1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
.. This work is licensed under a Creative Commons Attribution 4.0
.. International License. http://creativecommons.org/licenses/by/4.0
.. Copyright © 2017-2020 Aarna Networks, Inc.
vFWCL Design Tutorial
#####################
The instructions in this section will enable you to design the vFW Control Loop. The prerequisite for this tutorial is that the
vFW_service design/deployment/instantiation should be completed.
Control Loop Flow
=================
This section describes the vFW control loop flow and the modules involved. Following is the list of modules
that are involved in designing and deploying the vFW CL
1) SDC: The first step of the procedure is to distribute the DCAE (TCA microservice) blueprint. That is done through ONAP SDC.
2) CLAMP: This is a tool for designing the policy and configuring the TCA threshold. CLAMP, along with DCAE, can also be used
to manage the lifecycle of CLs
3) DCAE (platform and micro services): Multiple components of the DCAE module get involved in the overall lifecycle of the CL.
4) TCA: The CDAP threshold controlling application is a DCAE microservice.
5) ONAP Policy engine: The output of DCAE is sent to the Policy engine as an input event. We will use the DROOLS Policy engine.
6) APPC : The last hop in the CL, which takes the config action on the vPG on the output of the Policy engine.
Distribute DCAE blueprints
==========================
In order to distribute the DCAE microservice blueprints we need to create a dummy service. The DCAE blueprint will be added as an artifact
to the VF inside the service during service composition time.
Follow the below steps to upload the blueprint for the TCA (Threshold Checking Application) DCAE microservice and Distribute the service to the CLAMP
The following screenshot of the setup shows where “dcae_service” has been created and is in the composition phase.
.. note::
The service name should not contain any spaces. The DCAE policy fails to fetch the service from PDP if the name has a space.
For example ‘dcae1’ will work and ‘dcae 1’ will not.
1. Login as DESIGNER (cs0008) and create the service, checkin and certify
|image16|
2. Add any VNF (ex: vfw_pg) that was already created during the SDC design phase
In the composition canvas drag and drop a resource of type VF from the abstract section in the Elements section (left hand side panel)
|image15|
3. Download the required DCAE MS blueprint to be attached to the service
Use the sample TCA blueprint located here:
https://git.onap.org/dcaegen2/platform/blueprints/tree/blueprints/k8s-tcagen2-clampnode.yaml
.. note::
* Check if the version of the plugin used in the blueprint is different from existing, then update the blueprint import to match
* To check the version run this: `cfy plugins list | grep k8splugin`
4. Now upload the Control Loop Artifact. The procedure to upload the artifact is
* Click on the VF, as in the picture above the ‘vsp_pg 0’ is selected
* Click on ‘DEPLOYMENT ARTIFACTS’ and then click on “Add Artifact”
|image5|
* Fill the details and in the type select DCAE_INVENTORY_BLUEPRINT, then click on Done as in the picture shown below
|image13|
5. After uploading the DCAE artifact to the SDC Service, attach the policy model to the Service. From the left drop down,
select TCA policy under Policies, and click on the Add policy
|image1|
6. Click on Checkin on top right corner then click OK
|image12|
7. Search and select the same service from CATALOG and click on Certify on top right corner
|image14|
8. Click Distribute to distribute the service, then click on Distribution in the left hand side panel and monitor until
the distribution is complete. We should see artifacts deployed in CLAMP and Policy engine, as can be seen in the picture below
|image19|
At this point we can open the CLAMP GUI and verify that the DCAE microservice design template is in place
DCAE MS design in CLAMP
=======================
CLAMP is a GUI tool which enables the users to design the policies, distribute them to the DROOLS engine and eventually deploy
the DCAE microservices. In this section we are going to design, distribute and deploy the BRMS (DROOLS) and TCA policy.
Clamp uses AAF to authenticate the user and get the different permissions. In order to access the CLAMP GUI we will need to add the certificate.
1. Add the necessary certificates in the browser
The default certificate can be found here: https://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src/main/resources/clds/aaf/org.onap.clamp.p12;h=268aa1a3ce56e01448f8043cc0b05b5fceb5a47d;hb=HEAD
The password is: "China in the Spring"
The certificate must be loaded into your favorite browser before trying to load the CLAMP UI.
Ex: In case of Firefox browser, below is the procedure on how to add the certificate
Open firefox browser and go to Preferences and search for Certificate Manager and Select “View Certificates“ button.
This will open the following dialog to import certificate files from Your certificates menu.
You need to go in options->Privacy & Security-> Scroll down to Certificates options a View Certificates Button
and then Your certificates Tab -> Then Import button
|image6|
2. After the certificate is added, the CLAMP GUI can be accessed at:
`https://<host_IP>:30258` (host_IP is the node IP where CLAMP is running)
3. Before designing the policy we need to undeploy the default tca policy.
To undeploy default policy execute the below commands on control node
.. code-block::
> kubectl get deployments -n onap | grep "dep-dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' |
xargs kubectl delete deployments -n onap
> kubectl get svc -n onap | grep "dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' |
xargs kubectl delete svc -n onap
To Verify there are no dcae-analytics POD, run the below command
> kubectl get pods -n onap | grep 'analytics'
4. If the service has been distributed correctly, following is how the service design templates
listed in the Loop Templates as below
|image7|
Available Policy Models
|image10|
5. Create the loop from the templates distributed by SDC
|image4|
|image20|
6. Add the Operational Policy
Click on Loop Instance drop down and select Modify then click, select the policy model type then click Add
|image9|
|image3|
7. Click on the MS application box and configure
Fill the details in the pop up window and click on the save changes button.
A. Click on app and Edit the Policy details, fill the below details
* eventName: vFirewallBroadcastPackets
* policyScope: DCAE
* policyVersion: v0.0.1
* Select controlLoopSchemaType as VM
* policyName: DCAE.Config_tca-hi-lo
* Select Pdp Group Info from the drop down as defaultGroup & xacm
|image17|
B. Click on the Add monitoring threshold1 button and fill the below details
* version : 1.0.2
* closedLoopControlName : name of the CL (ex: LOOP_TEMPLATE_mytest_srv_v1_0_vsp_pg0_k8s-tca)
* select the direction from dropdown (ex: LESS)
|image11|
C. Click on the Add monitoring threshold2 button and fill the details same as above then click on Save Changes button
|image24|
8. Click on the Operational policy box and configure
Fill the details in the pop window then click on save changes
|image22|
|image18|
9. Submit the control loop to the policy
From Loop Operations drop down select SUBMIT and click
|image23|
10. Deploy the control loop to DCAE
From Loop Operations drop down select DEPLOY and click, verify the details and click Deploy
|image2|
|image8|
Status Logs
|image21|
A successful deployment will make the service as DEPLOYED
11. You can login into the control node and verify whether your new analytics application got deployed using below command
.. code-block::
> kubectl get pods -n onap | grep analytics
Sample output
dep-dcae-tca-analytics-7fccbf459-xkxlq 2/2 Running 0 6m15s
> cfy deployment list | grep CLAMP
Sample output
| CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | 2020-11-10 19:23:22.286 |
2020-11-10 19:23:22.286 | tenant | default_tenant | admin |
.. |image16| image:: media/image16.png
.. |image15| image:: media/image15.png
.. |image5| image:: media/image5.png
.. |image13| image:: media/image13.png
.. |image1| image:: media/image1.png
.. |image12| image:: media/image12.png
.. |image14| image:: media/image14.png
.. |image19| image:: media/image19.png
.. |image6| image:: media/image6.png
.. |image7| image:: media/image7.png
.. |image10| image:: media/image10.png
.. |image4| image:: media/image4.png
.. |image20| image:: media/image20.png
.. |image9| image:: media/image9.png
.. |image3| image:: media/image3.png
.. |image17| image:: media/image17.png
.. |image11| image:: media/image11.png
.. |image24| image:: media/image24.png
.. |image22| image:: media/image22.png
.. |image18| image:: media/image18.png
.. |image23| image:: media/image23.png
.. |image2| image:: media/image2.png
.. |image8| image:: media/image8.png
.. |image21| image:: media/image21.png
|
