blob: e31348cf3ee78479dea2111dde29c70abb39901b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. http://creativecommons.org/licenses/by/4.0
.. _ves-installation:
Installation
============
VESCollector is installed via cloudify blueprint by DCAE bootstrap process on typical ONAP installation.
As the service is containerized, it can be started on stand-alone mode also.
To run VES Collector container on standalone mode, following parameters are required
``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9``
DMAAPHOST is required for standalone; for normal platform installed instance the publish URL are obtained from Consul. Below parameters are exposed for DCAE platform (cloudify) deployed instance
- COLLECTOR_IP
- DMAAPHOST - should contain an address to DMaaP, so that event publishing can work
- CONFIG_BINDING_SERVICE - should be a name of CBS
- CONFIG_BINDING_SERVICE_SERVICE_PORT - should be a http port of CBS
- HOSTNAME - should be a name of VESCollector application as it is registered in CBS catalog
These parameters can be configured either by passing command line option during `docker run` call or by specifying environment variables named after command line option name
Authentication Support
----------------------
VES Collector support following authentication types
* *auth.method=noAuth* default option - no security (http)
* *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
The blueprint is same for both deployments - based on the input configuration, VESCollector can be set for required authentication type.
Default ONAP deployed VESCollector is configured for "certBasicAuth".
If VESCollector instance need to be deployed with authentication disabled, follow below setup
- Execute into Bootstrap POD using kubectl command
.. note::
For doing this, follow the below steps
* First get the bootstrap pod name by running run this: kubectl get pods -n onap | grep bootstrap
* Then login to bootstrap pod by running this: kubectl exec -it <bootstrap pod> bash -n onap
- VES blueprint is available under /blueprints directory ``k8s-ves.yaml``. A corresponding input file is also pre-loaded into bootstrap pod under /inputs/k8s-ves-inputs.yaml
- Deploy blueprint
.. code-block:: bash
cfy install -b ves-http -d ves-http -i /inputs/k8s-ves-inputs.yaml /blueprints/k8s-ves.yaml
To undeploy ves-http, steps are noted below
- Uninstall running ves-http and delete deployment
.. code-block:: bash
cfy uninstall ves-http
The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below
** An error occurred on the server: 400: Can't delete blueprint ves-http - There exist deployments for this blueprint; Deployments ids: ves-http**
In this case blueprint can be deleted explicitly using this command.
.. code-block:: bash
cfy blueprint delete ves-http
Using external TLS certificates obtained using CMP v2 protocol
--------------------------------------------------------------
In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description:
.. toctree::
:maxdepth: 1
Enabling TLS with external x.509 certificates <../../tls_enablement>
|