APP-C Chef Adapter
- Hector Anapan-Lavalle
This wiki provides documentation regarding the design, capabilities and usage of the Chef Extension for APP-C.
The Chef Extension for APP-C allows management of VNFs that support Chef through the following two additions :
An APP-C Chef Adapter
Chef Directed Graph (DG)
Details of each of these two aspects are listed below :
1. Chef Directed Graph (DG):
Field | Value |
|---|---|
module | APPC |
rpc | chef |
version | 3.0.0 |
The inputs that the Chef DG expects are listed below.
Input Parameters to the Chef Directed Graph | |||
|---|---|---|---|
Variable Name | Description | Type | Comments |
chef-server-address | The FQDN of the chef server | Mandatory | Should be provided by App-C |
chef-organization | The chef organization name | Mandatory | Should be provided by App-C |
chef-username | the username of the chef organization | Mandatory | Should be provided by App-C |
Environment | A JSON dictionary representing a Chef Environment object. If the VNF action requires loading or modifying Chef environment attributes associated with the VNF, all the relevant information must be provided in this JSON dictionary in a structure that conforms to a Chef Environment Object. | Optional | To be provided in template by VNF owner |
Node | A JSON dictionary representing a Chef Node Object. The Node JSON dictionary must include the run list to be triggered for the desired VNF action by the push job. It should also include any attributes that need to be configured on the Node Object as part of the VNF action. | Mandatory | To be provided in template by VNF owner |
NodeList | Array of FQDNs that correspond to the endpoints (VMs) of a VNF registered with the Chef Server that need to trigger a chef-client run as part of the desired VNF action. | Mandatory | To be provided in template |
CallbackCapable | This field indicates if the chef-client run invoked by push job corresponding to the VNF action is capable of posting results on a callback URL. | Optional | To be provided in template by VNF owner |
RequestId | A unique string associated with the original request byONAP. This key-value pair will be provided by ONAP in the environment of the push job request and must be returned as part of the POST message. | Optional | To be provided by App-C |
CallbackUrl | Currently not used | Optional | |
retryTimes | The retry times to query the result of chef push job. | Mandatory | To be provided in template by VNF owner |
retryInterval | The estimate duration to finish the push job. Measure by milliseconds. | Mandatory | To be provided in template by VNF owner |
GetOutputFlag | Flag which indicates whether ONAP should retrieve output generated in a chef-client run from Node object attribute node[‘PushJobOutput’] for this VNF action (e.g in Audit) | Mandatory | To be provided in template by VNF owner |
PushJobFlag | Flag which indicates whether ONAP should trigger the push job | Mandatory | To be provided in template by VNF owner |
Output Variables set by chef DG | |
|---|---|
Variable Name | Description |
output.status.code | Result of the request : 400 if SUCCESS , 200 if FAILURE. |
output.status.message | If Cookbook finished, set to corresponding message. If abnormal error, reported in message |
output.status.results | A JSON dictionary with results corresponding to PushJobOutput. |
Example:
2. APP-C Chef Adapter :
a. Environment set:
To connect to the chef server, app-c should load the chef server credential.
The Chef server uses role-based access control to restrict access to objects—nodes, environments, roles, data bags, cookbooks, and so on. So we need load the user's private key to authenticate the permission.
App-c needs to pre-load the SSL certificate and user private key.
The file structure shows below.
chefServerSSL.jks file saves all the SSL certificates of chef server. In the chef server, please check the chef server setting file at /etc/opscode/chef-server.rb. The chef-server.rb declare where is the SSL certificate. Find the SSL crt file and use keytool to import certificate to the key store. The password of the chefServerSSL.jks is "adminadmin"
The user private key file should be saved under /opt/appc/bvc/chef/{{CHEF SERVER FQDN}}/{{ORGANIZATION NAME}} director and the file name should be {{username}}.pem. Please make sure this user have enough permission on the chef server.