...
Project / PTL | JIRA | Description | Status | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| PTL notified (11/19 ) Ongoing discussions with SDC project | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| VNFSDK PTL notified (12/05) VNF SDK Model, Package notified (11/30) | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
RESOURCE DATA MODEL | No JIRA ticket required, project can help to identify the mappings required in SDC in Dublin timeframe |
| PTL notified (11/26) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
VNF RQTS |
|
| PTL notified (01/16) |
...
The following diagram illustrates a basic PNF package and some suggested file structure and content in the directories.
The PNF package is expected to be a CSAR package.
non-MANO artifact
According to ETSI SOL004, every non-MANO artifact set shall be identified by a non-MANO artifact set identifier which shall be registered in the ETSI registry. Non-MANO artifact sets shall be declared in the manifest file. If the package contains at least one non-MANO artifact set, an entry named "non_mano_artifact_sets:" shall be present in the package on its own line after the "metadata" section. The followings are the public non-MANO artifact set identifiers which can be used in a PNF/VNF on boarding package:
onap_ves_events: contains VES registration files.
onap_pm_dictionary: contains the PM dictionary files
onap_yang_modules: contains Yang module files for configurations
onap_ansible_playbooks: contains any ansible_playbooks
onap_others: contains any other non_MANO artifacts, e.g. informational documents
Note: need TSC approval
Open Issues:
- How to map the non-MANO artifact files to the SDC artifacts type? (under discussion in SDC meeting)
PACKAGE DELIVERY: PNF PACKAGE LICENSING
The PNF package "shall" have a Licensing.term (file)
This is also still under discussion (driven from the standards)
This section will be updated with what is contained in the actual PNF package.
PNF PRE-ONBOARDING: VNF-SDK ENHANCEMENTS
identifiers are discussed in modeling team. And it is in approving process.
PACKAGE DELIVERY: PNF PACKAGE LICENSING
The PNF package "shall" have a Licensing.term (file)
This is also still under discussion (driven from the standards)
This section will be updated with what is contained in the actual PNF package.
PNF PRE-ONBOARDING: VNF-SDK ENHANCEMENTS
VNF SDK is (optionally) responsible to validate the PNF package provided by the vendor.
...
DESIGN TIME ACTIVITIES: SDC ONBOARDING PACKAGE
SDC takes the Vendor provided package and adds some files or changes files and meta data according to SDC procedure.
The following diagram represents SDC change
PACKAGE
SDC takes the Vendor provided package and adds some files or changes files and meta data according to SDC procedure.
The following is the SDC onboarding procedure
The following diagram is an example of the the proposed PNF package in Dublin
The following is the VSA csar generated from a onboarding PNF package
The following is the VF csar imported from a PNF VSP
The following is the service csar example
The following diagram shows the mapping from the Vendor-provided PNF onboarded package into the SDC Internal PNF Onboarding package.
...
Note: (Feb 4) Model team said "this is still a work in Progress for R4" - Potential ARTIFACTS: Vendor license model & agreement, features. VNF can have >1 features, entitlement pool, license key pools, actual keys.
PNF PACKAGE SECURITY
PNF Package Security.
According to ETSI SOL004 v2.5.1 the onboarding package shall be signed. ETSI SOL004 provides two options:
Option 1 - Security for Each File. VNF-SDK already support Option 1.
Option 2 - Security for the Package
Driven from SOL004: Option 1 (Supported in R4 Dublin): TOSCA.meta (exists) Meta-directory based, XML based approach. Option 2 (NOT support in R4 Dublin): CSAR without TOSCA.meta. Manifest (.mf) file that has everything (so the TOSCA.meta is redundant). Yaml-based approach.
...
One Digest for each components of the VNF package. The table of hashes is included in the manifest file, which is signed with the VNF provider private key. A signing certificate including the provider’s public key shall be included in the package.
Option 2 - The complete CSAR file shall be digitally signed with the provider private key. The provider delivers one zip file consisting of the CSAR file, a signature file and a certificate file that includes the VNF provider public key.
In Dublin release option 2 is going to be implemented in SDC.
- The VNF/PNF package authenticity and integrity is ensured by signing the CSAR file with the provider private key. The digital signature is stored in a separate file.
- The VNF/PNF provider shall also include an X.509 certificate in a separate file with extension .cert or, if the signature format allows it, in the signature file itself. The VNF/PNF provider creates a zip file consisting of the CSAR file, signature and certificate files. The signature and certificate files shall be siblings of the CSAR file with extensions .sm and .cert respectively.
- No digest is required in the manifest file. But it is recommended to include individual signatures of the artifacts. the signatures of the artifacts are stored in separate files together with the artifacts using the same name and location as the artifact but with an extension .sm
- At pre-onboarding of the PNF/VNF package, VNFSDK tool could verify the signature of the complete CSAR package with the provider’s public key
- At onboarding of the PNF/VNF package, SDC could verify the signature of the complete CSAR package with the provider’s public key.
Reference info about X.509
An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.
...