From 841e3df51a819618da69f67b80ebd58fb3935d51 Mon Sep 17 00:00:00 2001 From: "puthuparambil.aditya" Date: Tue, 5 Oct 2021 10:56:04 +0100 Subject: cps-core deployment document Issue-ID: CPS-687 Signed-off-by: puthuparambil.aditya Change-Id: I3df9994259c1bbd2173d6aa178c7f5b6d3d4498e --- docs/deployment.rst | 279 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 274 insertions(+), 5 deletions(-) diff --git a/docs/deployment.rst b/docs/deployment.rst index 3de5f63e8a..61f9ad2943 100644 --- a/docs/deployment.rst +++ b/docs/deployment.rst @@ -1,15 +1,284 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright (C) 2021 Nordix Foundation +.. Modifications Copyright (C) 2021 Bell Canada. .. DO NOT CHANGE THIS LABEL FOR RELEASE NOTES - EVEN THOUGH IT GIVES A WARNING .. _deployment: - CPS Deployment -############## +============== + +.. contents:: + :depth: 2 + +CPS OOM Charts +-------------- +The CPS kubernetes chart is located in the `OOM repository `_. +This chart includes different cps components referred as further in the document are listed below: + +.. container:: ulist + + - `cps-core `_ + - `cps-temporal `_ + - `ncmp-dmi-plugin `_ + +Please refer to the `OOM documentation `_ on how to install and deploy ONAP. + +Installing or Upgrading CPS Components +-------------------------------------- +The assumption is you have cloned the charts from the OOM repository into a local directory. + +**Step 1** Go to the cps charts and edit properties in values.yaml files to make any changes to particular cps component if required. + +.. code-block:: bash + + cd oom/kubernetes/cps/components/ + +**Step 2** Build the charts + +.. code-block:: bash + + cd oom/kubernetes + make SKIP_LINT=TRUE cps + +.. note:: + SKIP_LINT is only to reduce the "make" time + +**Step 3** Undeploying already deployed cps components + +After undeploying cps components, keep monitoring the cps pods until they go away. + +.. code-block:: bash + + helm del --purge - + kubectl get pods -n | grep + +**Step 4** Make sure there is no orphan database persistent volume or claim. + +First, find if there is an orphan database PV or PVC with the following commands: + +.. note:: + This step does not apply to ncmp-dmi-plugin. + +.. code-block:: bash + + kubectl get pvc -n | grep + kubectl get pv -n | grep + +If there are any orphan resources, delete them with + +.. code-block:: bash + + kubectl delete pvc + kubectl delete pv + +**Step 5** Delete NFS persisted data for CPS components + +Connect to the machine where the file system is persisted and then execute the below command + +.. code-block:: bash + + rm -fr /dockerdata-nfs// + +**Step 6** Re-Deploy cps pods + +After deploying cps, keep monitoring the cps pods until they come up. + +.. code-block:: bash + + helm deploy local/cps --namespace + kubectl get pods -n | grep + +Restarting a faulty component +----------------------------- +Each cps component can be restarted independently by issuing the following command: + +.. code-block:: bash + + kubectl delete pod -n + +.. _credentials_retrieval: + +Credentials Retrieval +--------------------- + +Application and database credentials are kept in Kubernetes secrets. They are defined as external secrets in the +values.yaml file to be used across different components as : + +.. container:: ulist + + - `cps-core `_ + - `cps-temporal `_ + - `ncmp-dmi-plugin `_ + +Below are the list of secrets for different cps components. + ++--------------------------+---------------------------------+---------------------------------------------------+ +| Component | Secret type | Secret Name | ++==========================+=================================+===================================================+ +| cps-core | Database authentication | -cps-core-pg-user-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ +| cps-core | Rest API Authentication | -cps-core-app-user-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ +| cps-temporal | Rest API Authentication | -cps-temporal-app-user-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ +| cps-temporal | Database authentication | -cps-temporal-pg-user-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ +| ncmp-dmi-plugin | Rest API Authentication | -cps-dmi-plugin-user-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ +| ncmp-dmi-plugin | SDNC authentication | -ncmp-dmi-plugin-sdnc-creds | ++--------------------------+---------------------------------+---------------------------------------------------+ + +The credential values from these secrets are configured in running container as environment variables. Eg: +`cps core deployment.yaml `_ + +If no specific passwords are provided to the chart as override values for deployment, then passwords are automatically +generated when deploying the Helm release. Below command can be used to retrieve application property credentials + +.. code:: + + kubectl get secret - -n -o json | jq '.data | map_values(@base64d)' + +.. note:: + base64d works only with jq version 1.6 or above. + +CPS Core Pods +============= +To get a listing of the cps-core Pods, run the following command: + +.. code-block:: bash + + kubectl get pods -n | grep cps-core + + dev-cps-core-ccd4cc956-r98pv 1/1 Running 0 24h + dev-cps-core-postgres-primary-f7766d46c-s9d5b 1/1 Running 0 24h + dev-cps-core-postgres-replica-84659d68f9-6qnt4 1/1 Running 0 24h + + +Additional Cps-Core Customizations +================================== + +The following table lists some properties that can be specified as Helm chart +values to configure the application to be deployed. This list is not +exhaustive. + ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| Property | Description | Default Value | ++=======================================+=========================================================================================================+===============================+ +| config.appUserName | User name used by cps-core service to configure the authentication for REST API it exposes. | ``cpsuser`` | +| | | | +| | This is the user name to be used by cps-core REST clients to authenticate themselves. | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.appUserPassword | Password used by cps-core service to configure the authentication for REST API it exposes. | Not defined | +| | | | +| | This is the password to be used by CPS Temporal REST clients to authenticate themselves. | | +| | | | +| | If not defined, the password is generated when deploying the application. | | +| | | | +| | See also :ref:`credentials_retrieval`. | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.dmiPluginUserName | User name used by cps-core to authenticate themselves for using ncmp-dmi-plugin service. | ``dmiuser`` | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.dmiPluginUserPassword | Internal password used by cps-core to connect to ncmp-dmi-plugin service. | Not defined | +| | | | +| | If not defined, the password is generated when deploying the application. | | +| | | | +| | See also :ref:`credentials_retrieval`. | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| postgres.config.pgUserName | Internal user name used by cps-core to connect to its own database. | ``cps`` | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| postgres.config.pgUserPassword | Internal password used by cps-core to connect to its own database. | Not defined | +| | | | +| | If not defined, the password is generated when deploying the application. | | +| | | | +| | See also :ref:`credentials_retrieval`. | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| postgres.config.pgDatabase | Database name used by cps-core | ``cpsdb`` | +| | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| logging.level | Logging level set in cps-core | info | +| | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.eventPublisher. | Kafka hostname and port | ``message-router-kafka:9092`` | +| spring.kafka.bootstrap-servers | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.eventPublisher. | Kafka consumer client id | ``cps-core`` | +| spring.kafka.consumer.client-id | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security protocol. | ``PLAINTEXT`` | +| spring.kafka.security.protocol | Some possible values are: | | +| | | | +| | * ``PLAINTEXT`` | | +| | * ``SASL_PLAINTEXT``, for authentication | | +| | * ``SASL_SSL``, for authentication and encryption | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL mechanism. Required for SASL_PLAINTEXT and SASL_SSL protocols. | Not defined | +| spring.kafka.properties. | Some possible values are: | | +| sasl.mechanism | | | +| | * ``PLAIN``, for PLAINTEXT | | +| | * ``SCRAM-SHA-512``, for SSL | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL JAAS configuration. Required for SASL_PLAINTEXT and SASL_SSL protocols. | Not defined | +| spring.kafka.properties. | Some possible values are: | | +| sasl.jaas.config | | | +| | * ``org.apache.kafka.common.security.plain.PlainLoginModule required username="..." password="...";``, | | +| | for PLAINTEXT | | +| | * ``org.apache.kafka.common.security.scram.ScramLoginModule required username="..." password="...";``, | | +| | for SSL | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL SSL store type. Required for SASL_SSL protocol. | Not defined | +| spring.kafka.ssl.trust-store-type | Some possible values are: | | +| | | | +| | * ``JKS`` | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL SSL store file location. Required for SASL_SSL protocol. | Not defined | +| spring.kafka.ssl.trust-store-location | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL SSL store password. Required for SASL_SSL protocol. | Not defined | +| spring.kafka.ssl.trust-store-password | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.publisher. | Kafka security SASL SSL broker hostname identification verification. Required for SASL_SSL protocol. | Not defined | +| spring.kafka.properties. | Possible value is: | | +| ssl.endpoint.identification.algorithm | | | +| | * ``""``, empty string to disable | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Kafka topic to publish to cps-temporal | ``cps.data-updated-events`` | +| notification.data-updated.topic | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | If notification from cps-core to cps-temporal is enabled or not. | ``true`` | +| notification.data-updated.enabled | If this is set to false, then the config.publisher properties could be skipped. | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Dataspaces to be enabled for publishing events to cps-temporal | ```` | +| notification.data-updated.filters. | | | +| enabled-dataspaces | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | If notifications should be processed in synchronous or asynchronous manner | ``false`` | +| notification.async.enabled | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Core pool size in asynchronous execution of notification. | ``2`` | +| notification.async.executor. | | | +| core-pool-size | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Max pool size in asynchronous execution of notification. | ``1`` | +| notification.async.executor. | | | +| max-pool-size | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Queue Capacity in asynchronous execution of notification. | ``500`` | +| notification.async.executor. | | | +| queue-capacity | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | If the executor should wait for the tasks to be completed on shutdown | ``true`` | +| notification.async.executor. | | | +| wait-for-tasks-to-complete-on-shutdown| | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ +| config.additional. | Prefix to be added to the thread name in asynchronous execution of notifications. | ``async_`` | +| notification.async.executor. | | | +| thread-name-prefix | | | ++---------------------------------------+---------------------------------------------------------------------------------------------------------+-------------------------------+ -.. warning:: draft +CPS-Core Docker Installation +============================ -.. toctree:: - :maxdepth: 1 +CPS-Core can also be installed in a docker environment. Latest `docker-compose `_ is included in the repo to start all the relevant services. +The latest instructions are covered in the `README `_. -- cgit 1.2.3-korg