Feedback for OOM

Here we can check and give feedback to findings of OOM users.

CI/CD for open source SMO

Louis Li (louis li <louis890404@gmail.com>) prepared slides about his findings and experience with the OOM deployment stored here:

Contributions - SMO - Confluence (o-ran-sc.org)

https://wiki.o-ran-sc.org/download/attachments/35881444/2024-1-10%20OSC%20IT-DEP%20SMO%20Deployment%20Upgrade.pdf?api=v2

Facts:

• it/dep project uses helm charts from the ONAP OOM project

  • By including onap_oom as a git submodule in it/dep code base

• The latest update for submodule onap_oom was in Nov 2022

  • With ONAP Jakarta release (released in June 2022)

Q&A

• Page 2: "Problem: Has ONAP Montreal finished its release cycle?"

  • yes, sign-off at 14.12.2023

• Page 3: "By default, the message router no longer exposes NodePort We expose this port for testing"

  • Could be also exposed via ingress by enabling it in values.yaml of DMAAP:

    message-router: ingress: enabled: true service: - baseaddr: "dmaap-mr-api" name: "message-router" port: *svc_port config: ssl: "redirect"

    
    
    

• Page 3: "Upgrades strimzi-operator from 0.28.0 to 0.36.1, Add podAntiAffinity to avoid deploying replica pods on the same node, We change strimzi replica count in helm override from 3 to 1 for single
  node Kubernetes"
  
  

  • is added to "Montreal" release: https://gerrit.onap.org/r/c/oom/+/136590

• Page 5: "Does ONAP Plan to Deprecate DMaaP MR?"

  • Yes, initially this was planned in London, but not implemented by all components (Policy, SDNC, DCAE,...)

  • Plans:
    
    

    • Policy: POLICY-4402: R14: DMaaP and Kafka updatesClosed

    • DCAE (some components) by DT

    • AAI

  • Still (in NewDelhi) missing component support:
    
    

    Open

    

  • Planned updates:

    • AAI

    • SO

    • Policy

    • some DCAE components

Fixes/Improvements

• Page 7: DMaaP mediator listens to MR topics

  • To be checked

• Page 8: Move configurations to Values file

  • Would gain more flexibility, but also much additional text in values.yaml

  • Possibly only certain variable fields could be exposed

• Page 9/10: No reusable nonrtric-common chart / Common Templates

  • good idea, also done in ONAP

  • but adds dependency

• Page 11: Remove nested chart variables

  • Or use "global.xxx" variables

• Page 12: YAML File Comparison

  • use "helm/k8s recommended labels" → absolutely correct

  • but allow to add own labels (e.g. "app", "version",...) in each chart or globally, as e.g. Istio, ArgoCD,... required special ones

• Page 13: Values File Changes
  
  

  • Service definitions in "values.yaml" depends in ONAP much on the template definition (see https://git.onap.org/oom/tree/kubernetes/common/common/templates/_service.tpl)

Additional Improvement ideas

Mail (Louis Li):

1. SDNC's dgbuilder is broken; it shows an UnsupportedClassVersionError when clicking "display graph". It seems that dgbuilder lacks an upgrade. Is dgbuilder still an active component, or has it been deprecated? (SDNC is using openjdk 17.0.6 [class version 55], while dgbuilder is using openjdk 11.0.18 [class version 61]. I think we need to upgrade the base image for dgbuilder's Dockerfile in `ccsdk-distribution` from openjdk11 to openjdk17.)

2. ONAP OOM uses the legacy Keycloak or WildFly version, while OSC OAM projects use the Quarkus version. I have noticed that the APIs of these two versions are not fully compatible. I am not familiar with Keycloak, but it seems that Quarkus is the trend?

   1. good idea → created ticket: OOM-3267: Update Keycloak to a new release (e.g. keycloakx)Closed

3. When trying to enable SDNC OAuth, SDNC reads the config file `/opt/onap/sdnc/data/oauth-aaa-app-config.xml`. Then I found the default config file in the SDNC image is not working. After comparing with the config used by OSC OAM, the image default uses `org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter/ODLHttpAuthenticationFilter2` for `anyroles` and `authcBearer`. However, these two classes do not exist in `opendaylight/aaa`. OAM uses `org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.AnyRoleHttpAuthenticationFilter/BearerAndBasicHttpAuthenticationFilter`, which is workable. I am not sure if this is a historical problem or not. Also, `/**/config/aaa*/**` needs to be changed to `/rests/**/aaa*/**`.

4. OOM SDNC can configure the OAuth provider in the values file; however, the example fields in the values file do not match with the valid configuration. Currently, the fields include: id, type, host, clientID, secret, scope, title, roleMapping. After reviewing `sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java` and referring to OAM's configuration, I think the correct fields might be: id, type, url, clientId, openIdConfigUrl, secret, scope, title, roleMapping, realmName, trustAll.