_port}}/aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/RegionOne



{
"cloud-owner": "IAD",
"cloud-region-id": "RegionOne",
"cloud-type": "SharedNode",
"owner-defined-type": "OwnerType",
"cloud-region-version": "v1",
"cloud-zone": "CloudZone",
"resource-version": "1507147808029",
"tenants": {
"tenant": [
{
"tenant-id": "6f2d976d3e1649dc844a13012863d1f2",
"tenant-name": "ecomp-dev",
"resource-version": "1507147808109"
}
]
}
}



appc



restconf

http://{{appc_ip}}:30230/restconf/config/network-topology:network-topology/topology/topology-netconf

user:pass ?







DCAE



DCAE API Documentation





DCAE DMaaP



http://{{collector_ip}}:3904/events/unauthenticated.TCA_EVENT_OUTPUT/group3/sub1?timeout=30000





DCAE DMaaP



http://{{collector_ip}}:3904/events/unauthenticated.SEC_MEASUREMENT_OUTPUT/group3/sub1?timeout=3000

[ "{\"event\":{\"measurementsForVfScalingFields\":{\"measurementInterval\":10,\"measurementsForVfScalingVersion\":1.1,\"vNicUsageArray\":[{\"multicastPacketsIn\":0,\"bytesIn\":10,\"unicastPacketsIn\":0,\"multicastPacketsOut\":0,\"broadcastPacketsOut\":0,\"packetsOut\":0,\"bytesOut\":0,\"packetsIn\":500,\"broadcastPacketsIn\":0,\"vNicIdentifier\":\"eth1\",\"unicastPacketsOut\":0}]},\"commonEventHeader\":{\"reportingEntityName\":\"mux1-vnf\",\"startEpochMicrosec\":1486118565570584,\"lastEpochMicrosec\":1486118575570584,\"eventId\":\"1\",\"sourceName\":\"mux_key_gIr3\",\"sequence\":1,\"priority\":\"Normal\",\"functionalRole\":\"vFirewall\",\"domain\":\"measurementsForVfScaling\",\"reportingEntityId\":\"No UUID available\",\"version\":1.1,\"sourceId\":\"b49a2e0e-ee40-48c0-8f9e-842712bea52a\"}}}"]



dmaap



Get the list of topics with this: 

curl -X GET http://dmaap-hostname:3904/topics 

Create a missing topic with this:

curl -X POST -H "content-type: application/json" --data @bogus-empty-event.json http://dmaap-hostname:3904/events/POA-AUDIT-INIT





Holmes



Health Check - Beijing





MSO



API history for service instance

http://{{mso_ip}}:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=serviceInstanceId%3AEQUALS%3Ac54316d8-464e-4967-bece-8c2b2f458b66

auth: InfraPortalClient:password1$ or Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==

...
"instanceReferences": {
"serviceInstanceId": "c54316d8-464e-4967-bece-8c2b2f458b66",
"serviceInstanceName": null,
"vnfInstanceId": "6229cdee-10f6-4ec4-a5e0-0593154e6d83",
"vnfInstanceName": null,
"vfModuleInstanceId": "5a08199b-4161-4181-9b2d-da29f6df1410",
"vfModuleInstanceName": "DemoModule",
"volumeGroupInstanceId": null,
"volumeGroupInstanceName": null,
"networkInstanceId": null,
"networkInstanceName": null
}, "requestStatus": {
"requestState": "COMPLETE",
"statusMessage": "Vf Module has been created successfully.",
"percentProgress": 100,
"finishTime": "Tue, 18 Jul 2017 21:35:47 GMT"



Policy



auth: testrest:3c0mpU#h01@N1c3 or Basic dGVzdHJlc3Q6M2MwbXBVI2gwMUBOMWMz





SDC



Consumer creation

SDC API

auth: sdcclient:password or Basic c2RjY2xpZW50OnBhc3N3b3Jk

Example: A GET query sent from VID to SDC to retrieve a service metadata

URL: http://{sdc_ip}:8080/sdc/v1/catalog/services/1eec58c0-d5e2-45c5-be9c-c873a1749541/metadata

Headers:

Authorization:Basic dmlkOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=
X-ECOMP-InstanceID:VID



verify

curl -X GET  http://{{your-server}}:8080/sdc2/rest/v1/catalog/services/serviceName/vepc/serviceVersion/1.0   -H 'user_id: cs0008'



verify

$ curl -X GET http://sdc:8080/sdc/v1/catalog/resources -H "authorization: Basic YWFpOktwOGJKNFNYc3pNMFdYbGhhazNlSGxjc2UyZ0F3ODR2YW9HR21KdlV5MlU=" -H "x-ecomp-instanceid:AAI"

{
"uuid": "1eec58c0-d5e2-45c5-be9c-c873a1749541",
"invariantUUID": "87c579fe-14de-44ff-81c2-5e2f731e54ab",
"name": "tutorial service",
"version": "1.0",
"toscaModelURL": "/sdc/v1/catalog/services/1eec58c0-d5e2-45c5-be9c-c873a1749541/toscaModel",
"category": "Network L4+",
"lifecycleState": "CERTIFIED",
"lastUpdaterUserId": "jm0007",
"distributionStatus": "DISTRIBUTED",
"lastUpdaterFullName": "Joni Mitchell",
"resources": [
{
"resourceInstanceName": "tutorial firewall 0",
"resourceName": "tutorial firewall",
"resourceInvariantUUID": "b574fdf8-4551-4d94-ba29-efbaf1dded10",
"resourceVersion": "1.0",
"resoucreType": "VF",
"resourceUUID": "0605d080-9210-48ff-8fc0-8685ed087acf",
"artifacts": [
{
"artifactName": "vf-license-model.xml",
"artifactType": "VF_LICENSE",
"artifactURL": "/sdc/v1/catalog/services/1eec58c0-d5e2-45c5-be9c-c873a1749541/resourceInstances/tutorialfirewall0/artifacts/e7c06878-d8de-4364-8cf8-4c81d7b733b3",
"artifactDescription": "VF license file",
"artifactChecksum": "NjdiNzdlYWEwMjM4NDcwZjI2NzJjY2M0OGFjYzdlNDE=",
"artifactUUID": "e7c06878-d8de-4364-8cf8-4c81d7b733b3",
"artifactVersion": "1",
"artifactLabel": "vflicense",
"artifactGroupType": "DEPLOYMENT"
},
...



SDNC



auth: admin:Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U or Basic YWRtaW46S3A4Yko0U1hzek0wV1hsaGFrM2VIbGNzZTJnQXc4NHZhb0dHbUp2VXkyVQ==





VID



8080/vid

auth <null>:<null> or Basic Og==









Additional sources:

just found consolidated auth info in the oom repo

root@obriensystemskub0:~/oom/kubernetes/config# vi ../config/docker/init/src/config/robot/eteshare/config/integration_robot_properties.py

Username / Password / Authorization Token

An aside: (I didn't realize or I forgot an aspect of base64 - dthat we could reverse engineer the password/username combination from the encoded <alphanumeric_token> in the header key:value = Authorization:Basic <alphanumeric_token>.  Again thanks Yves - use a public site like https://www.base64decode.org/  For example for MSO we take the token SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA== and get InfraPortalClient:password1$ which is defined throughout the ONAP codebase in for example the VID DockerFile.

Prerequisites

If running postman https endpoints (some of our VM's run SSL like AAI - but MSO for example will still run straight HTTP) - trust the server certificate in Postman (thank you Yves): You won't be able to run an https endpoint until the certificate is trusted in Chrome - paste an https request into the browser - one time - to enable the trusted certificate in postman.

For example: postman will work against AAI after launching the following (your IP) in chrome

https://{{aai_ip}}:8443/aai/v8/cloud-infrastructure/cloud-regions/

For programmatic JAX-RS 2.0 clients add the following

// fix java.security.cert.CertificateException: No subject alternative names present
HostnameVerifier verifier = new HostnameVerifier() { public boolean verify(String hostname, SSLSession sslSession) { return true; // TODO: security breach }};

// fix java.security.cert.CertificateException: No subject alternative names present
HostnameVerifier verifier = new HostnameVerifier() { public boolean verify(String hostname, SSLSession sslSession) { return true; // TODO: security breach }};

MSO VM

WIP: work in progress

An example get on a specific vFW VF from the demo.  In this case we use the cs0001 user to get the Vf Module ID from the edit page of a service instance's VF in VID

Postman

Request

Query API History for VF Module

GET /ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c HTTP/1.1
Host: 104.130.169.47:8080
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic SW5mcmF›Qb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==
Cache-Control: no-cache
Postman-Token: 6afbd585-4b77-2e7a-71d0-5b99a0930a1e

http://104.130.169.47:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c

Postman

Request

Query API History for VF Module

GET /ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c HTTP/1.1
Host: 104.130.169.47:8080
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic SW5mcmF›Qb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==
Cache-Control: no-cache
Postman-Token: 6afbd585-4b77-2e7a-71d0-5b99a0930a1e

http://104.130.169.47:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c

Postman

Response

{"requestList": [ {"request": {
"requestId": "8230aa5f-cbcf-492d-817a-37243475b46f",
"startTime": "Mon, 15 May 2017 12:25:25 GMT",
"requestScope": "vfModule",
"requestType": "createInstance",
"requestDetails": {"modelInfo": {
"modelCustomizationName": null,
"modelInvariantId": "ce3e0e4e-3189-4798-b4b2-f60f3d69e378",
"modelType": "vfModule",
"modelNameVersionId": "d55da365-52e2-47ee-8d48-011891909f4f",
"modelName": "AmdocsTestFirewall..base_vfw..module-0",
"modelVersion": "1"},......]}

curl

obrienbiometrics:onap michaelobrien$ curl -X GET -H "Authorization: Basic SW5mcmFQb3J0YWxDbGllbnQ6cGFzc3dvcmQxJA==" -H "Content-Type: application/json" -aH "Cache-Control" -d '' http://104.130.169.999:8080/ecomp/mso/infra/orchestrationRequests/v2/?filter=vfModuleInstanceId%3AEQUALS%3A90e7cbda-053c-46fb-9df7-c8559c29299c

{"requestList":[{"request":{"requestId":"8230aa5f-cbcf-492d-817a-37243475b46f","startTime":"Mon, 15 May 2017 12:25:25 GMT","requestScope":"vfModule","requestType":"createInstance","requestDetails":{"modelInfo":{"modelCustomizationName":null,"modelInvariantId":"ce3e0e4e-3189-4798-b4b2-f60f3d69e378","modelType":"vfModule","modelNameVersionId":"d55da365-52e2-47ee-8d48-011891909f4f","m......



AAI

Add Sample data set to AAI for Sparky

GET /aai/v8/service-design-and-creation/services HTTP/1.1
Host: 104.239.234.999:8443
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic QUFJOkFBSQ==
Cache-Control: no-cache
Postman-Token: 7c1b1415-e8e8-6701-dbef-f1994001e291

{"service": [{
"service-id": "c29f33c3-75d2-4210-8a71-0f805821c0cc",
"service-description": "vFW",
"resource-version": "1494850829"
},{
"service-id": "761805dd-19de-4e0b-8c72-33b77e6dbe1f",
"service-description": "vLB",
"resource-version": "1494850829"
}]}

GET /aai/v8/service-design-and-creation/services HTTP/1.1
Host: 104.239.234.999:8443
Accept: application/json
Content-Type: application/json
X-FromAppId: AAI
X-TransactionId: get_aai_subscr
Authorization: Basic QUFJOkFBSQ==
Cache-Control: no-cache
Postman-Token: 7c1b1415-e8e8-6701-dbef-f1994001e291

{"service": [{
"service-id": "c29f33c3-75d2-4210-8a71-0f805821c0cc",
"service-description": "vFW",
"resource-version": "1494850829"
},{
"service-id": "761805dd-19de-4e0b-8c72-33b77e6dbe1f",
"service-description": "vLB",
"resource-version": "1494850829"
}]}







Workarounds for Distribution and Deployment

SDC Distribution failure

20170914: SDC service distribution is failing - a partial workaround is to run ./demo.sh distribute - after manually adding the "Demonstration" customer and associating with a new cloud region.

PUT /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/IAD HTTP/1.1 Host: 146.20.65.5:8443 Accept: application/json Content-Type: application/json X-FromAppId: AAI X-TransactionId: get_aai_subscr Authorization: Basic QUFJOkFBSQ== Cache-Control: no-cache Postman-Token: db2cb2b2-5ecc-1acf-3d9b-a08cdf53102c { "cloud-owner": "IAD", "cloud-region-id": "IAD", "cloud-region-version": "v1", "cloud-type": "SharedNode", "cloud-zone": "CloudZone", "owner-defined-type": "OwnerType", "tenants": { "tenant": [{ "tenant-id": "1035021", "tenant-name": "ecomp-dev" }] } } GET /aai/v8/cloud-infrastructure/cloud-regions/ HTTP/1.1 Host: 146.20.65.5:8443 Accept: application/json Content-Type: application/json X-FromAppId: AAI X-TransactionId: jimmy-postman Authorization: Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI= Cache-Control: no-cache Postman-Token: 48cc0bab-4a34-af53-ea77-48fa4a536813 { "cloud-region": [ { "cloud-owner": "IAD", "cloud-region-id": "IAD", "cloud-type": "SharedNode", "owner-defined-type": "OwnerType", "cloud-region-version": "v1", "cloud-zone": "CloudZone", "resource-version": "1505416531254", "tenants": { "tenant": [ { "tenant-id": "1035021", "tenant-name": "ecomp-dev", "resource-version": "1505416532060" } ] } } ] } GET /aai/v8/cloud-infrastructure/cloud-regions/cloud-region/IAD/IAD/tenants/tenant/1035021 HTTP/1.1 Host: 146.20.65.5:8443 Accept: application/json Content-Type: application/json X-FromAppId: AAI X-TransactionId: get_aai_subscr Authorization: Basic QUFJOkFBSQ== Cache-Control: no-cache Postman-Token: bf5b90a0-38f3-1767-d3d0-c97ee1dfe2f0 { "tenant-id": "1035021", "tenant-name": "ecomp-dev", "resource-version": "1505416532060" }