Declined by TSC as a stand-alone project TSC 2018-01-04. Recommended as a component of Active and Available Inventory Project
Project Name:
- Proposed name for the project: Image Manager
Project description:
Image Manager provides a reliable, logically centralized, user-friendly image management for ONAP at both the design time and run time. The managed objects include VM images, Docker images and software packages. By using image manager, ONAP users can upload images to ONAP system, manage images via Image Manager portal and distribute images to target VIMs on demand.
Usability:
ONAP modules can't get the image information easily at both the design time and run time because images are scattered in the VIMs. Image Manager addresses this problem by providing a centralized image catalog view and APIs for the other modules to access image information.
Manageability:
It’s very hard for ONAP user to figure out what images have been used by ONAP platform or uploaded to the VIMs. Image Manager addresses this challenge by providing a UI portal for ONAP user to manage images, including browse/upload/update/delete/distribute images.
- Performance:
Currently, If an image needs to be uploaded to multiple VIMs, it has to be done separately and manually via the VIM portals, which is inefficient(imagine there might be thousands of edge clouds). Image manager addresses this issue by providing a centralized view and the images can be distributed to multiple VIMs via the Image Manager portal, which is much more efficient.
Scope:
- Provide logically centralized management for images used by ONAP system, which includes VM image, Docker image, and application package.
- Provide APIs to upload images to ONAP system.
- Provide APIs to access the image catalog and image information in ONAP system.
- Provide a UI portal in which the ONAP user can upload/update/delete/distribute images.
Architecture Alignment:
- How does this project fit into the rest of the ONAP Architecture?
- Image Manager(IM) is a common service across design time and run time.
Onboard images to ONAP system:
Dispatch images to VIMs:
- Image Manager(IM) is a common service across design time and run time.
- What other ONAP projects does this project depend on?
- Multi-VIM
- MSB
- Integration
- How does this align with external standards/specifications?
- APIs/Interfaces - OpenAPI/Swagger
- Information/data models - Swagger JSON
- Are there dependencies with other open source projects?
- APIs/Interfaces - MariaDB
Other Information:
- link to seed code (if applicable)
- Vendor Neutral
- All proprietary trademarks, logos, product names, will be removed when submitting the seed codes.
- Meets Board policy (including IPR)
Use the above information to create a key project facts section on your project page
Key Project Facts:
Primary contact: li.zi30@zte.com.cn zhao.huabing@zte.com.cn
Facts | Info |
---|---|
PTL (first and last name) | |
Jira Project Name | Image Manager |
Jira Key | IM |
Project ID | Image Manager |
Link to Wiki Space |
Release Components Name:
Note: refer to existing project for details on how to fill out this table
Components Name | Components Repository name | Maven Group ID | Components Description |
---|---|---|---|
Image Manager | im | im | Image Manager |
Resources committed to the Release:
Note 1: No more than 5 committers per project. Balance the committers list and avoid members representing only one company.
Note 2: It is critical to complete all the information requested, that we help to fast forward the onboarding process.
Role | First Name Last Name | Linux Foundation ID | Email Address | Location |
---|---|---|---|---|
PTL | ||||
Committers | ||||
Zi Li | li.zi30@zte.com.cn | |||
Tao Shen | shentao@chinamobile.com | |||
Hu Yuan | yuan.hu1@zte.com.cn | |||
Contributors | ||||
Bo Lv | lv.bo163@zte.com.cn | |||
Qihui Zhao | ||||
Luman Wang | wanglm.bri@chinatelecom.cn | |||
Chen Yan | ||||
Eric Debeau | eric.debeau@orange.com | |||
Kaiyue Wang | wangkaiyue@chinamoblie.com |
31 Comments
Zi Li
This proposal has been discussed in both SDC weekly meeting and Architecture meeting.
SDC 6/11/2017 weekly meeting report
November 14
Andrei Kojukhov
Hi Zi Li,
I have a couple of questions regarding the picture:
Andrei
Zi Li
Hi Andrei,
Sorry for confusion about the 1,2,3 in picture, it refers to a series interface between Image Manager and other components. The pic have been updated. : )
You are right for the second question. There will be two ways to upload the images to image storage. One is upload from SDC, the other is upload from Image Manager Portal.
Thanks,
LiZi
Andrei Kojukhov
LiZi,
Tks, so (2) is not only query but also an upload - please update the picture interfaces
BR,
Andrei
Zi Li
Done for the interface between SDC and Image manger.
Thanks,
LiZi
Michael Lando
i have an issue with the diagram you provided for the flow.
the user will not upload the image directly to image storage.
no SP will allow image uploading without some sort of security scan.
you are missing a number of components in your flow,
you do not reference vnf sdk which is responsible for packaging and you are not referencing VVP which is responsible for the image scanning.
Zi Li
Hi Michael,
Thanks for your feedback. Yes, there should be flow about vnf sdk. I was just thinking of how the process would be with vnf sdk. After discuss with vnf sdk team, I will update that diagram.
Thanks,
LiZi
Michael Lando
you should also have a discussion with VVP since they are responsible for the image scanning.
in the end, vnf sdk are for vendors and they will not be pushing images directly to image repository.
Edan Binshtok
Hi Zi.
VVP includes image scanning so VVP can Push/forward the images into image manager.
Just for clarificartion VVP doesn't sit inside VNF SDK only VVP validation scripts which are not connected to image scanning.
Therefore it's not connected to the vnf sdk in this scenario and shouldn't be encapsulated inside of it.
Zi Li
Hi Edan,
Thanks for your reaching out. I have some questions about VVP. Where the image checking result will be stored? What is the output of image scanning? Is it a image with signing/certification? Is there any connection between VVP and SDC?
LiZi
Edan Binshtok
Great questions.
The results are stored on VVP DB.
One of the action items for the next release is determining the signatures + APIS for consumptions or results and implementing it.
Since you guys + SDC we'll probably be direct consumers let's talk it out and come out with a good solution.
Andrei Kojukhov
A VNF package on-boarding flow should be added - I did not see it in the Project proposal presentation. To my understanding this is by far a main scenario of using the Image manager.
Zi Li
Hi Andrei,
VNF package on-boarding is out of scope for Image Manager. SO/VF-C/VNFM will responsible for VNF package on-boarding.
Andrei Kojukhov
Not exactly. VNF package includes SW images locally or externally referred by metadata. SDC (or VVP) extracts the images, checking their integrity (digest) and authenticity (signature/certificate) before uploading the images into image repo/db. The Image manager is probably an end-point in the flow but we have to agree on it end-to-end involving different projects: as a minimum VNF-SDK, SDC, VVP and Image manager.
Manoj Nair
Couple of questions
Zi Li
Hi Manoj,
Thank you for your comments and suggestions. It helps
Andrei Kojukhov
Hi Zi Li,
You answer (4) relates to the end-2-end onboarding flow that I requested to develop with other teams (SDC is one). Your design time flow can be applicable for this purpose. You just need to separate the VNF-SDK and VVP, put more details about specific operation of each element and ask other projects to review the flow,
Also VVP should not issue an image certificate if an image is provided by a VNF vendor. VNF vendor issues it own signature/certificate or forwards a certificate of a 3-party image provider.
Andrei
Michael Lando
I think that the certification done in VVP is that tests executed on the vnf meaning that the tosca is valid and that the image is scanned for viruses.
vvp.
it is an addition to the certificate provided by the vendor.
Edan Binshtok
Edan Binshtok
Agreed. VVP should also support image signature since the service providers would most likely want to make sure internally (with VVP hosted on his side) the validity of the image on not rely solely on the vendor.
Andrei Kojukhov
Michael,
If you see the image scanning as part of the VNF certification tests (besides others like TOSCA validation etc.) that will be provided by the Citification/Validation Authority (VVP OAVVA or something) I agree with you but we have to clearly state this in the flow or dedicate a certification flow as part of VVP Project, That would be an ONAP certificate. We also need to figure out if and how ONAP would be CA.
However, there are use cases with multiple SP's where such scan can't be possible because of encryption where keys are shared between an image provider and an end-user SP.
Edan Binshtok
Zi Li, Manoj Nair
Regarding 2, you are right we at VVP came to the same conclusion with our run-time product.
Git is NOT a proper solution to store big files.
This is why we implemented and ceph/rados gatway with s3 bucket protocol specifically for image storing.
We'd love to share the tech details if you wish.
Andrei Kojukhov
Zi Li,
I feel that your run-time flow should be corrected. I'm confused by seeing that SO/VFC does a VNF package on-boarding instead of SDC.
SDC should always do a VNF package onboarding including all necessary validation and security check. Afterwards SDC distributes the whole CSAR or parts of it to all consumers (including SO/VFC)
Andrei
Michael Lando
as part of the ingestion of the vnf sdc will ingest the csar and upload the image to image repository.
from there so and vfc can retrieve it according to the info in the service distributed by sdc.
the sdc communication should be limited to the csar package this way we decouple the runtime from design time.
i do not think there should be a flow were vfc and so ask sdc to upload an image.
Andrei Kojukhov
Michael, So what is the VNF package onboarding arrow between UI and VFC/SO in the run-time flow above?
Viswanath Kumar Skand Priya
Hi Zi Li,
I have few queries..
BR,
Viswa
Srinivasa Addepalli
I understand from today TSC meeting that this project is no longer a proposed project. I also see here that it is moved to "Draft project" folder. Why is this change? Is it being combined with some other project? or is this functionality found to be not necessary?
HuabingZhao
I got feedback from the community that image manager is necessary for operators.
Stephen Terrill
Hi,
A question and a suggestion.
As a question, does SDC have to query VVP for validation or is that an example.
As a suggestion, the follows are described as part of the project scope. That means that are the flows that you have to deliver. I suggest you move them to the architecture alignment, and keep the scope simple. The scope should describe the project deliverables irrespective of the release.
Steve.
HuabingZhao
Hi Steve,
Thanks, I updated the proposal according to your suggestion.
Regarding the question, from what I got from SDC team, VVP will be part of Beijing and be used for VNF validation.
Jason Hunt
Thank you for the proposal. A few questions:
HuabingZhao
First question: Yes, there is no image management functionality in ONAP currently, images need to be manually uploaded to multiple VIMs in Amsterdam.
Second question: We have discussed that option with SDC team. They think SDC is in the design time, but image manager is a component should be in both the design time and run time.