This wiki provides documentation regarding the design, capabilities and usage of the Chef Extension for APP-C.
The Chef Extension for APP-C allows management of VNFs that support Chef through the following two additions :
- An APP-C Chef Adapter
- Chef Directed Graph (DG)
Details of each of these two aspects are listed below :
1. Chef Directed Graph (DG):
Field | Value |
|---|---|
| module | APPC |
| rpc | chef |
| version | 3.0.0 |
The inputs that the Chef DG expects are listed below.
| Input Parameters to the Chef Directed Graph | |||
|---|---|---|---|
| Variable Name | Description | Type | Comments |
| chef-server-address | The FQDN of the chef server | Mandatory | Should be provided by App-C |
| chef-organization | The chef organization name | Mandatory | Should be provided by App-C |
| chef-username | the username of the chef organization | Mandatory | Should be provided by App-C |
| Environment | A JSON dictionary representing a Chef Environment object. If the VNF action requires loading or modifying Chef environment attributes associated with the VNF, all the relevant information must be provided in this JSON dictionary in a structure that conforms to a Chef Environment Object. | Optional | To be provided in template by VNF owner |
| Node | A JSON dictionary representing a Chef Node Object. The Node JSON dictionary must include the run list to be triggered for the desired VNF action by the push job. It should also include any attributes that need to be configured on the Node Object as part of the VNF action. | Mandatory | To be provided in template by VNF owner |
| NodeList | Array of FQDNs that correspond to the endpoints (VMs) of a VNF registered with the Chef Server that need to trigger a chef-client run as part of the desired VNF action. | Mandatory | To be provided in template |
| CallbackCapable | This field indicates if the chef-client run invoked by push job corresponding to the VNF action is capable of posting results on a callback URL. | Optional | To be provided in template by VNF owner |
RequestId | A unique string associated with the original request byONAP. This key-value pair will be provided by ONAP in the environment of the push job request and must be returned as part of the POST message. | Optional | To be provided by App-C |
| CallbackUrl | Currently not used | Optional | |
| retryTimes | The retry times to query the result of chef push job. | Mandatory | To be provided in template by VNF owner |
| retryInterval | The estimate duration to finish the push job. Measure by milliseconds. | Mandatory | To be provided in template by VNF owner |
| GetOutputFlag | Flag which indicates whether ONAP should retrieve output generated in a chef-client run from Node object attribute node[‘PushJobOutput’] for this VNF action (e.g in Audit) | Mandatory | To be provided in template by VNF owner |
| PushJobFlag | Flag which indicates whether ONAP should trigger the push job | Mandatory | To be provided in template by VNF owner |
| Output Variables set by chef DG | |
|---|---|
| Variable Name | Description |
| output.status.code | Result of the request : 400 if SUCCESS , 200 if FAILURE. |
| output.status.message | If Cookbook finished, set to corresponding message. If abnormal error, reported in message |
| output.status.results | A JSON dictionary with results corresponding to PushJobOutput. |
Example:
2. APP-C Chef Adapter :
a. Environment set:
- To connect to the chef server, app-c should load the chef server credential.
- The Chef server uses role-based access control to restrict access to objects—nodes, environments, roles, data bags, cookbooks, and so on. So we need load the user's private key to authenticate the permission.
App-c needs to pre-load the SSL certificate and user private key.
The file structure shows below.
chefServerSSL.jks file saves all the SSL certificates of chef server. In the chef server, please check the chef server setting file at /etc/opscode/chef-server.rb. The chef-server.rb declare where is the SSL certificate. Find the SSL crt file and use keytool to import certificate to the key store. The password of the chefServerSSL.jks is "adminadmin"
The user private key file should be saved under /opt/appc/bvc/chef/{{CHEF SERVER FQDN}}/{{ORGANIZATION NAME}} director and the file name should be {{username}}.pem. Please make sure this user have enough permission on the chef server.
6 Comments
Shubhada Vaze
Hi,
Cannot see the screenshots as the link provided for it is of att.
Regards,
Shubhada
Mayank Gupta
Hi Aaron Hay, Scott Seabolt
I Installed amsterdam release. my target is to configure chef server in appc. i found that chef adapter is present in amsterdam release.
Question:
Thanks,
Mayank Gupta
Mayank Gupta
Hi Randa Maher,
Please find some queries related to chef adapter -
Questions:
1. Where to put configuration related to chef server in APPC and how to verify that appc framework picks and initialize chef adapter correctly ?
2. how to design template for chef adapter for execution of cook-book or recipes ?
3. What entries need to inserted in DB to complete work flow ?
4. what request need to be sent by appc to chef server to execute cook book ?
5. do we need to put Node, Environment and NodeList files inside appc DB and mapped it to template?
Thanks,
Mayank Gupta
Jun Hu
Hi,
1. Where to put configuration related to chef server in APPC and how to verify that appc framework picks and initialize chef adapter correctly ?
Those two files is the config files in VM environment, in container environment you may need log into the container and change those files
chefServerSSL.jks file saves all the SSL certificates of chef server. In the chef server, please check the chef server setting file at /etc/opscode/chef-server.rb. The chef-server.rb declare where is the SSL certificate. Find the SSL crt file and use keytool to import certificate to the key store. The password of the chefServerSSL.jks is "adminadmin"
The user private key file should be saved under /opt/appc/bvc/chef/{{CHEF SERVER FQDN}}/{{ORGANIZATION NAME}} director and the file name should be {{username}}.pem. Please make sure this user have enough permission on the chef server.
Mayank Gupta
Hi Jun Hu,
I am not able to locate directory structure inside container.
I followed bellow link -
http://onap.readthedocs.io/en/latest/submodules/appc/deployment.git/docs/APPC%20Chef%20Adapter/APPC%20Chef%20Adapter.html
Also, there is no directory /opt/appc/bvc/chef and no files which stated in readTheDocs link.
I Installed appc using OOM.
Thanks,
Mayank Gupta
Mayank Gupta
Hi Randa Maher, Jun Hu, Scott Seabolt, Aaron Hay,
can anyone please help me out to get answers to above question?
Thanks,
Mayank Gupta