Feedback for OOM

Here we can check and give feedback to findings of OOM users.

CI/CD for open source SMO

Louis Li (louis li <louis890404@gmail.com>) prepared slides about his findings and experience with the OOM deployment stored here:

Contributions - SMO - Confluence (o-ran-sc.org)

https://wiki.o-ran-sc.org/download/attachments/35881444/2024-1-10%20OSC%20IT-DEP%20SMO%20Deployment%20Upgrade.pdf?api=v2

Facts:

• it/dep project uses helm charts from the ONAP OOM project
  • By including onap_oom as a git submodule in it/dep code base
• The latest update for submodule onap_oom was in Nov 2022
  • With ONAP Jakarta release (released in June 2022)

Q&A

• Page 2: "Problem: Has ONAP Montreal finished its release cycle?"
  • yes, sign-off at 14.12.2023
• Page 3: "By default, the message router no longer exposes NodePort We expose this port for testing"

  • Could be also exposed via ingress by enabling it in values.yaml of DMAAP:

    message-router:
      ingress:
        enabled: true
        service:
          - baseaddr: "dmaap-mr-api"
            name: "message-router"
            port: *svc_port
        config:
          ssl: "redirect"

• Page 3: "Upgrades strimzi-operator from 0.28.0 to 0.36.1, Add podAntiAffinity to avoid deploying replica pods on the same node, We change strimzi replica count in helm override from 3 to 1 for single
  node Kubernetes"
  
  • is added to "Montreal" release: https://gerrit.onap.org/r/c/oom/+/136590
• Page 5: "Does ONAP Plan to Deprecate DMaaP MR?"
  • Yes, initially this was planned in London, but not implemented by all components (Policy, SDNC, DCAE,...)
  • Plans:
    
    • Policy: POLICY-4402 - Getting issue details... STATUS
    • DCAE (some components) by DT
    • AAI
  • Still (in NewDelhi) missing component support:
    
  • Planned updates:
    • AAI
    • SO
    • Policy
    • some DCAE components

Fixes/Improvements

• Page 7: DMaaP mediator listens to MR topics
  • To be checked
• Page 8: Move configurations to Values file
  • Would gain more flexibility, but also much additional text in values.yaml
  • Possibly only certain variable fields could be exposed
• Page 9/10: No reusable nonrtric-common chart / Common Templates
  • good idea, also done in ONAP
  • but adds dependency
• Page 11: Remove nested chart variables
  • Or use "global.xxx" variables
• Page 12: YAML File Comparison
  • use "helm/k8s recommended labels" → absolutely correct
  • but allow to add own labels (e.g. "app", "version",...) in each chart or globally, as e.g. Istio, ArgoCD,... required special ones
• Page 13: Values File Changes
  
  • Service definitions in "values.yaml" depends in ONAP much on the template definition (see https://git.onap.org/oom/tree/kubernetes/common/common/templates/_service.tpl)

Additional Improvement ideas

Mail (Louis Li):

1. SDNC's dgbuilder is broken; it shows an UnsupportedClassVersionError when clicking "display graph". It seems that dgbuilder lacks an upgrade. Is dgbuilder still an active component, or has it been deprecated? (SDNC is using openjdk 17.0.6 [class version 55], while dgbuilder is using openjdk 11.0.18 [class version 61]. I think we need to upgrade the base image for dgbuilder's Dockerfile in `ccsdk-distribution` from openjdk11 to openjdk17.)
2. ONAP OOM uses the legacy Keycloak or WildFly version, while OSC OAM projects use the Quarkus version. I have noticed that the APIs of these two versions are not fully compatible. I am not familiar with Keycloak, but it seems that Quarkus is the trend?
   1. good idea → created ticket: OOM-3267 - Getting issue details... STATUS
3. When trying to enable SDNC OAuth, SDNC reads the config file `/opt/onap/sdnc/data/oauth-aaa-app-config.xml`. Then I found the default config file in the SDNC image is not working. After comparing with the config used by OSC OAM, the image default uses `org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter/ODLHttpAuthenticationFilter2` for `anyroles` and `authcBearer`. However, these two classes do not exist in `opendaylight/aaa`. OAM uses `org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.AnyRoleHttpAuthenticationFilter/BearerAndBasicHttpAuthenticationFilter`, which is workable. I am not sure if this is a historical problem or not. Also, `/**/config/aaa*/**` needs to be changed to `/rests/**/aaa*/**`.
4. OOM SDNC can configure the OAuth provider in the values file; however, the example fields in the values file do not match with the valid configuration. Currently, the fields include: id, type, host, clientID, secret, scope, title, roleMapping. After reviewing `sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java` and referring to OAM's configuration, I think the correct fields might be: id, type, url, clientId, openIdConfigUrl, secret, scope, title, roleMapping, realmName, trustAll.