2019-04-04 AAI Developers Meeting

New AAF Certificates at startup

Jimmy Forsyth 

In Progress

24th Jan 2019

AAF will generate certificates to the be used by the containers at startup; AAI services should use the run-time generated certs instead of the ones that are in the repos or oom charts.

In dublin the services will mount a volume with certificates. This is on the roadmap for Dublin as a feature.

• is this for all service and/or HAProxy?

• Where are the certificates coming from (OOM/gerrit/generated by AAF)
  
  

Shared Cassandra Database

@Mahendra Raghuwanshi

@Roger Maitland

In Progress

14th March 2019

Regarding https://lf-onap.atlassian.net/browse/OOM-1652 / https://lf-onap.atlassian.net/browse/OOM-1676 / https://lf-onap.atlassian.net/browse/OOM-1186 / https://lf-onap.atlassian.net/browse/OOM-1187 / https://lf-onap.atlassian.net/browse/OOM-1194 / https://lf-onap.atlassian.net/browse/OOM-1199:

• Is this something AAI team needs to be aware of? Or is it OK for OOM team to just switch it around?

• Will this introduce unexpected dependencies between AAI, AAF, OOF, Portal and SDC that will create difficulties for upgrade/downgrade/backup/restore/maintenance/schema change?

• Is it going to exacerbate the performance problems already noted?

A number of gerrit review issues raised: https://gerrit.onap.org/r/#/c/79425/

The "rolling upgrade" change has been combined with the "shared cassandra" change.

The "shared cassandra" change has been combined with the "AAF shared cassandra" change, which means it's also combined with the "AAI shared cassandra" change.

This sounds like a recipe for disaster.

18th Mar: New patchsets to address our concerns https://gerrit.onap.org/r/#/c/82418/

ETSI SOL 005

@t

In Progress

RE: Support ETSI NFV-SOL 005 (Os-Ma-Nfvo ref point ) between SO & VF-C/NFVO

Hi AAI team,

 Can you please review the patches regarding the SOL 005 requirements?

 Here are the gerrit links

1.  https://gerrit.onap.org/r/#/c/82892/

2.  https://gerrit.onap.org/r/#/c/82935/

3.  https://gerrit.onap.org/r/#/c/82948/

 Best Regards

Bharath T

26th Mar: Also needs https://lf-onap.atlassian.net/browse/AAI-2278

Return codes and messages for WS

@Former user (Deleted)

In Progress

28th Feb 2019

Is there a guide for the description of the error message and the error codes? How are new error states (message + code) added?

Image footprint reduction as part of CIA project

@Paul-Ionut Vaduva

In Progress

7th Feb 2019

Reduction in size is mostly onf aai-common image as that based on ubuntu.

2/7 - Move the base image to be a part of ONAP Build, maybe aai-common repo

Move the aai-common Dockerfile RUN into the resources, traversal, graphadmin, cacher, schema service microservice

26th Mar: Also https://lf-onap.atlassian.net/browse/AAI-2235

Change PNF to use pnf-id as unique key

@Benjamin Cheung

@Chesla Wechsler

@David Perez Caparros

@Former user (Deleted)

@Matthieu Geerebaert

In Progress

7th March 2019

Potentially breaking change: https://lf-onap.atlassian.net/browse/AAI-2096 / blocked by https://lf-onap.atlassian.net/browse/ONAPARC-409

See also:

• Proposal to Change AAI PNF Entity to use PNF-ID as key

• AAI R4 Use Case and Functional Requirements Impacts

• Suggestion in comment Re: AAI REST API Documentation - Dublin

Questions:

• how to minimise impact of the transition from pnf-name as unique to pnf-id as unique key?

  • would the v14 URL be different from the v15 URL? would both paths be equally supported for GET/PUT/etc?

• what forwards-compatibility or backwards-compatibility will be supported?

• how to migrate forwards or backwards database versions, ONAP versions, etc, across this transition?

• who is going to implement it? Test it?

• what is the impact of this not going ahead?

OOM Artifacts

@Former user (Deleted)

Open

Some of our top level OOM deployment artifacts are not unique (i.e. don’t take namespace into account as all other deployables), is that intentional?

AAI too slow for OOF/HAS

@Keong Lim

Open

Under OOF Homing and Allocation Service (HAS) section, @Dileep Ranganathan wrote about Project Specific enhancements:

Optimize - AAI cache

• Use MUSIC or any other alternative in memory caching like Redis etc?

• Optimize flavor retrieval from A&AI and Cache the information if necessary

See also https://lf-onap.atlassian.net/browse/OPTFRA-268 / https://lf-onap.atlassian.net/browse/OPTFRA-291

Similarly to the "AAI too slow for Holmes" item below, this introduction of extra caching of AAI data is a worrisome development and sad indictment of the performance of the system architecture.

What can we do about this?

Would the AAI Cacher https://lf-onap.atlassian.net/browse/AAI-1337 help to improve performance?

MultiCloud usage of AAI for HPA telemetry/time-series data to OOF

@Keong Lim

Open

@Bin Yang and @Lianhao Lu (Deactivated) wrote in https://lf-onap.atlassian.net/browse/MULTICLOUD-274:

HPA telemetry data collection and make it persistent in A&AI, from which OOF can leverage during its decision making process.

and

1.  Multi-cloud to collect the data from time-series data services like Prometheus (http://prometheus.io) or openstack Gnocchi, and push them to A&AI based on the data recording & aggregation rules.

and

The reason why we propose here is that VES mechanism doesn't store the telemetry data into A&AI. And OOF now can only get those kind of data from A&AI.

Some concerns:

• how much additional load will this place on AAI?

• will AAI cope with this load?

• is AAI suitable for "time-series data"?

• is "telemetry data" considered to be "active & available inventory"?

• should OOF access the telemetry/time-series data via other means (not AAI)?

• AAI API latency (4~6 second per request as benchmarked in CMCC lab) could be a problem

Orchestration Scenarios for VNFs

@Keong Lim

Open

Comments on Orchestration Scenarios related to AAI:

@Viswanath Kumar Skand Priya / @kspviswa said:

Thank you @Ranny Haiby & @Fernando Oliveira . I agree partly, but I still have following queries.

• I agree & acknowledge that atleast for a foreseeable future, we would need a way to specify the VNFM / NFVO as part of "Design Decision", which I believe can be reflected as part of VNFD/NSD ( using some special attribute ) or as part of internal Model that SDC might build before distributing the same. SO can then use this hint to select relevant actors. My only question is, why this has to be maintained in AAI which is exclusively for runtime record? All AAI cares about is what is running in the network irrespective of how that got orchestrated. Isn't it ?

On a broader note, I would like to understand what's the original intent of AAI ( atleast in ECOMP world ) ? Are we simply assuming that, just because AAI has "available inventory" in its name, we are expecting it to keep track of cloud inventory realtime ? Because our entire story ( including the new G-FPS proposal ) is based on this assumption. Can anyone from AAI team or ATT clarify on this ?

Because AFAIK, AAI neither has the schema to host such available inventory, nor the MC has the pub/sub or polling mechanism ( today ) to refresh the cloud inventory inplace. Ofcourse those can be scoped for further releases, but my original question is, was that the original intent behind AAI or are we now including it in the scope?

and @Fernando Oliveira replied:

For the first question: I think that A&AI needs to maintain the VNF instance ↔ VNFM instance and the NS instance ↔ NFVO instance relationship for subsequent life cycle operations, i.e. a scale or heal operation.  The path would be something like Event (VNF Instance, Busy)  → DCAE (policy for VNF instance) → Policy Evaluation (VNF instance, Scale-out)  → SO (VNF instance, Scale-out) → A&AI (find VNFM instance for the VNF instance) → SO (VNF instance, VNFM instance, Scale-out) → SOL003 Adapter (VNFM instance, VNF instance, Scale-out) → VNFM instance (VNF Instance, Scale-out).

As I understand, ESR has "esr-vnfm-list", which has an "esr-vnfm", which has "esr-system-info-list", which has "esr-system-info", which has a "relationship-list" that can contain relationships to "generic-vnf" and other AAI objects.

The "generic-vnf" object also contains "self-link", "ipv4OamAddress", "ipv4OamGatewayAddress", etc, which links the AAI object back to its "source-of-truth" external-system.

Is there some new data, new schema or new API that is required on top of this?

@Fernando Oliveira; Apologies for my lack of knowledge, but a few comments:

1. For the VNF/VF ↔ VNFM case, I think that there needs to be a reference from a VNF/VF instance record to the specific instance of the VNFM that was used to deploy the VNF/VF. If there is already such a reference from the VNF/VF through the ESR to the specific item on the esr-vnfm-list, then I think that would be sufficient. If not, I think that would be a new requirement.

2. For the Service ↔ NFVO case, Is there an equivalent NFVO/Orchestrator list in the ESR? The esr-nfvo-list would need the same set of info as the VNFM case. If the esr-nfvo-list does exist, I think that there needs to be a reference from the Service Instance record to the specific NFVO instance that deployed the Service. Is there such a reference? If not, I think that would be a new requirement.

@Bo Lv can comment more on the current ESR capabilities, but I believe there are only 3 kinds of systems so far: EMS, VNFM and third-party SDNC.

ESR could be extended to handle VNFO as another kind of system.

@Fernando Oliveira : I created JIRA stories:

• https://lf-onap.atlassian.net/browse/ONAPARC-388

• https://lf-onap.atlassian.net/browse/ONAPARC-389

• https://lf-onap.atlassian.net/browse/ONAPARC-390

for various parts of the scenario.

@t is this item related to your question for Support ETSI NFV-SOL 005 (Os-Ma-Nfvo ref point ) between SO & VF-C/NFVO?

@Keong Lim it is related to the question

AAI test data bootstrap

@Keong Lim

Open

Looking at AAI usage in OOF - HPA guide for integration testing by @Dileep Ranganathan, wondering whether there is a better way to bootstrap AAI test data?

Note: Required only if the Multicloud has no real cloud-regions and HPA discovery cannot happen.

If Multicloud team has data for creating the Cloud-region and doesn't have the HPA, then please update the existing data with the flavors with HPA.

1. Import the postman collection CASABLANCA_AAI_postman.json

2. To add/remove HPA Capabilities edit the flavors section in the body of PUT Cloud-Region{x}

3. Once all the necessary Use postman to add the complex and cloud regions in the order specified below
   (snip screenshot of specific sequence)

4. Use the GET requests to verify the data.
   (snip screenshot of specific sequence)

Similarly, @Scott Seabolt and @J / @Joss Armstrong wrote for APPC Sample A&AI Data Setup for vLB/vDNS for APPC Consumption and Script to load vLB into AAI:

The below put_vLB.sh script can be used to submit the vLB data to A&AI in order to run ConfigScaleOut use case. This script and referenced JSON files are used on an AAI instance where the cloud-region and tenant are already defined.

Similarly:

• https://lf-onap.atlassian.net/browse/TEST-133

• https://lf-onap.atlassian.net/browse/INT-705

• vCPE Use Case Tutorial: Design and Deploy based on ONAP

Related https://lf-onap.atlassian.net/browse/AAI-1948 on the brittleness of the ReadTheDocs links to data files.

One for VIM: How-To: Register a VIM/Cloud Instance to ONAP and https://lf-onap.atlassian.net/browse/AAI-1928

Potential issues:

• fragility of static import data file w.r.t. schema changes and version upgrades for each ONAP release?

• how "common" is this knowledge, i.e. what to load, where to get it, who else should be using it, etc?

• should it be automated/scripted, rather than manual steps to bootstrap?

• should it be a simulator program or test harness, rather than a static data file?

• should it reside within AAI CI/CD jobs for maintenance and upgrade of schema versions?

• who maintains the data itself? Is there a "data repository" which can be delegated to other teams, e.g. like documentation repository links in git?

• how many other teams have similar private stashes of AAI bootstrap data?

• does it need to be published at a stable URL to avoid linkrot?

Purpose of fields in AAI

@Keong Lim

Open

@Dénes Németh wrote in https://lf-onap.atlassian.net/browse/AAI-1104:

In think it would be good to answer what is the meaning of the field (collection of PEMs of the CA xor URL)

Questions:

1. Is AAI intended to strictly prescribe how the fields are used and what contents are in the values?
2. Or does AAI simply reflect the wishes of all the client projects that use it to store and retrieve data?

Even if (1) is true, AAI is not really in any position to enforce how clients use the data, so really (2) is always true and we need to consult the original producers of the data and the ultimate consumers of the data to document their intended meanings.

How do we push to have documentation on the purpose and meaning of the fields in AAI?

Where does all this documentation go?

Should the documentation be backed up by validation code?

See also discussion about AAI in 2018-11-28 ExtAPI Meeting notes

29th Nov: Started on new wiki page AAI Schema Producer-Consumer Pairings

range query

@Keong Lim

In Progress

7th Feb 2019

• if I had some AAI data with attributes that are strings but nominally contain date/timestamps, is there a way to query for a particular range of values?

• is there a way to do partial match? regex?
  PUT /aai/v13/query?format=raw

  {"gremlin": "g.V().has('aai-ts', org.janusgraph.core.attribute.Text.textContains('URL'))"}

  https://github.com/JanusGraph/janusgraph/blob/master/janusgraph-core/src/main/java/org/janusgraph/core/attribute/Text.java

AAI Backup and Restore

@Keong Lim

On Hold

10th Jan 2019

@FREEMAN, BRIAN D asked on Re: Backup and Restore Solution: ONAP-OOM :

what would be the approach to backup an entire ONAP instance particualarly SDC, AAI, SDNC data ? would it be a script with all the references to the helm deploy releases or something that does a helm list and then for each entry does  the ark backup ?

What is the AAI strategy for backup and restore?

What is the overall ONAP strategy for backup and restore?

Should it be unified with the data migration strategy as per "Hbase to Cassandra migration" on 2018-11-14 AAI Meeting Notes?

Jimmy didn't directly raise the topic but there was movement - @Keong Lim asked "if istio service mesh is a no-go, is there a replacement for secure onap communications?
is backup/restore/upgradability included in s3p?"

@Michael O'Brien replied that a reference tool set for backup and restore was introduced in Casablanca:  Backup and Restore Solution: ONAP-OOM

@Mike Elliott said he would look at Brian's question, AAI will provide support as needed.

aai-cassandra performance issues

@Keong Lim

On Hold

10th Jan 2019

@Michael O'Brien has documented performance issues in aai-cassandra:

• Cloud Native Deployment (search for LOG-376 to find the specific references to AAI)

• https://jira.onap.org/browse/LOG-376?focusedCommentId=29358&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-29358

hector has discovered that the stress test jar (liveness probe?) in aai-cassandra is hammering the cpu/ram/hd on the vm that aai is on - this breaks the etcd cluster (not the latency/network issues we suspected that may cause pod rescheduling)

Is there something that should be tweaked in AAI config? Or documentation on the recommended setup to run the VM?

I'll come to the next AAI meet (conflicts with pomba meet) -

https://lf-onap.atlassian.net/browse/LOG-376

20190108 work continues to find the cause - I see 7 vCore spikes on cassandra as well as a saturated logstash on that particular vm - we are no longer a DaemonSet (13 instances on a 13+1 cluster) - I will reduce the current ReplicaSet from 5 to 2 or 1 until I can label the nodes and/or find out what is causing ls to saturate - @Prudence Au and Sanjay Agraharam mentioned cassandra - I have seen cs high on several "top" sessions - will post screen caps - bottom line is correlation - I have a 2nd cluster where I can just run aai,dmaap and log

LOG Meeting Minutes 2019-01-15

https://lf-onap.atlassian.net/browse/LOG-915

On-hold for 3 weeks (end of January) - if until then no performance issues reported agenda item will be closed

get notified of AAI Cassandra issues automatically

@Keong Lim

In Progress

24th Jan 2019

@Mike Elliott wrote in OOM Meeting Notes - 2018-12-5

f. AAI team wanted to get notified of AAI Cassandra issues automatically
                i. Can we setup a Nagios or equivalent to monitor both rancher/k8 and the applications for rancher/k8 issues ?

Keep an eye out for new issues!

Question: @Keong Lim should this be part of a larger A&AI monitoring and failure prevention initiative

Modeling team R4 discussion, including extra AAI attributes in a model-driven way

@Keong Lim

In Progress

15th Nov 2018

Modelling team having Service Instance thoughts by Chesla Wechsler, which will affect AAI schema.

Also referred from comments on ONAP R4+ Service Modeling Discussion Calls

9)“vhn-portal-url”?“Bandwidth”,"QoS","SLA",etc, attribtutes that not all the services need but still need to be stored in certain service instance: stored as a schemaless field on the service-instance vertex (Chesla will follow up) (my concerns: according to the call, is that ok if we set a "global-type of service" and a "customized-type of service", then mapped it with internal descriptor, and A&AI's model only stores global type in service instance's schema, but stores the customer-faced attributes of service in a schemaless way? Chesla Wechsler @Kevin Scaggs @Andy Mayer)

See also Modeling 2018-11-13

The service-instance already uses a "metadata" relationship, which can store an arbitrary list of key-value pairs, but perhaps AAI should extend the use of the "properties" element, which is also an arbitrary list of name-value pairs or the "extra-properties" element, which is also an arbitrary list of name-value pairs.

15th Nov: Having seen Chesla's presentation, it should be called "Model-driven schema" rather than "schemaless" behaviour, since the idea is that the changes are controlled by SDC modelling. Seems aligned to the eventual goal in AAI Schema Service Use Case Proposals and AAI Schema Service.

2 Types of logging in A&AI WS

@Former user (Deleted)

On Hold

1st Nov 2018

There are 2 types of logging in the services

• one read from EELFManager

• the other Logger log = Logger.getLogger( ...

Is that correct? Shouldn't there be just 1 type?

1st Nov:

After Casablanca release investigate logging guidelines and figure out what library to use in order to unify logging within A&AI

26th Nov: See also ONAP Application Logging Specification - Post Dublin

29th Nov: how does this fit with https://lf-onap.atlassian.net/browse/LOG-877 ?

Disable unused web services

(see also Helm chart requested values)

@Former user (Deleted)

In Progress

20th Dec 2018

Could we disable unused (i.e. not integrated) A&AI web services, so that the deployment is faster and the resource footprint is smaller? e.g. Champ (any other ws?)

Motivation: Decrease the resource footprint for A&AI (ONAP) deployments

Idea: we could support 2 different deployments 1. full (normal) deployment and 2. barebones deployment. The point of the "barebone" deployment would be to deploy only the essential services necessary for proper functioning of A&AI (leaving out services like cacher, sparky, graphadmin, having 1 cassandra node instead of 3 or 5 etc).

In order to reduce hardware/cloud costs (mainly the memory footprint) it could be beneficial to support a minimalistic A&AI deployment.

1st Nov:

@Venkata Harish Kajur @Former user (Deleted) - investigate how to disable/enable charts in A&AI so we can create a core group of pods which handle the use-cases and than extended group will all the services. Consider a group of unused/unintegrated services (like Champ). Consider other possible groups (like GUI?)

AAI Champ

@Former user (Deleted)

In Progress

1st Nov 2018

1. Who is responsible for the project?

2. What is the roadmap for the project?

3. Who will do the integration?

AAI HAProxy and 2-way-TLS

@Former user (Deleted)

In Progress

29th Nov

Technical solution to either decommission the proxy or make design changes to AAF to enable client side certificates.

After VF2F we will know if this is a requirement in Dublin. We discuss after this date.

question raised: MSB - would client authentication be supported?

15th Dec: https://lf-onap.atlassian.net/wiki/display/DW/Pluggable+Security#PluggableSecurity-7.10Identifiedandsupportedpatternsandfeatures

named-query replacements

@James Forsyth