vFW Closed Loop step-by-step

Material for running vFW closed loop

• ONAP.postman_collection.json: REST operations against ONAP component's endpoints;

• Powder lab ONAP.postman_environment.json: Environment file for Postman collection;

• vFWSNK.zip: Package that contains the Heat template and environment file for the vFirewall and vSink VNF components;

• vPKG.zip: Package that contains the Heat template and environment file for the vPacketGen VNF;

• vFWSNK_SDNC_preload.json: JSON file to upload to SDNC that overrides values in the environment file for the vFirewall and vSink VNF components;

• vPKG_SDNC_preload.json: JSON file to upload to SDNC that overrides values in the environment file for the vPacketGen VNF;

• VNF preload.xml: description of the VNF preload for SDNC

Open

Open

Open

Open

Open

Open

Setup the Environment

Modify /etc/hosts (UNIX) or C:\Windows\System32\Drivers\etc\hosts (Windows) by adding the following FQDNs:

155.98.37.45 portal.api.simpledemo.onap.org

155.98.37.35 policy.api.simpledemo.onap.org

155.98.37.34 sdc.api.simpledemo.onap.org

155.98.37.36 vid.api.simpledemo.onap.org

155.98.37.46 aai.api.simpledemo.onap.org

Create a Vendor Software Product

Designer - cs0008/demo123456! 

Onboard -> Add License Model

• License key group

• Entitlement group

• Feature group

• License agreement

• Check in - Submit 

Onboard -> Add Vendor Software Product (VSP)

• Compile form and save

• Click overview, then upload zip file

• Check in - Submit

Home

• Import VSP

• Create

• Submit for testing 

Tester - jm0007/demo123456!

Home

• Click on the VSP ready for testing

• Start testing

• Accept

Create a Service

Designer - cs0008/demo123456!

Home

• Add service

• Fill the form and click Create to create the service

• Click on Composition

• Select Application L4+

• Drag the VSP and drop it into the canvas

Tester - jm0007/demo123456!

Home

• Click on the service ready for testing

• Start testing

• Accept 

Governor - gv0001/demo123456!

Home

• Click on the service

• Approve for distribution

Operator - op0001/demo123456!

Home

• Click on the service

• Distribute

Instantiate a service

Admin - demo/demo123456!

VID

• Browse SDC model

• Deploy service

Preload A&AI (https://lf-onap.atlassian.net/wiki/display/DW/Tutorial_vIMS%3A+Create+AAI+cloud+account) 

AAI Postman headers

• Basic Authentication: AAI/AAI

• Accept: application/json

• Content-Type: application/json

• X-FromAppId: AAI

• X-TransactionId: get_aai_subscr

Add a new service to A&AI

• Generate UUID https://www.uuidgenerator.net/ (use version 4), e.g.: e8cb8968-5411-478b-906a-f28747de72cd

• PUT the new service in A&AI: {{aai_ip}}:8443/aai/v11/service-design-and-creation/services/service/e8cb8968-5411-478b-906a-f28747de72cd

vFW Service

{

"service-id": "e8cb8968-5411-478b-906a-f28747de72cd",

"service-description": "vFW"

}

Check: GET  (https) {{aai_ip}}:8443/aai/v11/service-design-and-creation/services

Create a new cloud region

PUT  (https) {{aai_ip}}:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/OpenStack/RegionOne

{

        "cloud-owner": "OpenStack",

        "cloud-region-id": "RegionOne",

        "cloud-type": "openstack",

        "owner-defined-type": "owner type",

        "cloud-region-version": "v2.5",

        "cloud-zone": "cloud zone",

        "tenants": {

                "tenant": [{

                        "tenant-id": "41d6d38489bd40b09ea8a6b6b852dcbd",

                        "tenant-name": "Integration"

                }]

        }

} 

Check: GET  (https) {{aai_ip}}:8443/aai/v11/cloud-infrastructure/cloud-regions

Create a new customer

PUT (https) {{aai_ip}}:8443/aai/v11/business/customers/customer/Demonstration

{

  "global-customer-id": "Demonstration",

  "subscriber-name": "Demonstration",

  "subscriber-type": "INFRA",

  "service-subscriptions": {

    "service-subscription": [

      {

        "service-type": "vFW",

        "relationship-list": {

          "relationship": [{

            "related-to": "tenant",

            "relationship-data": [

              {"relationship-key": "cloud-region.cloud-owner", "relationship-value": "OpenStack"},

              {"relationship-key": "cloud-region.cloud-region-id", "relationship-value": "RegionOne"},

              {"relationship-key": "tenant.tenant-id", "relationship-value": "41d6d38489bd40b09ea8a6b6b852dcbd"}

            ]

          }]

        }

      }

    ]

  }

}

Check: GET  (https) {{aai_ip}}:8443/aai/v11/business/customers

Create service instance and then VNF instance in VID (https://lf-onap.atlassian.net/wiki/display/DW/Tutorial+vIMS%3A+VID+Instantiate+the+VNF)

Preload VID

VID Postman headers

• Basic Authentication: demo/Kp8bJ4SXszM0WX

• Accept: application/json

• Content-Type: application/json

• USER_ID: demo

• X-TransactionId: robot-ete-bd65600d-8669-4903-8a14-af88203add38

• X-FromAppId: robot-ete

POST (http) {{vid_ip}}:{{vid_port}}/vid/maintenance/category_parameter/platform

{

  "options": ["Test-Platform"]

}

POST (http) {{vid_ip}}:{{vid_port}}/vid/maintenance/category_parameter/project

{

  "options": ["Test-Project"]

}

POST (http) {{vid_ip}}:{{vid_port}}/vid/maintenance/category_parameter/owningEntity

{

  "options": ["Test-Entity"]

}

POST (http) {{vid_ip}}:{{vid_port}}/vid/maintenance/category_parameter/lineOfBusiness

{

  "options": ["Test-Business"]

}

Preload SDNC (https://lf-onap.atlassian.net/wiki/display/DW/Tutorial_vIMS+%3A+SDNC+Updates)

• Create username and password: {{sdnc_ip}}:8843/signup

• Login: {{sdnc_ip}}:8843/login

• Preload topology information: {{sdnc_ip}}:8282/apidoc/explorer/index.html

  • Username/password: admin/Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U

  • POST /VNF-API/operations/VNF-API/preload-vnf-topology-operation

Instantiate VF Module via VID (https://lf-onap.atlassian.net/wiki/display/DW/Tutorial+vIMS%3A+VID+Instantiate+the+VNF)

Run heatbridge from Robot VM

• bash /opt/demo heatbridge <OPENSTACK_vFW_STACK_NAME> <Service_Instance_ID> <Service Type>

  • <OPENSTACK_vFW_STACK_NAME>: it's the base VF module name (and also the vFW VM name)

  • <Service_Instance_ID>: it's the service instance ID in the VID GUI

  • <Service Type>: vFW 

Create Mount Point in APPC (https://lf-onap.atlassian.net/wiki/display/DW/Automatically+Creating+a+Netconf+Mount+in+APPC+from+SDNC)

PUT  {{appc_ip}}:8282/restconf/config/network-topology:network-topology/topology/topology-netconf/node/${vpg_id}

• Username/password: admin/Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U

• Header: Content-type: application/xml

• ${prop.vpg_hostname} in the XML body is the VNF ID in the VID GUI (vPacketGen VNF Instance information button). Example of XML body:

<node xmlns="urn:TBD:params:xml:ns:yang:network-topology">

<node-id>${prop.vpg_hostname}</node-id>

<host xmlns="urn:opendaylight:netconf-node-topology">${prop.vpg_ipaddress}</host>

<port xmlns="urn:opendaylight:netconf-node-topology">2831</port>

<username xmlns="urn:opendaylight:netconf-node-topology">admin</username>

<password xmlns="urn:opendaylight:netconf-node-topology">admin</password>

<tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only>

<!-- non-mandatory fields with default values, you can safely remove these if you do not wish to override any of these values-->

<reconnect-on-changed-schema xmlns="urn:opendaylight:netconf-node-topology">false</reconnect-on-changed-schema>

<connection-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">20000</connection-timeout-millis>

<max-connection-attempts xmlns="urn:opendaylight:netconf-node-topology">0</max-connection-attempts>

<between-attempts-timeout-millis xmlns="urn:opendaylight:netconf-node-topology">2000</between-attempts-timeout-millis>

<sleep-factor xmlns="urn:opendaylight:netconf-node-topology">1.5</sleep-factor>

<!-- keepalive-delay set to 0 turns off keepalives-->

<keepalive-delay xmlns="urn:opendaylight:netconf-node-topology">120</keepalive-delay>

</node> 

Check from APPC if the vPacketGen is mounted correctly

Connect to: {{appc_ip}}:8282/apidoc/explorer/index.html

• Username/password: admin/Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U

• Mounted Resources/PacketGen-vnf-id/sample-plugin(date)

  • The get operation should return the running streams: GET yang-ext:mount/sample-plugin:sample-plugin/pg-streams

• Logs in APPC VM:

  • /var/log/onap/appc/karaf.log

• Logs in Policy VM:

  • /var/log/onap/policy/pdpd/network.log

  • /var/log/onap/policy/pdpd/error.log

  • kubectl exec -it dev-drools-0 -n onap -- bash -c "tail -f /var/log/onap/policy/pdpd/network.log"

Update the Operational Policy

The Operational Policy needs to know the invariant UUID of the vPacketGen.

• Download the CSAR file of the vFW service from SDC

• Get the vPacketGen invariant UUID from {CSAR_HOME}/Definitions/service-VfirewallTest1106-template.yml or as model-invariant-id in the Generic VNF in AAI

  • VfirewallTest1106 is the name of the service in the SDC catalog

• Run the update-vfw-op-policy.sh script by providing:

  • IP of the Policy VM

  • vPacketGen invariant UUID

  • Path to the private key of the Policy VM

For OOM Beijing, policies must be loaded first (https://lf-onap.atlassian.net/wiki/display/DW/Policy+on+OOM):

• Login to PAP

• Copy push-policy.sh to a non read-only directory

  • cp /tmp/policy-install/config/push-policies.sh /tmp/policy-install

• Change vFW policy resourceID in /tmp/policy-install/push-policies.sh to reflect the real vPacketGen model-invariant-id, e.g.:

  • sed -i "s/Eace933104d443b496b8.nodes.heat.vpg/02c953b7-e626-4e16-9874-6191572949a0/g" push-policies.sh

• From Rancher VM, run: kubectl exec -it dev-pap-7ff989696d-s86wj -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /tmp/policy-install/push-policies.sh"

Event monitoring

VES reporting: {{mr_ip}}:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT/mygroup/myid?timeout=5000

ONSET events to Policy: {{mr_ip}}:3904/events/unauthenticated.DCAE_CL_OUTPUT/mygroup/myid?timeout=5000

In OOM, the port number is 30227