20181220 - update for casablanca -TODO: review the vFW automation in https://github.com/garyiwu/onap-lab-ci - thanks Yang Xu
This long-winded page name will revert to "Running the ONAP vFirewall Demo...." when we are finished before 9 Dec - and moved out of the wiki root
...
Gliffy Diagram | ||||
---|---|---|---|---|
|
TODO: check for JIRA on appc demo.robot working : 20171128 (worked in 1.0.0)
20180307 - SDC 503 - see pod reordering in amsterdam https://lists.onap.org/pipermail/onap-discuss/2018-March/008403.html - need to raise jira
Prerequisites
Artifact | Location | Notes | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
private key (ssh-add)
| obrienbiometrics:onap_public michaelobrien$ ssh-keygen SHA256:YzLggI8nGXna0Ssx0DMpLvZKSPTGZJ1mXwj2XZ+c8Gg michaelobrien@obrienbiometrics.local paste onap_public.pub into the pub_key: sections of all the onap_openstack and vFW env files
| |||||||||||||
openstack yaml and env | https://nexus.onap.org/content/sites/raw/org.onap.demo/heat/ONAP/1.1.0-SNAPSHOT/ demo/heat/onap/onap-openstack.* | |||||||||||||
vFirewall yaml and env unverified
| We will use the split vFWCL (vFW closed loop) in demo/heat/vFWCL demo/heat/vFWCL/vFWPKG/base_vpkg.env demo/heat/vFWCL/vFWSNK/base_vfw.env image_name: ubuntu-14-04-cloud-amd64 flavor_name: m1.medium public_net_id: 971040b2-7059-49dc-b220-4fab50cb2ad4 cloud_env: openstack onap_private_net_id: oam_onap_6Gve onap_private_subnet_id: oam_onap_6Gve Note: the network must be the one that shows on the instances page - or the only non-shared one in the network list not the older https://nexus.onap.org/content/sites/raw/org.onap.demo/heat/vFW/1.1.0-SNAPSHOT/ or the deprecated https://nexus.onap.org/content/sites/raw/org.openecomp.demo/heat/vFW/1.1.0-SNAPSHOT/ | |||||||||||||
demo/heat/vFWCL/vFWPKG/base_vpkg.env | ||||||||||||||
...
T# | Task | Action Rest URL+JSON payload | Result JSON / Text / Screencap | Artifacts Link or attach file | Env OOM HEAT or both | Verify Read | Last run | Notes |
| Result JSON / Text / Screencap | Artifacts Link or attach file | Env OOM HEAT or both | Verify Read | Last run | Notes | |||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
./demo-k8s.sh onap init_robot ./demo-k8s.sh init | start with a full DCAE deploy (amsterdam) via OOM
| |||||||||||||||||||
optional | Before robot init (init_customer and distribute | |||||||||||||||||||
optional | cloud region PUT to AAI | from postman:code PUT /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/Openstack/RegionOne HTTP/1.1 { | 201 created | OOM | GET /aai/v11/cloud-infrastructure/cloud-regions/cloud-region/Openstack/RegionOne HTTP/1.1 200 OK { | 20171126 | ||||||||||||||
1 optional | TBD - cloud region PUT to AAI | Verify: cloud-region is not set by robot ./demo.sh init (only the customer is - we need to run the rest call for cloud region ourselves watch intermittent issues bringing up aai1 containers in
| HEAT | TBD 201711xx | ||||||||||||||||
SDC Distribution (manual) | HEAT http://portal.api.simpledemo.onap.org:8989/ONAPPORTAL/login.htm OOM: http://<host>:30211 License Model as cs0008 on SDC onboard | new license model | license key groups (network wide / Universal) | Entitlement pools (network wide / absolute 100 / CPU / 000001 / Other tbd / Month) | Feature Groups (123456) manuf ref # | Available Entitlement Pools (push right) | License Agreements | Add license agreement (unlimited) - push right / save / check-in / submit | Onboard breadcrumb VF Onboard | new Vendor (not Virtual) Software Product (FWL App L4+) - select network package not manual checkbox | select LA (Lversion 1, LA, then FG) save | upload zip | proceed to validation | checkin | submit Onboard home | drop vendor software prod repo | select, import vsp | create | icon | submit for testing Distributing as jm0007 | start testing | accept as cs0008 | sdc home | see firewall | add service | cat=l4, 123456 create | icon | composition, expand left app L4 - drag | submit for testing as jm0007 | start testing | accept as gv0001 | approve as op0001 | distribute | |||||||||||||||||||
TBD Customer creation | Note: robot ./demo.sh oom: oom/kubernetes/robot/demo-k8s.sh | |||||||||||||||||||
SDC Model Distribution | If you are at this step - switch over to Alexis de Talhouët page on vFWCL instantiation, testing, and debuging | |||||||||||||||||||
TBD VID Service creation | ||||||||||||||||||||
TBD VID Service Instance deployment | ||||||||||||||||||||
TBD VID Create VNF | ||||||||||||||||||||
VNF preload OK (REST) | http://{{sdnc_ip}}:8282/restconf/operations/VNF-API:preload-vnf-topology-operation note the service-type change - see gui top right
Result 200
| |||||||||||||||||||
VNF preload (alternative, no postman) | (hope I got it right) references to video are like "X-mm:ss some text" where X is 0..5 and the video is 20171128_1200_X_of_5_daily_session.mp4 |
| ||||||||||||||||||
SDNC VNF Preload (Integration-Jenkins lab) |
| |||||||||||||||||||
TBD VID Create VF-Module (vSNK) | Need to delete the previous failure first - raise JIRA on error for now postfix and recreate | |||||||||||||||||||
TBD VID Create VF-Module (vPG) | ||||||||||||||||||||
TBD Robot Heatbridge | ||||||||||||||||||||
TBD APPC mountpoint (Robot or REST) | ||||||||||||||||||||
APPC mountpoint for vFW closed-loop (Integration-Jenkins lab) |
see https://lists.onap.org/pipermail/onap-discuss/2017-November/006610.html |
...
UCA-20 OSS JAX-RS 2 Client15995071
Vetted vFirewall Demo - Full draft how-to for F2F and ReadTheDocs
Integration Use Case Test Cases - could not find vFW content here
...
Recording details | Recording embedded (currently limited to 30 min for the 100mb limit) or link | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ONAP installation of OOM from clean VM to Healthcheck | ONAP R1 OOM from clean AWS VM to deployed ONAP
3 videos - reuse for
20171208 : GUI only for SDC onboarding in OOM 20171208 release-1.1.0 - no devops screens in this one so it can be used for demos
| |||||||||||||||||||||||||||||||||||||||
OOM vFirewall SDC distribution to VF-Module creation | See Alexis' vFW instantiation E2E - OOM with OpenStack vFWCL instantiation, testing, and debuging | |||||||||||||||||||||||||||||||||||||||
ONAP installation of HEAT from empty OPENSTACK to Healthcheck | Review the 20171128 videos from Marco via https://lists.onap.org/pipermail/onap-discuss/2017-November/006572.html on https://wiki.onap.org/display/DW/Running+the+ONAP+Demos
| |||||||||||||||||||||||||||||||||||||||
HEAT vFirewall SDC distribution to VF-Module creation | see Alexis' vFW instantiation E2E - OOM with OpenStack vFWCL instantiation, testing, and debuging |
Daily Working Recordings
Date | Video | Notes / TODO | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2017 1127 |
| HEAT: get back to the vnf preload - continue to the 3 vFW VMs coming up todo: use the split template (abandon the single VNF) todo: stop using robot for all except customer creation - essentially everything is REST and VID todo: fix DNS of the onap env file OOM: go over master status, get a 1.1.0 branch up separately CHAT: From Brian to Everyone: (12:06) | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20171128 |
| HEAT: error on vf-module creation (MSO Heat issue) 12:23:15 From Eric Debeau : The API for licence model creation are not documented in R1 ================================================================= Time markers in the videos to the left. The "Part"-number represents part 0..4 in the file name Part Marker comment | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20171129 OOM |
| chat minimal OOM/HEAT deployment for vFW 11:04:28 From Michael O'Brien : ./createAll.bash -n onap -a mso | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20171129 HEAT |
| chat | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20171130 OOM |
| chat 11:06:25 From Alexis de Talhouët : /dockerdata-nfs/onap/robot/eteshare/config | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
20171201 OOM |
see Alexis' vFW videos vFW instantiation E2E - OOM with OpenStack vFWCL instantiation, testing, and debuging | Agenda Pull master and release-1.1.0 patches (merged) fixed yesterday by Alexis de T. https://gerrit.onap.org/r/#/q/status:merged+project:+oom Servers amsterdam.onap.info = 1.1.0 oom cd.onap.info = master onap-parameters.yaml points to my personal Rackspace in case we get to VF-Module creation The 2 vFWVL zips require a network predefined on Rackspace Results: robot init passed, but later Alexis tested the extra SDNC call from Marco's video and got all the way to vf-module creation for the first vFW template and saw the 2 VMs up in openstack - a very big thank you to Alexis for all the work in the last 4 days, the 15+ commits, the new config docker image .... retrofiting details over the weekend Also our friends at VMware under Ranki are running OK under OOM release-1.1.0 on prep of their demo of ONAP Amsterday R1 OOM at KubeCon on Tuesday morning - one week before our ONAP F2F in Santa Clara on the 11th. |
...
Get an openlab account - Integration / Developer Lab Access | Stephen Gooch provides excellent/fast service - raise a JIRA like the following
| ||||||||
Install openVPN - Using Lab POD-ONAP-01 Environment For OSX both Viscosity and TunnelBlick work fine | |||||||||
Login to Openstack | |||||||||
Install openstack command line tools | Tutorial: Configuring and Starting Up the Base ONAP Stack#InstallPythonvirtualenvTools(optional,butrecommended) | ||||||||
get your v3 rc file | |||||||||
verify your openstack cli access (or just use the jumpbox) |
| ||||||||
get 15 elastic IP's | You may need to release unused IPs from other tenants - as we have 4 pools of 50 | ||||||||
fill in your stack env parameters | onap_openstack.env public_net_id: 971040b2-7059-49dc-b220-4fab50cb2ad4 public_net_name: external ubuntu_1404_image: ubuntu-14-04-cloud-amd64 ubuntu_1604_image: ubuntu-16-04-cloud-amd64 flavor_small: m1.small flavor_medium: m1.medium flavor_large: m1.large flavor_xlarge: m1.largexlarge flavor_xxlarge: m1.xlargexxlarge vm_base_name: onap key_name: onap_key pub_key: ssh-rsa AAAAobrienbiometrics nexus_repo: https://nexus.onap.org/content/sites/raw nexus_docker_repo: nexus3.onap.org:10001 nexus_username: docker nexus_password: docker dmaap_topic: AUTO artifacts_version: 1.1.0-SNAPSHOT openstack_tenant_id: a85a07a5f34d4yyyyyyy openstack_tenant_name: Logyyyyyyy openstack_username: michaelyyyyyy openstack_api_key: Wyyyyyyy openstack_auth_method: password openstack_region: RegionOne horizon_url: http://10.12.25.2:5000/v3 keystone_url: http://10.12.25.2:5000 dns_list: ["10.12.25.5", "8.8.8.8"] external_dns: 8.8.8.8 dns_forwarder: 11010.12.25.5 oam_network_cidr: 10.0.0.0/16 follow http://onap.readthedocs.io/en/latest/submodules/dcaegen2.git/docs/sections/installation_heat.html dnsaas_config_enabled: PUT WHETHER TO USE PROXYED DESIGNATEtrue dnsaas_region: PUT THE DESIGNATE PROVIDING OPENSTACK'S REGION HERE RegionOne dnsaas_keystone_url: http://10.12.25.5:5000/v3 PUT THE DESIGNATE PROVIDING OPENSTACK'S KEYSTONE URL HERE dnsaas_tenant_name: PUT THE TENANT NAME IN THE DESIGNATE PROVIDING OPENSTACK HERE (FOR R1 USE THE SAME AS openstack_tenant_name)Logging dnsaas_username: PUT THE DESIGNATE PROVIDING OPENSTACK'S USERNAME HERE demo dnsaas_password: PUT THE DESIGNATE PROVIDING OPENSTACK'S PASSWORD HEREonapdemo dcae_keystone_url: PUT THE MULTIVIM PROVIDED KEYSTONE API URL HERE: http://10.12.25.5:5000/v2 dcae_centos_7_image: PUT THE CENTOS7 VM IMAGE NAME HERE FOR DCAE LAUNCHED CENTOS7 VM CentOS-7 dcae_domain: PUT THE NAME OF DOMAIN THAT DCAE VMS REGISTER UNDER dcaeg2.onap.org dcae_public_key: PUT THE PUBLIC KEY OF A KEYPAIR HERE TO BE USED BETWEEN DCAE LAUNCHED VMS dcae_private_key: PUT THE SECRET KEY OF A KEYPAIR HERE TO BE USED BETWEEN DCAE LAUNCHED VMS | ||||||||
Run the HEAT stack |
| ||||||||
Wait for deployment | DCEA and several mutli-service VM's down
| ||||||||
configure local vi /etc/hosts | Enable the robot webserver to see error logs and get /etc/hosts values HEAT root@onap-robot:/opt# ./demo.sh init_robot OOM oom/kubernetes/robot/demo-k8s.sh init_robot 10.12.5.214 policy.api.simpledemo.onap.org 10.12.5.118 portal.api.simpledemo.onap.org 10.12.5.141 sdc.api.simpledemo.onap.org 10.12.5.92 vid.api.simpledemo.onap.org | ||||||||
Verify AAI_VM1 DNS | Intermittenty AAI1 does not fully initialize, docker will get installed and the test-config dir will get pulled - but the 6 docker containers in the compose file will not be up. login to aai immediately after stack startup and add the following before test-config root@onap-aai-inst1:~# cat /etc/hosts 10.0.1.2 aai.hbase.simpledemo.openecomp.org 10.12.5.213 aai.hbase.simpledemo.openecomp.org | ||||||||
Enable robot webserver | |||||||||
Spot check containers | | 1fe78720-e418-47f7-bcfd-b6b93c791448 | oom-cd-obrien-cd0 | ACTIVE | admin-private-mgmt=10.10.2.15, 10.12.25.117 | ||||||||
check robot health Core components are PASS so lets continue with the vFW | Thanks Alexis for the 20171130 changes http://jenkins.onap.info/job/oom-cd/528/console 15:39:15 Basic SDNGC Health Check | PASS | 15:39:15 Basic A&AI Health Check | PASS | 15:39:15 Basic Policy Health Check | PASS | 15:39:15 Basic MSO Health Check | PASS | 15:39:15 Basic ASDC Health Check | PASS | 15:39:15 Basic APPC Health Check | PASS | 15:39:15 Basic Portal Health Check | PASS | 15:39:15 Basic Message Router Health Check | PASS | 15:39:15 Basic VID Health Check | PASS | 15:39:16 Basic Microservice Bus Health Check | PASS | 15:39:16 Basic CLAMP Health Check | PASS | 15:39:16 catalog API Health Check | PASS | 15:39:16 emsdriver API Health Check | PASS | 15:39:16 gvnfmdriver API Health Check | PASS | 15:39:16 huaweivnfmdriver API Health Check | PASS | 15:39:16 multicloud API Health Check | PASS | 15:39:16 multicloud-ocata API Health Check | PASS | 15:39:16 multicloud-titanium_cloud API Health Check | PASS | 15:39:16 multicloud-vio API Health Check | PASS | 15:39:16 nokiavnfmdriver API Health Check | PASS | 15:39:16 nslcm API Health Check | PASS | 15:39:16 resmgr API Health Check | PASS | 15:39:16 usecaseui-gui API Health Check | PASS | 15:39:16 vnflcm API Health Check | PASS | 15:39:16 vnfmgr API Health Check | PASS | 15:39:16 vnfres API Health Check | PASS | 15:39:16 workflow API Health Check | PASS | 15:39:16 ztesdncdriver API Health Check | PASS | 15:39:16 ztevmanagerdriver API Health Check | PASS | 15:39:16 OpenECOMP ETE.Robot.Testsuites.Health-Check :: Testing ecomp compo... | FAIL | 15:39:16 30 critical tests, 29 passed, 1 failed 15:39:16 30 tests total, 29 passed, 1 failed |
...
Filling in over the weekend | See daily videos and Alexis Videos on the vFWCL and his expanded wiki vFW instantiation E2E - OOM with OpenStackvFWCL instantiation, testing, and debuging |