Please join and post "validated" actions/config/results - but do not move or edit this page until we get a complete vFW run before Ideally the 4 Dec KubCon conference and worst case the 11 Dec ONAP Conference - thank you
Under construction - this page is a consolidation of all details in getting the vFirewall running over the next 2 weeks in prep of anyone that would like to demo it for the F2F in Dec.
ADD content ONLY when verified - with evidence (screen-cap, JSON output etc..) DO paste any questions and unverified config/actions in the comment section at the end - for the team to verify |
Daily meeting at 1200 EDT noon Nov 27 to 8 Dec 2017 - https://zoom.us/j/7939937123 see schedule at https://lists.onap.org/pipermail/onap-discuss/2017-November/006483.html
Statement of Work
Ideally we provide this page as a the draft that will go into ReadTheDocs.io - where this page gets deleted and referenced there.
There are currently 3 or more distinct pages, email threads, presentations, phone calls, meetings where all the details needed to "Step by Step" get a running vFirewall up are located.
We would like to get to the point where we were before Aug 2017 where an individual with an Openstack environment (OOM as well now) - could follow each instruction point (action - and expected/documented result/output) and end up with our current minimal sanity usecase - the vFirewall
If you have any details on configuration of getting up the vFirewall post them to the comments section and it will be tested and incorporated
Ideally any action added to this page itself - is fully tested with resulting output (text/screencap) - pasted as a reference.
JIRAs: - OOM-459Getting issue details... STATUS for OOM and - INT-106Getting issue details... STATUS for HEAT
Output
1- This set of instructions below - to go from an empty OOM host or OpenStack lab - all the way to closed loop running.
2 - A set of videos - the vFirewall from an already deployed OOM and HEAT deployment - see the reference videos from Running the ONAP Demos#ONAPDeploymentVideos see
-
INT-333Getting issue details...
STATUS
3- Secondary videos on bringing up OOM and HEAT deployments
Running the vFirewall Demo
Prerequisites
Artifact | Location | Notes |
---|---|---|
openstack yaml and env | https://nexus.onap.org/content/sites/raw/org.onap.demo/heat/ONAP/1.1.0-SNAPSHOT/ | to be verified |
vFirewall yam and env | https://nexus.onap.org/content/sites/raw/org.onap.demo/heat/vFW/1.1.0-SNAPSHOT/ deprecated https://nexus.onap.org/content/sites/raw/org.openecomp.demo/heat/vFW/1.1.0-SNAPSHOT/ | to be verified |
vFirewall Tasks
Ideally we have an automated one-click vFW deployment - in the works -
T# | Task | Action Rest URL+JSON payload | Result JSON / Text / Screencap | Artifacts Link or attach file | Env OOM HEAT or both | Last run | Notes |
---|---|---|---|---|---|---|---|
Before robot init (init_customer and distribute | |||||||
1 | TBD - cloud region PUT to AAI | TBD 201711xx | |||||
TBD Customer creation | |||||||
TBD SDC Distribution | |||||||
TBD VID Service creation | |||||||
TBD VID Service Instance deployment | |||||||
TBD VID Create VNF | |||||||
TBD VNF preload | |||||||
TBD VID Create VF-Module | |||||||
TBD Robot Heatbridge | |||||||
TBD APPC mountpoint (Robot or REST) |
Verifying the vFirewall
Questions to Resolve
20171122: Do we run the older robot preload or do we do the SDNC rest PUT manually
Older Tutorial: Creating a Service Instance from a Design Model#RunRobotdemo.shpreloadofDemoModule
20171122: Do we use the older June vFW zip (yaml + env) or must we use a new split template
investigate Brian's comment on running vFW Demo on ONAP Amsterdam Release - "If you want to do closed loop for vFW there is a new two VNF service for Amsterdam (vFWCL - it is in the demo repo) that separates the traffic generator into a second VNF/Heat stack so that Policy an associate the event on the LB with the VNF to be controlled (the traffic generator) through APPC. Contact Pam and Marco for details."
- INT-342Getting issue details... STATUS
20171122: Do we run the older robot appc mountpoint or do we do the APPC rest PUT manually
Original/Ongoing Doc References
running vFW Demo on ONAP Amsterdam Release
Clearwater vIMS Onboarding and Instantiation
Integration Test - could not find vFW content here
ONAP master branch Stabilization
- OOM-1Getting issue details... STATUS
- INT-106Getting issue details... STATUS
- INT-284Getting issue details... STATUS
List of ONAP Implementations under Test by Environment
Please add yourself to the list so we can target EPIC work based on environment affinity
Environment | Branch | Deployer | Contacts | vFW status | Notes |
---|---|---|---|---|---|
Intel Openlab | master | HEAT | none | cloud: http://10.12.25.2/auth/login/?next=/project/instances/ servers Starting up (20171123) - not ready yet | |
Intel Openlab | master | OOM Kubernetes | none | cloud: http://10.12.25.2/auth/login/?next=/project/instances/ server: 10.12.25.117 key: openlab_oom_key (pass by mail) (non-DCAE ONAP components only) partial 16g only until quota increased or we cluster 4 | |
Intel Openlab | release-1.1.0 | OOM Kubernetes | none | cloud: http://10.12.25.2/auth/login/?next=/project/instances/ server: 10.12.25.119 key: openlab_oom_key (pass by mail) | |
Rackspace | master | OOM Kubernetes | none | (non-DCAE ONAP components only) DCAEGEN2 not tested yet for R1 Running CD jobs hourly | |
Amazon AWS EC2 | master | OOM Kubernetes | none | (non-DCAE ONAP components only) - spot node terminated | |
Amazon AWS ECS | OOM Kubernetes | pending test | n/a | (non-DCAE ONAP components only) - node terminated | |
Google GCE | master | OOM Kubernetes | (non-DCAE ONAP components only) - node closed | ||
Google GCE CaaS | OOM Kubernetes | pending test | n/a | (non-DCAE ONAP components only) | |
Rackspace | HEAT | not supported yet | n/a | ||
Alibaba VM | OOM Kubernetes | none | not tested yet |
Continuous Deployment References
Tech | Servers | Details |
---|---|---|
HEAT | ||
Kubernetes | Jobs (AWS) Analytics (AWS) CD servers (Rackspace) cd2.onap.info | OOM R2 Master (Beijing) http://jenkins.onap.info/job/oom-cd-release-110-branch/ OOM R1 (Amsterdam) |
Recordings
put all daily and ongoing vFW formal run videos here - in the leadup to the 2 conferences.
Recording details | Recording embedded (currently limited to 30 min for the 100mb limit) or link | |
---|---|---|
Test recording of OOM install fragment to verify zoom recording and openlab access - will erase | ||
Generated JIRAs
- OOM-461Getting issue details... STATUS
Access and Deployment Configuration
Openlab VNC and CLI
The following is missing some sections and a bit out of date (v2 deprecated in favor of v3) -Integration Testing Schedule, 10-09-2017
Get an openlab account - Integration / Developer Lab Access | |
Install openVPN - Using Lab POD-ONAP-01 Environment For OSX both Viscosity and TunnelBlick work fine | |
Login to Openstack | |
Install openstack command line tools | Tutorial: Configuring and Starting Up the Base ONAP Stack#InstallPythonvirtualenvTools(optional,butrecommended) |
get your v3 rc file | |
verify your openstack cli access (or just use the jumpbox) | obrienbiometrics:aws michaelobrien$ source logging-openrc.sh obrienbiometrics:aws michaelobrien$ openstack server list +--------------------------------------+---------+--------+-------------------------------+------------+ | ID | Name | Status | Networks | Image Name | +--------------------------------------+---------+--------+-------------------------------+------------+ | 1ed28213-62dd-4ef6-bdde-6307e0b42c8c | jenkins | ACTIVE | admin-private-mgmt=10.10.2.34 | | +--------------------------------------+---------+--------+-------------------------------+------------+ |
get 15 elastic IP's | You may need to release unused IPs from other tenants - as we have 4 pools of 50 |
fill in your env parameters | public_net_id: PUT YOUR NETWORK ID HERE public_net_name: PUT YOUR NETWORK NAME HERE ubuntu_1404_image: PUT THE UBUNTU 14.04 IMAGE NAME HERE ubuntu_1604_image: PUT THE UBUNTU 16.04 IMAGE NAME HERE flavor_small: PUT THE SMALL FLAVOR NAME HERE flavor_medium: PUT THE MEDIUM FLAVOR NAME HERE flavor_large: PUT THE LARGE FLAVOR NAME HERE flavor_xlarge: PUT THE XLARGE FLAVOR NAME HERE flavor_xxlarge: PUT THE XXLARGE FLAVOR NAME HERE vm_base_name: onap key_name: onap_key pub_key: PUT YOUR PUBLIC KEY HERE openstack_tenant_id: PUT YOUR OPENSTACK PROJECT ID HERE openstack_tenant_name: PUT YOUR OPENSTACK PROJECT NAME HERE openstack_username: PUT YOUR OPENSTACK USERNAME HERE openstack_api_key: PUT YOUR OPENSTACK PASSWORD HERE horizon_url: PUT THE HORIZON URL HERE keystone_url: PUT THE KEYSTONE URL HERE (do not include version number) cloud_env: openstack dns_list: PUT THE ADDRESS OF THE EXTERNAL DNS HERE (e.g. a comma-separated list of IP addresses in your /etc/resolv.conf in UNIX-based Operating Systems) external_dns: PUT THE FIRST ADDRESS OF THE EXTERNAL DNS LIST HERE dns_forwarder: PUT THE IP OF DNS FORWARDER FOR ONAP DEPLOYMENT'S OWN DNS SERVER dnsaas_config_enabled: PUT WHETHER TO USE PROXYED DESIGNATE dnsaas_region: PUT THE DESIGNATE PROVIDING OPENSTACK'S REGION HERE dnsaas_keystone_url: PUT THE DESIGNATE PROVIDING OPENSTACK'S KEYSTONE URL HERE dnsaas_tenant_name: PUT THE TENANT NAME IN THE DESIGNATE PROVIDING OPENSTACK HERE (FOR R1 USE THE SAME AS openstack_tenant_name) dnsaas_username: PUT THE DESIGNATE PROVIDING OPENSTACK'S USERNAME HERE dnsaas_password: PUT THE DESIGNATE PROVIDING OPENSTACK'S PASSWORD HERE dcae_keystone_url: PUT THE MULTIVIM PROVIDED KEYSTONE API URL HERE dcae_centos_7_image: PUT THE CENTOS7 VM IMAGE NAME HERE FOR DCAE LAUNCHED CENTOS7 VM dcae_domain: PUT THE NAME OF DOMAIN THAT DCAE VMS REGISTER UNDER dcae_public_key: PUT THE PUBLIC KEY OF A KEYPAIR HERE TO BE USED BETWEEN DCAE LAUNCHED VMS dcae_private_key: PUT THE SECRET KEY OF A KEYPAIR HERE TO BE USED BETWEEN DCAE LAUNCHED VMS |