Tutorial: Step by step guide to run vFirewall Closed Loop Demo
This is based on an ONAP instance that has the required components to run the vFirewall Closed Loop Demo, on a Kubernetes cluster using OOM Beijing release.
Onboarding process flow of a VNF in ONAP
The following assumptions are made before following the steps of this wiki:
All components are deployed in an OpenStack environment.
ONAP (Beijing release) has already been deployed on a Kubernetes cluster with the required components listed below.
You can successfully access the Kubernetes cluster where ONAP is deployed at using the kubectl CLI.
While Rancher is the Kubernetes-based container management platform of choice for testing the steps below, it is not required and other Kubernetes orchestrators can be used (i.e. Cloudify)
The following ONAP components are the required ones to execute the vFirewall Closed Loop demo successfully:
Portal
Robot
SDC
APPC
DCAE
AAI
Policy
VID
DMaaP
This is the composition of the vFirewall VNF package used as part of its closed loop demo:
vFirewall component
vSINK component
vPacketGen (packet generator) component
The following items are required to be able to run the vFirewall Closed Loop demo:
vFW-vSINK preload file to use in SDNC’s ODL: https://lf-onap.atlassian.net/wiki/download/attachments/16220232/vfw_preload_beijing.txt?version=1&modificationDate=1537300585000&api=v2
vPacketGen preload file to use in SDNC’s ODL: https://lf-onap.atlassian.net/wiki/download/attachments/16220232/vpacketgen_preload_beijing.txt?version=1&modificationDate=1537300585000&api=v2
vFW-vSINK HEAT template (Beijing – stable release) to use as part of uploading it into Portal’s SDC’s Widget. These 3 files will have to be put in a single zip file in a later step:
vPacketgen HEAT template (Beijing – stable release) to use as part of uploading it into Portal’s SDC’s Widget. These 3 files will have to be put in a single zip file in a later step:
File to mount the VNF in APPC’s ODL: https://lf-onap.atlassian.net/wiki/download/attachments/16257085/appc_mountpoint.txt?version=1&modificationDate=1511893778000&api=v2
Prepare the HEAT Packages
In this part, we need to grab the HEAT templates above and do the following steps to popoulate the HEAT ENV file parameter values to prepare to upload them in the SDC Widget later on in this document.
First, populate the HEAT ENV file with the values that are specific to your Openstack environment:
vFW-vSINK (vFirewall & vSINK components)
parameters:
image_name: PUT THE VM IMAGE NAME HERE ( Suggested: UBUNTU 14.04 LTS - QCOW2 Format )
flavor_name: PUT THE VM FLAVOR NAME HERE ( Suggested: OpenStack-standard m1.medium )
public_net_id: PUT THE PUBLIC NETWORK ID HERE ( Provider-Type Network only - NO Floating IP Network )
unprotected_private_net_id: zdfw1fwl01_unprotected ( Leave as is )
unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub ( Leave as is )
unprotected_private_net_cidr: 192.168.10.0/24 ( Leave as is )
protected_private_net_id: zdfw1fwl01_protected ( Leave as is )
protected_private_subnet_id: zdfw1fwl01_protected_sub ( Leave as is )
protected_private_net_cidr: 192.168.20.0/24 ( Leave as is )
onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME / ID HERE
onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME / ID HERE
onap_private_net_cidr: 10.0.0.0/16 ( Leave as is )
vfw_private_ip_0: 192.168.10.100 ( Leave as is )
vfw_private_ip_1: 192.168.20.100 ( Leave as is )
vfw_private_ip_2: 10.0.100.1 ( Leave as is )
vpg_private_ip_0: 192.168.10.200 ( Leave as is )
vsn_private_ip_0: 192.168.20.250 ( Leave as is )
vsn_private_ip_1: 10.0.100.3 ( Leave as is )
vfw_name_0: zdfw1fwl01fwl01 ( Leave as is - dummy value to be changed by SO in demo )
vsn_name_0: zdfw1fwl01snk01 ( Leave as is - dummy value to be changed by SO in demo )
vnf_id: vFirewall_demo_app ( Leave as is - dummy value to be changed by SO in demo )
vf_module_id: vFirewallCL ( Leave as is - dummy value to be changed by SO in demo )
dcae_collector_ip: PUT THE EXTERNAL IP OF A K8S VM NODE WHERE THE DCAE COLLECTOR IS AT
dcae_collector_port: PUT THE K8S NODEPORT THAT EXPOSES THE DCAE COLLECTOR ( Default: 30235 )
repo_url_blob: https://nexus.onap.org/content/sites/raw ( Leave as is )
repo_url_artifacts: https://nexus.onap.org/content/repositories/releases ( Leave as is )
demo_artifacts_version: 1.2.1
install_script_version: 1.2.1
key_name: PUT THE KEYSTONE SSH NAME TO BE MAPPED TO THE VMs
pub_key: PUT THE PUBLIC SSH KEY PORTION OF THE KEYSTONE SSH NAME TO BE MAPPED TO THE VMs
cloud_env: PUT openstack OR rackspace HERE
vPacketGen (Packet Generator)
parameters:
image_name: PUT THE VM IMAGE NAME HERE ( Suggested: UBUNTU 14.04 LTS - QCOW2 Format )
flavor_name: PUT THE VM FLAVOR NAME HERE ( Suggested: OpenStack-standard m1.medium )
public_net_id: PUT THE PUBLIC NETWORK ID HERE ( Provider-Type Network only - NO Floating IP Network )
unprotected_private_net_id: zdfw1fwl01_unprotected ( Leave as is )
unprotected_private_subnet_id: zdfw1fwl01_unprotected_sub ( Leave as is )
unprotected_private_net_cidr: 192.168.10.0/24 ( Leave as is )
onap_private_net_id: PUT THE ONAP PRIVATE NETWORK NAME / ID HERE
onap_private_subnet_id: PUT THE ONAP PRIVATE NETWORK NAME / ID HERE
onap_private_net_cidr: 10.0.0.0/16
protected_private_net_cidr: 192.168.20.0/24
vfw_private_ip_0: 192.168.10.100
vpg_private_ip_0: 192.168.10.200
vpg_private_ip_1: 10.0.100.2
vsn_private_ip_0: 192.168.20.250
vpg_name_0: zdfw1fwl01pgn01 ( Leave as is - dummy value to be changed by SO in demo )
vnf_id: vPNG_Firewall_demo_app ( Leave as is - dummy value to be changed by SO in demo )
vf_module_id: vTrafficPNG ( Leave as is - dummy value to be changed by SO in demo )
repo_url_blob: https://nexus.onap.org/content/sites/raw ( Leave as is )
repo_url_artifacts: https://nexus.onap.org/content/repositories/releases ( Leave as is )
demo_artifacts_version: 1.2.1
install_script_version: 1.2.1
key_name: PUT THE KEYSTONE SSH NAME TO BE MAPPED TO THE VMs
pub_key: PUT THE PUBLIC SSH KEY PORTION OF THE KEYSTONE SSH NAME TO BE MAPPED TO THE VMs
cloud_env: PUT openstack OR rackspace HERE
Once the values that need to be filled out above, create two zip files containing the two HEAT packages we need to upload to the Portal SDC Widget in later steps.
Accessing the Portal GUI on your local browser (Kubernetes-based approach)
In order to setup your local machine to access the Portal Web GUI and continue with the steps of this documentation, please follow the instructions in Accessing ONAP Portal using OOM and a Kubernetes Cluster.
You should now be able to successfully view the Portal GUI Login page at http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm.
NOTE: It is recommended to access the Portal GUI through your browser's cookie-disabled window. In chrome, go on Incognito window with Ctrl + Shift + N. In Firefox, go on a Private window with Ctrl + Shift + P.
ONAP Portal Users and their Roles
As part of this demo, we will have to login to a number of different Portal user accounts in order to execute the appropriate flow to ultimately deploy the vFirewall VNFs into your OpenStack environment (NOTE: default password for all user accounts below is demo123456!)
Username | Role | Description |
---|---|---|
cs0008 | DESIGNER | Takes care of creating all the SDC resources, uploading the HEAT template, distributing the VNFs, etc.) |
demo | SUPERUSER | This is the Administrator account that has access to actions that require admin rights. This is the user that will trigger the action to ultimately deploy the VF Module (actual VNF HEAT Template execution). |
gv0001 | GOVERNOR | |
jm0007 | TESTER | Takes care of running the tests for the VNF, and approving that tests were successful. |
op0001 | OPERATOR |
Creating the Vendor License Model
In this part, we will create a Vendor License Model that will be tied to the Virtual Service Product (VSP) representing the vFirewall VNF package.
In a production VNF, every VNF vendor has a license mechanism that authorizes the use of the VNF in an environment. This includes license details and agreements that are between between this VNF vendor and the Service Provider that will ultimately deploy the VNF.
In this demo, we will create a VLM since it is a requirement to successfully onboard the VSP in your environment. The following are some details around the VLM, which will be executed in one way or another in later steps:
The vendor details have to always be provided as part of the VLM definitions, and such vendor only needs to be specified once.
In order to have a valid and functional VSP, a VLM needs to be mapped to it.
A single VLM can have multiple license agreements mapped to it.
VLM components that will need to be created are:
License Agreements:
Entitlement Pools:
Feature Groups:
License Key Groups: