You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »



                            

SDNC Modeling Process (via Controller Design Studio UI).

  1. Heat Mapping: Start by the HEAT environment file as final product required for Openstack spin up. Then for each cloud parameter we define the following:
    1. Cloud parameters assignment type (Default, Input, Capability)
    2. Resources ruleset (Assignment logic : Recipe, ingredients, Model-driven vs Custom logic)
    3. Assignment Capabilities: (microServices, DG-Capability logic, Policy models...)

  2. Data Dictionaries: Define the SDNC model used to resolve resource values from various systems.
    1. Define source type (default. Input, DB, A&AI, mS…etc)
    2. Define model used to retrieve the resource value from the various sub-systems (input-key-mapping, output-key-mapping, url, path)
    3. Define DD’s name, type, complex data type (if sub-system supports a list of complex data structure)

  3. Controller Blueprint: Create SDNC model and all associated capabilities, artifact templates, Data Dictionaries
    1. model Identifier: (model name, version, author…etc)
    2. Capabilities ( Resource-Assignment, Artifact-template)
    3. Template Instance (Upload Artifact Templates)
      1. Edit/View each Artifact Template
      2. Upload Artifact Template JSON file
      3. Load template and Auto-Map to Data Dictionaries
      4. Review Mapping Table and Edit DDs, Default values, DD Source

                                                         

The work bellow is based on the following git repository, providing netbox docker images: https://github.com/ninech/netbox-docker

The Netbox helm chart has been submitted in OOM, the code can be found here: https://github.com/onap/oom/tree/master/kubernetes/contrib/charts/netbox

This helm chart is comprised of three subcharts, being:

  • netbox-app: provides the IPAM capability we're seeking for current selected use cases (vFW).
  • netbox-nginx: reverse proxy exposing IPAM system in a secure fashion (using NodePort).
  • netbox-postgress: backend database persisting the Netbox data. Currently a deployment, should be converted to statefull set using StorageClass.


Regarding the netbox-app, this charts come with possibility for customization. The folder tree structure is the following:

.
??? config
    ??? configuration				Those are configuration scripts coming from Netbox itself, they remained un-touched.
    ?   ??? configuration.py
    ?   ??? gunicorn_config.py
    ?   ??? ldap_config.py
    ??? initializers				Those YAML files are where we can added so pre-provisioning data, such as user or custom fields.
    ?   ??? custom_fields.yml
    ?   ??? groups.yml
    ?   ??? users.yml
    ??? provisioning				This defines the entrypoint of netbox-app deployment, that will provision prefix to support vFW use case.
    ?   ??? provision.sh
    ??? startup_scripts				Those scripts are provided by Netbox itself, they remained un-touched.
        ??? 00_users.py
        ??? 10_groups.py
        ??? 20_custom_fields.py


In order to test Netbox locally using this helm chart, here are the steps to follow:

git clone https://gerrit.onap.org/r/oom
cd oom/kubernetes
helm serve &
make contrib
helm install local/contrib --name netbox --namespace $NAMESPACE

This will result in installing the 3 charts, and run the job that will provisioned Netbox for us.

Ouput of the helm install should look like the following:

$ helm install local/contrib --name netbox --namespace onap-adetalhouet
NAME:   netbox

LAST DEPLOYED: Tue Aug 28 14:30:57 2018
NAMESPACE: onap-adetalhouet
STATUS: DEPLOYED

RESOURCES:
==> v1/ConfigMap
NAME                                        DATA  AGE
netbox-netbox-app-configuration-configmap   3     1s
netbox-netbox-app-initializers-configmap    3     1s
netbox-netbox-app-startupscripts-configmap  3     1s
netbox-netbox-app-provisioning-configmap    1     1s
netbox-netbox-nginx-config-configmap        1     1s
netbox-netbox-postgres-docker-entry-initd   0     1s

==> v1/PersistentVolumeClaim
NAME                    STATUS   VOLUME                                    CAPACITY  ACCESS MODES  STORAGECLASS  AGE
netbox-netbox-static    Pending  nfs-dev-sc                                1s
netbox-netbox-postgres  Bound    pvc-8193e062-aaf0-11e8-beaa-f40343575464  1Gi  RWX  nfs-dev-sc  1s

==> v1/Service
NAME             TYPE       CLUSTER-IP     EXTERNAL-IP  PORT(S)         AGE
netbox-app       ClusterIP  10.43.179.246  <none>       8001/TCP        1s
netbox-nginx     NodePort   10.43.136.76   <none>       8080:30269/TCP  1s
netbox-postgres  ClusterIP  10.43.64.155   <none>       5432/TCP        1s

==> v1beta1/Deployment
NAME                    DESIRED  CURRENT  UP-TO-DATE  AVAILABLE  AGE
netbox-netbox-app       1        1        1           0          1s
netbox-netbox-nginx     1        1        1           0          1s
netbox-netbox-postgres  1        1        1           0          1s

==> v1/Job
NAME                            DESIRED  SUCCESSFUL  AGE
netbox-netbox-app-provisioning  1        0           1s

==> v1/Pod(related)
NAME                                    READY  STATUS   RESTARTS  AGE
netbox-netbox-app-f54cd84d5-g6xr2       0/1    Pending  0         1s
netbox-netbox-nginx-5d4f86ffcf-qlkhc    0/1    Pending  0         1s
netbox-netbox-postgres-76857df45-5jjm9  0/1    Pending  0         1s
netbox-netbox-app-provisioning-26stg    0/1    Pending  0         1s

==> v1/Secret
NAME                    TYPE    DATA  AGE
netbox-netbox-app-pass  Opaque  6     1s

These are the tables to create:

TableColumns 
ipam_ip_poolipam_serial_pool_idcreate_dateprefixprefix_idaddress_family(v4/v6)prefix_status:Pending, Activate, Deletedescription (vfw-protect, or vfw-unprotected)region (RegionOne, RegionTwo)  
ipam_ip_assignmentipam_serial_ip_assignment_idcreate_dateservice_instance_idvf_module_idip_adressip_address_type (vip, fixed, floating etc..) prefix_id (string)ip_address_id (string)ip_statusip_response


These are the tables we created:


mysql> show columns from IPAM_IP_ASSIGNEMENT;
+---------------------+--------------+------+-----+-------------------+----------------+
| Field               | Type         | Null | Key | Default           | Extra          |
+---------------------+--------------+------+-----+-------------------+----------------+
| ipam_ip_uuid        | int(11)      | NO   | PRI | NULL              | auto_increment |
| create_date         | datetime     | NO   |     | CURRENT_TIMESTAMP |                |
| service_instance_id | varchar(255) | YES  |     | NULL              |                |
| vf_module_id        | varchar(255) | YES  |     | NULL              |                |
| external_key        | varchar(255) | YES  |     | NULL              |                |
| prefix_id           | varchar(255) | YES  |     | NULL              |                |
| ip_address_id       | varchar(255) | YES  |     | NULL              |                |
| ip_address          | varchar(255) | YES  |     | NULL              |                |
| ip_address_type     | varchar(255) | YES  |     | NULL              |                |
| ip_status           | varchar(255) | YES  |     | NULL              |                |
| ip_response_json    | varchar(255) | YES  |     | NULL              |                |
+---------------------+--------------+------+-----+-------------------+----------------+
10 rows in set (0.00 sec)mysql> show columns from IPAM_IP_POOL;
+----------------+--------------+------+-----+-------------------+----------------+
| Field          | Type         | Null | Key | Default           | Extra          |
+----------------+--------------+------+-----+-------------------+----------------+
| ipam_pool_uuid | int(11)      | NO   | PRI | NULL              | auto_increment |
| create_date    | datetime     | NO   |     | CURRENT_TIMESTAMP |                |
| prefix_id      | int(2)       | YES  |     | NULL              |                |
| prefix         | varchar(255) | YES  |     | NULL              |                |
| address_family | int(1)       | YES  |     | NULL              |                |
| prefix_status  | varchar(255) | YES  |     | NULL              |                |
| description    | varchar(255) | YES  |     | NULL              |                |
+----------------+--------------+------+-----+-------------------+----------------+

Three main things are achived durig pre-provisioning:

  • Create an admin onap user, as follow. This is part of the netbbox-app chart resources file: config/initializers/users.yml.

    onap:
    first_name: Steve
    last_name: McQueen
    email: steve.mcqueen@onap.org
    password: onap123$
    api_token: onceuponatimeiplayedwithnetbox20180814
    is_staff: true # whether user is admin or not, default = false
    is_active: true # whether user is active, default = true
    is_superuser: true # Whether user has all edit rights or not, default = false

  • Create an custom_fields being client_key in order to uniquely identify the resource with a key generated by ONAP. This is part of the netbbox-app chart resources file: config/initializers/custom_fields.yml.

    external-key: 
  description: "The external-key uniquely identify the resources to a service within ONAP."
  filterable: true
  label: ONAP external key
  on_objects: 
    - ipam.models.IPAddress
  required: true
  type: text
  weight: 0
resource-name:
  description: "The resource-name of the element using this IP."
  filterable: true
  label: ONAP resource name
  on_objects:
    - ipam.models.IPAddress
  required: true
  type: text
  weight: 0

  • The following script creating the prefixes and some objects within Netbox:

    #!/bin/bash

# Create region

echo "Create region: RegionOne"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/regions/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "RegionOne",
  "slug": "RegionOne"
}'

# Create tenant group

echo "Create tenant group: ONAP group"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenant-groups/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "ONAP group",
  "slug": "onap-group"
}'

# Create tenant

echo "Create tenant ONAP in ONAP group"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/tenancy/tenants/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "ONAP",
  "slug": "onap",
  "group": 1,
  "description": "ONAP tenant",
  "comments": "Tenant for ONAP demo use cases"
}'

# Create site

echo "Create ONAP demo site: Montreal Lab"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/dcim/sites/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "name": "Montreal Lab D3",
  "slug": "mtl-lab-d3",
  "region": 1,
  "tenant": 1,
  "facility": "Campus",
  "time_zone": "Canada/Atlantic",
  "description": "Site hosting the ONAP use cases",
  "physical_address": "1 Graham Bell",
  "shipping_address": "1 Graham Bell",
  "contact_name": "Alexis",
  "contact_phone": "0000000000",
  "contact_email": "adetalhouet89@gmail.com",
  "comments": "ONAP lab"
}'

# Create prefixes

echo "Create Prefix for vFW protected network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "192.168.20.0/24",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for protected network - vFW use case"
}'

echo "Create Prefix for vFW unprotected network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "192.168.10.0/24",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for unprotected network - vFW use case"
}'

echo "Create Prefix for ONAP general purpose network"
curl --silent -X POST \
  http://{{ .Values.service.name }}:{{ .Values.service.internalPort }}/api/ipam/prefixes/ \
  -H 'Authorization: Token onceuponatimeiplayedwithnetbox20180814' \
  -H 'Content-Type: application/json' \
  -d '{
  "prefix": "10.0.0.0/8",
  "site": 1,
  "tenant": 1,
  "is_pool": true,
  "description": "IP Pool for ONAP - general purpose"
}'

Overview

The generic-resource-api is used to assign cloud parameter assignment during instantiation flow. The vf-module instantiation flow begins with the main DG, self-serve-vfmodule-assign, when the svc-action = assign in the rpc request.

The main DG will call a series of sub-DGs according to the execution order of all the predefined capability components, such as generate-name, vlan-tag-assignment, eipam-ip-assignment, etc.

For IP assignment, the main DG calls the sub-DG, self-serve-eipam-ip-assignment to start the ip assignment process.

This wiki serves as the blueprint for capability integration with generic-resource-api for ip assignments, and it is used to integrate EIPAM custom plugin to obtain ip address assignments during vf-module orchestration.

Prerequisite                  

The following parameters must be set in context memory prior to the self-serve-eipam-ip-assignment sub-DG is called.

  • ss.capability-name
    • value that matches the capability DG name; i.e. self-serve-eipam-ip-assignment
  • ss.capability-action
    • assign
  • vnf-index
    • The array index of the vnf that owns this vf-module in config tree
  • vf-module-index
    • The array index of this vf-module in config tree
  • service-data.vnfs.vnf[$vnf-index].vnf-data.vf-modules.vf-module[$vf-module-index].vf-module-data.vf-module-topology.vf-module-parameters.param[].

Logic

1.   Unresolved Parameter Resolution

-        Calls self-serve-capability-param-resolution DG to resolve all the unresolved values in vf-module-parameters.param[].resource-resolution-data.resource-key[].value where resource-resolution-data.capability-name matches this DG name.

2.   Call EIPAM Plugin

-        The EIPAM plugin returns the ip assignment in a context variable, called eipam-ip-block

-        eipam-ip-block.plans[].requests[].ip-prefix

-        eipam-ip-block.plans[].requests[].ip-prefix-length

-        eipam-ip-block.plans[].requests[].ReservedAssignments[0]. ReservedAssignment[3].ReservedKeyIPAddress

-        Insert an entry to EIPAM_IP_ASSIGNMENTS table

3.   Set Heat Parameters

The sub-DG, self-serve-vfmodule-assign will set value of then heat parameters based on the EIPAM

-        vmxvre_oam_ip_0 = eipam-ip-block.plans[].requests[].ip-prefix

-        vmxvre_oam_ip_prefix_0 = eipam-ip-block.plans[].requests[].ip-prefix-length

-        vmxvre_oam_gateway = eipam-ip-block.plans[].requests[].ReservedAssignments[0].

-        ReservedAssignment[3].ReservedKeyIPAddress




VerbURIJSON payload (Bare minimal)ParamsTypeCommentsJSON responseNote
POST/api/ipam/prefixes/{prefix-id}/available-ips/

{

  "custom_fields": {

    "external-key": "test",

    "resource-name": "cloudParamName"

  }

}

prefix-idIntegerThe ID of the prefix from which to retrieve next available IP

{


    "id": 4,


    "address": "192.168.10.2/32",


    "vrf": null,


    "tenant": null,


    "status": 1,


    "role": null,


    "interface": null,


    "description": "",


    "nat_inside": null,


    "custom_fields": {


        "external-key": "test",


        "resource-name": "cloudParamName"


    },


    "created": "2018-08-30",


    "last_updated": "2018-08-30T14:59:05.277820Z"


}

Loop function within the SDNC for getting the next available for each cloud param resource. 


Overview


The generic-resource-api is used to unassign cloud parameters during the vf-module unassign flow. The vf-module unassign flow begins with the main DG, self-serve-vfmodule-unassign, when the svc-action = unassign in the rpc request.


The main DG will call a series of sub-DGs according to the execution order of all the predefined capability components, such as generate-name, vlan-tag-assignment, eipam-ip-assignment, etc to unassign cloud parameters.  Upon successful unassignment, the main DG will clear the service-data data in MD-SAL


Prerequisites


The following parameters must be set in context memory prior to the self-serve-eipam-ip-assignment sub-DG is called.


  • ss.capability-name

    • value that matches the capability DG name; i.e. self-serve-eipam-ip-assignment

  • ss.capability-action

    • unassign

  • vnf-index

    • The array index of the vnf that owns this vf-module in config tree

  • vf-module-index

    • The array index of this vf-module in config tree

  • service-data.vnfs.vnf[$vnf-index].vnf-data.vf-modules.vf-module[$vf-module-index].vf-module-data.vf-module-topology.vf-module-parameters.param[].


Logic


1.   Set EIPAM_IP_ASSIGNMENTS status


  • set EIPAM_IP_ASSIGNMENTS.status t0 PENDING_DELETE by service-instance-id and client-key


2.   Call EIPAM Plugin unassignIp


  • Calls EIPAM plugin unassignIp method to unassign ip from EIPAM


3.   Set Heat Parameters status


  • Set service-data … vf-module-parameters.param[].resource-resolution-data.status to DELETED for the following params

    • vmxvre_oam_ip_0

    • vmxvre_oam_ip_prefix_0

    • vmxvre_oam_gateway




Netbox Capability:




ActionVerbURIJSON payload (Bare minimal)ParamsTypeCommentsJSON responseNote
Delete IPDELETE/api/ipam/ip-addresses/{ip-id}/-ip-idIntegerThe ID of the IP address to delete-done as part of the VF Module delete action.









  • No labels