diff options
Diffstat (limited to 'docs/guides/onap-user/vfwcl-design-tutorial/index.rst')
-rw-r--r-- | docs/guides/onap-user/vfwcl-design-tutorial/index.rst | 251 |
1 files changed, 0 insertions, 251 deletions
diff --git a/docs/guides/onap-user/vfwcl-design-tutorial/index.rst b/docs/guides/onap-user/vfwcl-design-tutorial/index.rst deleted file mode 100644 index db68382e0..000000000 --- a/docs/guides/onap-user/vfwcl-design-tutorial/index.rst +++ /dev/null @@ -1,251 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 -.. International License. http://creativecommons.org/licenses/by/4.0 -.. Copyright © 2017-2020 Aarna Networks, Inc. - -vFWCL Design Tutorial -##################### - -The instructions in this section will enable you to design the vFW Control Loop. The prerequisite for this tutorial is that the -vFW_service design/deployment/instantiation should be completed. - -Control Loop Flow -================= - -This section describes the vFW control loop flow and the modules involved. Following is the list of modules -that are involved in designing and deploying the vFW CL - - 1) SDC: The first step of the procedure is to distribute the DCAE (TCA microservice) blueprint. That is done through ONAP SDC. - 2) CLAMP: This is a tool for designing the policy and configuring the TCA threshold. CLAMP, along with DCAE, can also be used - to manage the lifecycle of CLs - 3) DCAE (platform and micro services): Multiple components of the DCAE module get involved in the overall lifecycle of the CL. - 4) TCA: The CDAP threshold controlling application is a DCAE microservice. - 5) ONAP Policy engine: The output of DCAE is sent to the Policy engine as an input event. We will use the DROOLS Policy engine. - 6) APPC : The last hop in the CL, which takes the config action on the vPG on the output of the Policy engine. - -Distribute DCAE blueprints -========================== - -In order to distribute the DCAE microservice blueprints we need to create a dummy service. The DCAE blueprint will be added as an artifact -to the VF inside the service during service composition time. - -Follow the below steps to upload the blueprint for the TCA (Threshold Checking Application) DCAE microservice and Distribute the service to the CLAMP - -The following screenshot of the setup shows where “dcae_service” has been created and is in the composition phase. - -.. note:: - The service name should not contain any spaces. The DCAE policy fails to fetch the service from PDP if the name has a space. - For example ‘dcae1’ will work and ‘dcae 1’ will not. - -1. Login as DESIGNER (cs0008) and create the service, checkin and certify - -|image16| - -2. Add any VNF (ex: vfw_pg) that was already created during the SDC design phase - -In the composition canvas drag and drop a resource of type VF from the abstract section in the Elements section (left hand side panel) - -|image15| - -3. Download the required DCAE MS blueprint to be attached to the service - -Use the sample TCA blueprint located here: -https://git.onap.org/dcaegen2/platform/blueprints/tree/blueprints/k8s-tcagen2-clampnode.yaml - -.. note:: - * Check if the version of the plugin used in the blueprint is different from existing, then update the blueprint import to match - * To check the version run this: `cfy plugins list | grep k8splugin` - -4. Now upload the Control Loop Artifact. The procedure to upload the artifact is - - * Click on the VF, as in the picture above the ‘vsp_pg 0’ is selected - * Click on ‘DEPLOYMENT ARTIFACTS’ and then click on “Add Artifact” - - |image5| - - * Fill the details and in the type select DCAE_INVENTORY_BLUEPRINT, then click on Done as in the picture shown below - - |image13| - -5. After uploading the DCAE artifact to the SDC Service, attach the policy model to the Service. From the left drop down, -select TCA policy under Policies, and click on the Add policy - -|image1| - -6. Click on Checkin on top right corner then click OK - -|image12| - -7. Search and select the same service from CATALOG and click on Certify on top right corner - -|image14| - -8. Click Distribute to distribute the service, then click on Distribution in the left hand side panel and monitor until -the distribution is complete. We should see artifacts deployed in CLAMP and Policy engine, as can be seen in the picture below - -|image19| - -At this point we can open the CLAMP GUI and verify that the DCAE microservice design template is in place - -DCAE MS design in CLAMP -======================= - -CLAMP is a GUI tool which enables the users to design the policies, distribute them to the DROOLS engine and eventually deploy -the DCAE microservices. In this section we are going to design, distribute and deploy the BRMS (DROOLS) and TCA policy. - -Clamp uses AAF to authenticate the user and get the different permissions. In order to access the CLAMP GUI we will need to add the certificate. - -1. Add the necessary certificates in the browser - -The default certificate can be found here: https://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src/main/resources/clds/aaf/org.onap.clamp.p12;h=268aa1a3ce56e01448f8043cc0b05b5fceb5a47d;hb=HEAD - -The password is: "China in the Spring" -The certificate must be loaded into your favorite browser before trying to load the CLAMP UI. - -Ex: In case of Firefox browser, below is the procedure on how to add the certificate - -Open firefox browser and go to Preferences and search for Certificate Manager and Select “View Certificates“ button. -This will open the following dialog to import certificate files from Your certificates menu. - -You need to go in options->Privacy & Security-> Scroll down to Certificates options a View Certificates Button -and then Your certificates Tab -> Then Import button - -|image6| - -2. After the certificate is added, the CLAMP GUI can be accessed at: -`https://<host_IP>:30258` (host_IP is the node IP where CLAMP is running) - -3. Before designing the policy we need to undeploy the default tca policy. -To undeploy default policy execute the below commands on control node - -.. code-block:: - - > kubectl get deployments -n onap | grep "dep-dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' | - xargs kubectl delete deployments -n onap - > kubectl get svc -n onap | grep "dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' | - xargs kubectl delete svc -n onap - To Verify there are no dcae-analytics POD, run the below command - > kubectl get pods -n onap | grep 'analytics' - -4. If the service has been distributed correctly, following is how the service design templates -listed in the Loop Templates as below - -|image7| - -Available Policy Models - -|image10| - -5. Create the loop from the templates distributed by SDC - -|image4| - -|image20| - -6. Add the Operational Policy -Click on Loop Instance drop down and select Modify then click, select the policy model type then click Add - -|image9| - -|image3| - -7. Click on the MS application box and configure -Fill the details in the pop up window and click on the save changes button. - - A. Click on app and Edit the Policy details, fill the below details - - * eventName: vFirewallBroadcastPackets - * policyScope: DCAE - * policyVersion: v0.0.1 - * Select controlLoopSchemaType as VM - * policyName: DCAE.Config_tca-hi-lo - * Select Pdp Group Info from the drop down as defaultGroup & xacm - - |image17| - - B. Click on the Add monitoring threshold1 button and fill the below details - - * version : 1.0.2 - * closedLoopControlName : name of the CL (ex: LOOP_TEMPLATE_mytest_srv_v1_0_vsp_pg0_k8s-tca) - * select the direction from dropdown (ex: LESS) - - |image11| - - C. Click on the Add monitoring threshold2 button and fill the details same as above then click on Save Changes button - - |image24| - -8. Click on the Operational policy box and configure -Fill the details in the pop window then click on save changes - -|image22| - -|image18| - -9. Submit the control loop to the policy -From Loop Operations drop down select SUBMIT and click - -|image23| - -10. Deploy the control loop to DCAE -From Loop Operations drop down select DEPLOY and click, verify the details and click Deploy - -|image2| - -|image8| - -Status Logs - -|image21| - -A successful deployment will make the service as DEPLOYED - -11. You can login into the control node and verify whether your new analytics application got deployed using below command - -.. code-block:: - - > kubectl get pods -n onap | grep analytics - Sample output - dep-dcae-tca-analytics-7fccbf459-xkxlq 2/2 Running 0 6m15s - - > cfy deployment list | grep CLAMP - Sample output - | CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | 2020-11-10 19:23:22.286 | - 2020-11-10 19:23:22.286 | tenant | default_tenant | admin | - - -.. |image16| image:: media/image16.png -.. |image15| image:: media/image15.png -.. |image5| image:: media/image5.png -.. |image13| image:: media/image13.png -.. |image1| image:: media/image1.png -.. |image12| image:: media/image12.png -.. |image14| image:: media/image14.png -.. |image19| image:: media/image19.png -.. |image6| image:: media/image6.png -.. |image7| image:: media/image7.png -.. |image10| image:: media/image10.png -.. |image4| image:: media/image4.png -.. |image20| image:: media/image20.png -.. |image9| image:: media/image9.png -.. |image3| image:: media/image3.png -.. |image17| image:: media/image17.png -.. |image11| image:: media/image11.png -.. |image24| image:: media/image24.png -.. |image22| image:: media/image22.png -.. |image18| image:: media/image18.png -.. |image23| image:: media/image23.png -.. |image2| image:: media/image2.png -.. |image8| image:: media/image8.png -.. |image21| image:: media/image21.png - - - - - - - - - - - - |