Page History

...

Expand

title	netbox mS Capability [ccsdk]

Expand

title	netbox mS Capability [HELM Chart]

The work bellow is based on the following git repository, providing netbox docker images: https://github.com/ninech/netbox-docker

The Netbox helm chart has been submitted in OOM, the code can be found here: https://github.com/onap/oom/tree/master/kubernetes/contrib/charts/netbox

This helm chart is comprised of three subcharts, being:

netbox-app: provides the IPAM capability we're seeking for current selected use cases (vFW).
netbox-nginx: reverse proxy exposing IPAM system in a secure fashion (using NodePort).
netbox-postgress: backend database persisting the Netbox data. Currently a deployment, should be converted to statefull set using StorageClass.

Regarding the netbox-app, this charts come with possibility for customization. The folder tree structure is the following:

Code Block

.
??? config
    ??? configuration				Those are configuration scripts coming from Netbox itself, they remained un-touched.
    ?   ??? configuration.py
    ?   ??? gunicorn_config.py
    ?   ??? ldap_config.py
    ??? initializers				Those YAML files are where we can added so pre-provisioning data, such as user or custom fields.
    ?   ??? custom_fields.yml
    ?   ??? groups.yml
    ?   ??? users.yml
    ??? provisioning				This defines the entrypoint of netbox-app deployment, that will provision prefix to support vFW use case.
    ?   ??? provision.sh
    ??? startup_scripts				Those scripts are provided by Netbox itself, they remained un-touched.
        ??? 00_users.py
        ??? 10_groups.py
        ??? 20_custom_fields.py

In order to test Netbox locally using this helm chart, here are the steps to follow:

Code Block
git clone https://gerrit.onap.org/r/oom cd oom/kubernetes helm serve & make contrib helm install local/contrib --name netbox --namespace $NAMESPACE

This will result in installing the 3 charts, and run the job that will provisioned Netbox for us.

Ouput of the helm install should look like the following:

Code Block

$ helm install local/contrib --name netbox --namespace onap-adetalhouet
NAME:   netbox

LAST DEPLOYED: Tue Aug 28 14:30:57 2018
NAMESPACE: onap-adetalhouet
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                                        DATA  AGE
netbox-netbox-app-configuration-configmap   3     1s
netbox-netbox-app-initializers-configmap    3     1s
netbox-netbox-app-startupscripts-configmap  3     1s
netbox-netbox-app-provisioning-configmap    1     1s
netbox-netbox-nginx-config-configmap        1     1s
netbox-netbox-postgres-docker-entry-initd   0     1s

==> v1/PersistentVolumeClaim
NAME                    STATUS   VOLUME                                    CAPACITY  ACCESS MODES  STORAGECLASS  AGE
netbox-netbox-static    Pending  nfs-dev-sc                                1s
netbox-netbox-postgres  Bound    pvc-8193e062-aaf0-11e8-beaa-f40343575464  1Gi  RWX  nfs-dev-sc  1s

==> v1/Service
NAME             TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)         AGE
netbox-app       ClusterIP  10.43.179.246  <none>       8001/TCP        1s
netbox-nginx     NodePort   10.43.136.76   <none>       8080:30269/TCP  1s
netbox-postgres  ClusterIP  10.43.64.155   <none>       5432/TCP        1s

==> v1beta1/Deployment
NAME                    DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
netbox-netbox-app       1        1        1           0          1s
netbox-netbox-nginx     1        1        1           0          1s
netbox-netbox-postgres  1        1        1           0          1s

==> v1/Job
NAME                            DESIRED  SUCCESSFUL  AGE
netbox-netbox-app-provisioning  1        0           1s

==> v1/Pod(related)
NAME                                    READY  STATUS   RESTARTS  AGE
netbox-netbox-app-f54cd84d5-g6xr2       0/1    Pending  0         1s
netbox-netbox-nginx-5d4f86ffcf-qlkhc    0/1    Pending  0         1s
netbox-netbox-postgres-76857df45-5jjm9  0/1    Pending  0         1s
netbox-netbox-app-provisioning-26stg    0/1    Pending  0         1s

==> v1/Secret
NAME                    TYPE    DATA  AGE
netbox-netbox-app-pass  Opaque  6     1s

Expand

title	netbox mS Capability [IPAM DB Creation SDN-C]

These are the tables to create:

Table	Columns
ipam_ip_pool	ipam_serial_pool_id	create_date	prefix	prefix_id	address_family(v4/v6)	prefix_status:Pending, Activate, Delete	description (vfw-protect, or vfw-unprotected)	region (RegionOne, RegionTwo)
ipam_ip_assignment	ipam_serial_ip_assignment_id	create_date	service_instance_id	vf_module_id	ip_adress	ip_address_type (vip, fixed, floating etc..)	prefix_id (string)	ip_address_id (string)	ip_status	ip_response

These are the tables we created:

Code Block

mysql> show columns from IPAM_IP_ASSIGNEMENT;
+---------------------+--------------+------+-----+-------------------+----------------+
| Field               | Type         | Null | Key | Default           | Extra          |
+---------------------+--------------+------+-----+-------------------+----------------+
| ipam_ip_uuid        | int(11)      | NO   | PRI | NULL              | auto_increment |
| create_date         | datetime     | NO   |     | CURRENT_TIMESTAMP |                |
| service_instance_id | varchar(255) | YES  |     | NULL              |                |
| vf_module_id        | varchar(255) | YES  |     | NULL              |                |
| prefix_id           | varchar(255) | YES  |     | NULL              |                |
| ip_address_id       | varchar(255) | YES  |     | NULL              |                |
| ip_address          | varchar(255) | YES  |     | NULL              |                |
| ip_address_type     | varchar(255) | YES  |     | NULL              |                |
| ip_status           | varchar(255) | YES  |     | NULL              |                |
| ip_response_json    | varchar(255) | YES  |     | NULL              |                |
+---------------------+--------------+------+-----+-------------------+----------------+
10 rows in set (0.00 sec)mysql> show columns from IPAM_IP_POOL;
+----------------+--------------+------+-----+-------------------+----------------+
| Field          | Type         | Null | Key | Default           | Extra          |
+----------------+--------------+------+-----+-------------------+----------------+
| ipam_pool_uuid | int(11)      | NO   | PRI | NULL              | auto_increment |
| create_date    | datetime     | NO   |     | CURRENT_TIMESTAMP |                |
| prefix_id      | int(2)       | YES  |     | NULL              |                |
| prefix         | varchar(255) | YES  |     | NULL              |                |
| address_family | int(1)       | YES  |     | NULL              |                |
| prefix_status  | varchar(255) | YES  |     | NULL              |                |
| description    | varchar(255) | YES  |     | NULL              |                |
+----------------+--------------+------+-----+-------------------+----------------+

There is a possibility to hook the prefix with the following notion: site, vft, tenant, vlan. For now, I kept things very simplistic.
Casablanca:
Robot to create the prefix.
Robot to delete the prefix.

Expand

title	netbox mS Capability [pre-provisioning scripts]

Three main things are achived durig pre-provisioning:

Create an admin onap user, as follow. This is part of the netbbox-app chart resources file: config/initializers/users.yml.

Code Block

onap:
    first_name: Steve
    last_name: McQueen
    email: steve.mcqueen@onap.org
    password: onap123$
    api_token: onceuponatimeiplayedwithnetbox20180814
    is_staff: true # whether user is admin or not, default = false
    is_active: true # whether user is active, default = true
    is_superuser: true # Whether user has all edit rights or not, default = false

Create an custom_fields being client_key in order to uniquely identify the resource with a key generated by ONAP. This is part of the netbbox-app chart resources file: config/initializers/custom_fields.yml.

Code Block

text_field: 
  description: "The client-key uniquely identify the resources to a service within ONAP."
  filterable: true
  label: client-key
  on_objects: 
    - ipam.models.IPAddress
  required: true
  type: text
  weight: 0

The following script creating the prefixes and some objects within Netbox:

Code Block

#!/bin/bash

# Create region

echo "Create region: RegionOne"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/regions/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "RegionOne",
  "slug": "RegionOne"
}'

# Create tenant group

echo "Create tenant group: ONAP group"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenant-groups/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "ONAP group",
  "slug": "onap-group"
}'

# Create tenant

echo "Create tenant ONAP in ONAP group"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenants/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "ONAP",
  "slug": "onap",
  "group": 1,
  "description": "ONAP tenant",
  "comments": "Tenant for ONAP demo use cases"
}'

# Create site

echo "Create ONAP demo site: Montreal Lab"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/sites/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Montreal Lab D3",
  "slug": "mtl-lab-d3",
  "region": 1,
  "tenant": 1,
  "facility": "Campus",
  "time_zone": "Canada/Atlantic",
  "description": "Site hosting the ONAP use cases",
  "physical_address": "1 Graham Bell",
  "shipping_address": "1 Graham Bell",
  "contact_name": "Alexis",
  "contact_phone": "0000000000",
  "contact_email": "adetalhouet89@gmail.com",
  "comments": "ONAP lab"
}'

# Create prefixes

echo "Create Prefix for vFW protected network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "192.168.20.0/24",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for protected network - vFW use case"
}'

echo "Create Prefix for vFW unprotected network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "192.168.10.0/24",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for unprotected network - vFW use case"
}'

echo "Create Prefix for ONAP general purpose network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "10.0.0.0/8",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for ONAP - general purpose"
}'

Expand

title	netbox mS Capability [IPAM DB Creation SDN-C]

Table Columns

ipam_ip_pool ipam_serial_pool_id create_date prefix prefix_id address_family(v4/v6) prefix_status:Pending, Activate, Delete description (vfw-protect, or vfw-unprotected) region (RegionOne, RegionTwo)

ipam_ip_assignment ipam_serial_ip_assignment_id create_date service_instance_id vf_module_id ip_adress ip_address_type (vip, fixed, floating etc..) prefix_id (string) ip_address_id (string) ip_status ip_response

Expand

title	netbox mS Capability [pre-provisioning scripts]

Action Verb URI JSON payload (Bare minimal) Params Type Comments JSON response Note

Create Prefix POST /api/ipam/prefixes/ {
"prefix": "192.168.10.0/24",
"is_pool": true,
"description": "IP Pool for private network - vFW"
} prefix String Pv4 or IPv6 network with mask {
"id": 10,
"prefix": "10.10.10.0/24",
"site": null,
"vrf": null,
"tenant": null,
"vlan": null,
"status": 1,
"role": null,
"is_pool": true,
"description": "IP Pool for private network - vFW",
"created": "2018-06-08",
"last_updated": "2018-06-08T14:46:07.417407Z"
}

is_pool Boolean All IP addresses within this prefix are considered usable

description String (100)

Expand

title	Plugin IP Assignment DG flow using generic-resource-api [Assign]

Overview

The generic-resource-api is used to assign cloud parameter assignment during instantiation flow. The vf-module instantiation flow begins with the main DG, self-serve-vfmodule-assign, when the svc-action = assign in the rpc request.

The main DG will call a series of sub-DGs according to the execution order of all the predefined capability components, such as generate-name, vlan-tag-assignment, eipam-ip-assignment, etc.

For IP assignment, the main DG calls the sub-DG, self-serve-eipam-ip-assignment to start the ip assignment process.

This wiki serves as the blueprint for capability integration with generic-resource-api for ip assignments, and it is used to integrate EIPAM custom plugin to obtain ip address assignments during vf-module orchestration.

Prerequisite

The following parameters must be set in context memory prior to the self-serve-eipam-ip-assignment sub-DG is called.

ss.capability-name
- value that matches the capability DG name; i.e. self-serve-eipam-ip-assignment
ss.capability-action
- assign
vnf-index
- The array index of the vnf that owns this vf-module in config tree
vf-module-index
- The array index of this vf-module in config tree
service-data.vnfs.vnf[$vnf-index].vnf-data.vf-modules.vf-module[$vf-module-index].vf-module-data.vf-module-topology.vf-module-parameters.param[].

Logic

1. Unresolved Parameter Resolution

- Calls self-serve-capability-param-resolution DG to resolve all the unresolved values in vf-module-parameters.param[].resource-resolution-data.resource-key[].value where resource-resolution-data.capability-name matches this DG name.

2. Call EIPAM Plugin

- The EIPAM plugin returns the ip assignment in a context variable, called eipam-ip-block

- eipam-ip-block.plans[].requests[].ip-prefix

- eipam-ip-block.plans[].requests[].ip-prefix-length

- eipam-ip-block.plans[].requests[].ReservedAssignments[0]. ReservedAssignment[3].ReservedKeyIPAddress

- Insert an entry to EIPAM_IP_ASSIGNMENTS table

3. Set Heat Parameters

The sub-DG, self-serve-vfmodule-assign will set value of then heat parameters based on the EIPAM

- vmxvre_oam_ip_0 = eipam-ip-block.plans[].requests[].ip-prefix

- vmxvre_oam_ip_prefix_0 = eipam-ip-block.plans[].requests[].ip-prefix-length

- vmxvre_oam_gateway = eipam-ip-block.plans[].requests[].ReservedAssignments[0].

- ReservedAssignment[3].ReservedKeyIPAddress

Verb	URI	JSON payload (Bare minimal)	Params	Type	Comments	JSON response	Note
POST	/api/ipam/prefixes/{prefix-id}/available-ips/	-	prefix-id	Integer	The ID of the prefix from which to retrieve next available IP	{ "id": 26, "address": "10.10.10.2/32", "vrf": null, "tenant": null, "status": 1, "role": null, "interface": null, "description": "", "nat_inside": null, "created": "2018-06-08", "last_updated": "2018-06-08T14:59:08.319356Z" }	Loop function within the SDNC for getting the next available for each cloud param resource.

...

Space shortcuts

Page tree

Versions Compared

Old Version 16

New Version 17

Key

Overview

Prerequisite

Logic

1. Unresolved Parameter Resolution

2. Call EIPAM Plugin

3. Set Heat Parameters