Page History

...

...

The following diagram illustrates a basic PNF package and some suggested file structure and content in the directories.

Image RemovedImage Added

The PNF package is expected to be a CSAR package.

non-MANO artifact 

According to ETSI SOL004, every non-MANO artifact set shall be identified by a non-MANO artifact set identifier which shall be registered in the ETSI registry. Non-MANO artifact sets shall be declared in the manifest file. If the package contains at least one non-MANO artifact set, an entry named "non_mano_artifact_sets:" shall be present in the package on its own line after the "metadata" section. The followings are the public non-MANO artifact set identifiers which can be used in a PNF/VNF on boarding package:

• onap_ves_events: contains VES registration files. 

• onap_pm_dictionary: contains the PM dictionary files

• onap_yang_modules: contains Yang module files for configurations 

• onap_ansible_playbooks: contains any ansible_playbooks

• onap_others: contains any other non_MANO artifacts, e.g. informational documents

Note: need TSC approval

Open Issues:

• How to map the non-MANO artifact files to the SDC artifacts type? (under discussion in SDC meeting)

PACKAGE DELIVERY: PNF PACKAGE LICENSING

The PNF package "shall" have a Licensing.term (file)

This is also still under discussion (driven from the standards)

This section will be updated with what is contained in the actual PNF package.

PNF PRE-ONBOARDING: VNF-SDK ENHANCEMENTS

identifiers are discussed in modeling team.  And it is in approving process. 

PACKAGE DELIVERY: PNF PACKAGE LICENSING 

The PNF package "shall" have a Licensing.term (file)

This is also still under discussion (driven from the standards)

This section will be updated with what is contained in the actual PNF package.

PNF PRE-ONBOARDING: VNF-SDK ENHANCEMENTS

VNF SDK is (optionally) responsible to validate the PNF package provided by the vendor.

...

DESIGN TIME ACTIVITIES: SDC ONBOARDING PACKAGE

SDC takes the Vendor provided package and adds some files or changes files and meta data according to SDC procedure.

The following diagram represents SDC change

PACKAGE

SDC takes the Vendor provided package and adds some files or changes files and meta data according to SDC procedure.

The following is the SDC onboarding procedure

Image Added

The following diagram is an example of the the proposed PNF package in Dublin

Image Added

The following is the VSA csar generated from a onboarding PNF package

Image Added

The following is the VF csar imported from a PNF VSP

Image Added

The following is the service csar example

Image AddedImage Removed

The following diagram shows the mapping from the Vendor-provided PNF onboarded package into the SDC Internal PNF Onboarding package.

...

Note: (Feb 4) Model team said "this is still a work in Progress for R4" - Potential ARTIFACTS: Vendor license model & agreement, features. VNF can have >1 features, entitlement pool, license key pools, actual keys.

PNF PACKAGE SECURITY

PNF Package Security.

According to ETSI SOL004 v2.5.1 the onboarding package shall be signed. ETSI SOL004 provides two options:

Option 1 - Security for Each File. VNF-SDK already support Option 1.

Option 2 - Security for the Package

Driven from SOL004: Option 1 (Supported in R4 Dublin): TOSCA.meta (exists) Meta-directory based, XML based approach. Option 2 (NOT support in R4 Dublin): CSAR without TOSCA.meta. Manifest (.mf) file that has everything (so the TOSCA.meta is redundant). Yaml-based approach.

...

 One Digest for each components of the VNF package. The table of hashes is included in the manifest file, which is signed with the VNF provider private key. A signing certificate including the provider’s public key shall be included in the package.  

Option 2 - The complete CSAR file shall be digitally signed with the provider private key. The provider delivers one zip file consisting of the CSAR file, a signature file and a certificate file that includes the VNF provider public key.

In Dublin release option 2 is going to be implemented in SDC.

• The VNF/PNF package authenticity and integrity is ensured by signing the CSAR file with the provider private key. The digital signature is stored in a separate file.
• The VNF/PNF provider shall also include an X.509 certificate in a separate file with extension .cert or, if the signature format allows it, in the signature file itself. The VNF/PNF provider creates a zip file consisting of the CSAR file, signature and certificate files. The signature and certificate files shall be siblings of the CSAR file with extensions .sm and .cert respectively.
• No digest is required in the manifest file. But it is recommended to include individual signatures of the artifacts. the signatures of the artifacts are stored in separate files together with the artifacts using the same name and location as the artifact but with an extension .sm
• At pre-onboarding of the PNF/VNF package, VNFSDK tool could verify the signature of the complete CSAR package with the provider’s public key
• At onboarding of the PNF/VNF package, SDC could verify the signature of the complete CSAR package with the provider’s public key.

Reference info about X.509

An X.509 certificate is a digital certificate that uses the widely accepted international X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the user, computer or service identity contained within the certificate.

...