summaryrefslogtreecommitdiffstats
path: root/docs/docs_vFWDT.rst
blob: 16e6bbd2cd909397703915745482984ddeaf4de0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
.. This work is licensed under a Creative Commons Attribution 4.0
   International License. http://creativecommons.org/licenses/by/4.0
   
.. _docs_vfw_traffic:

.. contents::
   :depth: 3
..

vFW Traffic Distribution Use Case
---------------------------------
Description
~~~~~~~~~~~

The purpose of this work was to create new LCM API in APPC – DistributeTraffic. The APPC/SDN-C client is requesting a change to traffic distribution (redistribution) done by a traffic balancing/distribution entity (aka anchor point) or mechanism. This action targets the traffic balancing/distribution entity, in some cases DNS, other cases a load balancer external to the VNF instance, as examples. Traffic distribution (weight) changes intended to take a VNF instance out of service are completed only when all in-flight traffic/transactions have been completed. To complete the traffic redistribution process, gracefully taking a VNF instance out-of-service,without dropping in-flight calls or sessions, QuiesceTraffic command may need to follow traffic distribution changes (assigning weight 0 or very low weight to VNF instance). The VNF application remains in an active state.

Traffic Distribution functionality is an outcome of Change Management project. Further details can be found on project's page

https://wiki.onap.org/display/DW/Change+Management+Extensions

Test Scenario
~~~~~~~~~~~~~

.. figure:: files/figure1.png
   :scale: 40 %
   :align: center

   Figure 1 The idea of DistributeTraffic LCM Use Case

The idea of the scenario is shown on Figure 1. In a result of the DistributeTraffic LCM action traffic flow originated from vPKG to vFW 1 and vSINK 1 is redirected to vFW 2 and vSINK 2. Result of the change can be observed also on the vSINKs' dashboards which show a current incoming traffic. Observation of the dashboard from vSINK 1 and vSINK 2 proves that API works properly.

.. figure:: files/figure2.png
   :scale: 50 %
   :align: center

   Figure 2 The result of traffic distribution

In order to setup the scenario and to test the DistributeTraffic LCM API in action you need to perform the following steps:

1. Create an instance of vFWDT (vPKG , 2 x vFW, 2 x vSINK) – dedicated for the DistributeTraffic LCM API tests

#. Upload Ansible playbook to Ansible Server

#. Setup Ansible Server to work with vPKG VM

#. Create configuration file for DistributeTraffic LCM in Ansible Server

#. Configure VNF in APPC CDT tool

#. Invoke REST API via APIDOC explorer, CDT Test tool or DMaaP

You need to have an access to the following containers:

-  APPC MariaDB container – setup Ansible adapter for VNF

-  APPC Ansible Server container – setyp of Ansible Server,
   configuration of playbook and input parameters for action

-  Any container that can be used to call DMaaP API e.g. the SO container

.. note:: This tutorial is based on SB-07 integration lab that was based on OpenStack deployment. For OOM based deployment port number may be different.

Scenario Setup
--------------

vFWDT Instantiation
~~~~~~~~~~~~~~~~~~~

In order to test a DistributeTraffic LCM API functionality a dedicated vFW instance must be prepared. It differs from a standard vFW instance by having an additional VF-module with a second instance of vFW and a second instance of vSINK. Thanks to that when a service instance is deployed there are already available two instances of vFW and vSINK that can be used for verification of DistributeTraffic LCM API – there is no need to use the ScaleOut function to test DistributeTraffic functionality what simplifies preparations for tests.

In order to instantiate vFWDT service please follow the procedure for standard vFW with following changes:

1. Please use the following HEAT templates:

https://github.com/onap/demo/tree/master/heat/vFWDT

2. Create Virtual Service in SDC with composition like it is shown on Figure 3

.. figure:: files/figure3.png
   :scale: 50 %
   :align: center

   Figure 3 Composition of vFWDT Service

3. Use the following payload files in the SDNC-Preload phase during the VF-Module instantiation

- :download:`vPKG preload example <files/vpkg-preload.json>`

- :download:`vFW/SNK 1 preload example <files/vfw-1-preload.json>`

- :download:`vFW/SNK 2 preload example <files/vfw-2-preload.json>`

**Note**: vFWDT has a specific configuration of the networks – different than the one in original vFW use case (see Figure 4). Two networks must be created before the heat stack creation: *onap-private* network (10.0.0.0/16 typically) and *onap-external-private* (e.g. "10.100.0.0/16"). The latter one should be connected over a router to the external network that gives an access to VMs. Thanks to that VMs can have a floating IP from the external network assigned automatically in a time of stacks' creation. Moreover, the vPKG heat stack must be created before the vFW/vSINK stacks (it means that the VF-module for vPKG must be created as a first one). The vPKG stack creates two networks for the vFWDT use case: *protected* and *unprotected*; so these networks must be present before the stacks for vFW/vSINK are created.

.. figure:: files/figure4.png
   :scale: 20 %
   :align: center

   Figure 4 Configuration of networks for vFWDT service

Configuration of VNF in the APPC CDT tool
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Following steps aim to configure DistributeTraffic LCM action for our vPKG VNF in APPC CDT tool.

1. Enter the Controller Design Tool page: http://appc_ip:CDT_port

.. note:: i.e. http://10.12.5.227:8080 for ONAP OpenStack deployment

2. Click on the *CREATE NEW VNF TYPE* button

.. figure:: files/figure5.png
   :scale: 60 %
   :align: center

   Figure 5 Creation of new VNF type in CDT

3. Enter the VNF Type retrieved from AAI or VID and press the *NEXT* button. Retrieve proper values for the vFWDT service instance

.. figure:: files/figure6.png
   :scale: 60 %
   :align: center

   Figure 6 Retrieving VNF type value with VID from Virtual Service Instance


.. figure:: files/figure7.png
   :scale: 60 %
   :align: center

   Figure 7 Creation of new VNF type in CDT

4. For already created VNF Type (if the view does not open itself) click the *View/Edit* button. In the LCM action edit view in the first tab please choose:

   -  *DistributeTraffic* as Action namethe

   -  *ANSIBLE* as Device Protocol

   -  *Y* value in Template dropdown menu

   -  *admin* as User Name

   -  *8000* as Port Number


.. figure:: files/figure8.png
   :scale: 60 %
   :align: center

   Figure 8 DistributeTraffic LCM action editing

5. Go to the *Template* tab and upload the request template file of the DistributeTraffic LCM action

::

    {
        "PlaybookName": "ansible_vfw_distributetraffic@0.00.yml",
        "NodeList": ["vpkg-1"],
        "EnvParameters": {
            "ConfigFileName": "config.json"
        },
        "Timeout": 3600
    }

.. note:: This step allows to create and edit template file for any APPC LCM DistributeTraffic action request for specified before VNF Type.

The *EnvParameters* group contains all the parameters that will be passed directly to the Ansible playbook during the request's execution. The *NodeList* parameter value must match the group of VMs like it was specified in the Ansible inventory file. *PlaybookName* must be the same as the name of playbook that was uploaded before to the Ansible server.

.. figure:: files/figure9.png
   :scale: 60 %
   :align: center

   Figure 9 Request template file after uploading

Select *ansible_vfw_distributetraffic@0.00.yml* and press CTRL+4 buttons. The new dialog window will appear. Enter a name *playbook* for this value and press the *Submit* button.

.. figure:: files/figure10.png
   :scale: 60 %
   :align: center

   Figure 10 Editing "playbook" parameter of request template

The same operation must be repeated for the *config.json* parameter. The parameter should have name *ConfigFileName*. Press the *Submit* button.

.. figure:: files/figure11.png
   :scale: 60 %
   :align: center

   Figure 11 Editing "ConfigFileName" parameter of request template

Afterwards press the *SYNCHRONIZE WITH TEMPLATE PARAMETERS* button. You will be moved to the *Parameter Definition* tab. The new parameters will be listed there.

.. figure:: files/figure12.png
   :scale: 60 %
   :align: center

   Figure 12 Summary of parameters specified for DistributeTraffic LCM action.

Finally, go back to the *Reference Data* tab and click *SAVE ALL TO APPC*.

Configuration of Ansible Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

After an instantiation of the vFWDT service the Ansible server must be configured in order to allow it a reconfiguration of vPKG VM.

1. Enter the Ansible Server container

2. Install nano and wget

::

    apt install wget nano

3. Download the distribute traffic playbook into the :file:`/opt/onap/ccsdk/Playbooks` directory

::

    cd /opt/onap/ccsdk/Playbooks

    wget https://raw.githubusercontent.com/onap/appc-deployment/master/playbook/ansible_vfw_distributetraffic%400.00.yml

4. Change with *nano* the *hosts: all* statement in the playbook into the *hosts: vpkg-1* statement

5. Copy a private key file used for VMs' creation into the :file:`/opt/onap/ccsdk/Playbooks/vpkg-1.pem` file and give it proper rights

::

    chmod 400 vpkg-1.pem

.. note:: The private key file must be related with a public key specified in the *pub_key* statement used in the *SDNC-Preloading* phase

6. Edit the :file:`/opt/onap/ccsdk/Playbooks/Ansible\ \_\ inventory` file including *vpkg-1* host

::

    [vpkg-1]
    vpkg-1 ansible_ssh_host=10.0.110.2 ansible_ssh_user=ubuntu ansible_ssh_private_key_file=/opt/onap/ccsdk/Playbooks/vpkg-1.pem

.. note:: Change IP address respectively

7. Test that the Ansible server can access *vpkg-1* host over ssh

::

    ansible –i Ansible_inventory vpkg-1 –m ping

8. Upload the payload file :file:`/opt/onap/ccsdk/Playbooks/config.json` with extra parameters for the Ansible playbook.

::

    {
       "fwIp": "192.168.10.110",
       "sinkIp": "192.168.20.240"
    }

.. note:: This step can be omitted when the CDT template file for the *DistributeTraffic* action will be formulated in a different way. In consequence all the parameters required by a playbook can be defined directly on the CDT level and there is no need to maintain this file. For our VNF this file contains an IP address of vFW 2 from the *unprotected* network and an IP address of vSINK 2 from the *protected* network.

Configuration of MySQL/MariaDB for Ansible
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For each VNF that uses the Ansible protocol you need to configure *PASSWORD* and *URL* field* in the *DEVICE_AUTHENTICATION* table.

1. Enter the MariaDB container

2. Enter the Maria DB CLI (password is *gamma*)

::

    mysql -u sdnctl -p

3. Invoke the following commands

::

    MariaDB [(none)]> use sdnctl;
    MariaDB [sdnctl]> select * from DEVICE_AUTHENTICATION;
    MariaDB [sdnctl]> UPDATE DEVICE_AUTHENTICATION SET URL = 'http://ansiblehost:8000/Dispatch' WHERE DEVICE_AUTHENTICATION_ID=51;
    MariaDB [sdnctl]> UPDATE DEVICE_AUTHENTICATION SET PASSWORD = 'admin' WHERE DEVICE_AUTHENTICATION_ID=51;


.. note:: You need to find in the *select* query result ID of row that has VNF Type like the one specified in the CDT, *DistributeTraffic* as an action name and *Ansible* as a name of a protocol. You should replace *ansiblehost* with an IP or a hostname of the Ansible Server reachable for the APPC container.

Testing DistributeTraffic LCM API
---------------------------------

Below we propose three different ways to test DistributeTraffic LCM API.

Test in CDT
~~~~~~~~~~~

In order to test API in CDT go to *TEST* tab. Upload spreadsheet (Excel file) and enter VNF ID of vPKG VNF.

:download:`CDT request input <files/cdt-request-input.xlsx>`

The spreadsheet contains input parameters for API request. Values from the this file are used to automatically fill in the LCM request template file being edited in previous steps. Click on *Execute test* button to test API in action.

.. figure:: files/figure13.png
   :scale: 60 %
   :align: center

   Figure 13 Result of DistributeTraffic LCM API execution from CDT

APIDOC Explorer
~~~~~~~~~~~~~~~

Another way to test API is to use APIDOC explorer of APPC that comes with OpenDaylight.

1. Enter APIDOC explorer page: http://appc_ip:appc_portal_port/apidoc/explorer/index.html

.. note:: i.e. http://10.12.5.227:8282/apidoc/explorer/index.html for ONAP OpenStack deployment

2. Choose *appc-provider-lcm* and find POST
   */operations/appc-provider-lcm:distribute-traffic*

3. In the *payload* input paste below mentioned content.

::

    {
        "input": {
            "common-header": {
                "timestamp": "2018-10-18T08:51:01.628Z",
                "api-ver": "2.00",
                "originator-id": "demo",
                "request-id": "1539852661628",
                "sub-request-id": "1539852661629",
                "flags": {
                    "mode": "NORMAL",
                    "force": "TRUE",
                    "ttl": 3600
                }
            },
            "action": "DistributeTraffic",
            "action-identifiers": {
                "vnf-id": "2bd5cc6e-9738-436f-b5a8-c1a749a89f52"
            },
            "payload": "{\"configuration-parameters\":{\"ConfigFileName\":\ "/opt/onap/ccsdk/Playbooks/dt-vpkg-1-config.json\",\"playbook\":\"ansible_vfw_distributetraffic@0.00.yml\",\"node_list\":\"[vpkg-1]\"}}"
        }
    }

.. note:: Remember to use *vnf-id* of your instance of vFW 1 and to set a unique *request-id*. The value of *playbook* and *ConfigFileName* parameters should be the same as uploaded to Ansible Server names of files and their locations. Timestamp must have proper value as well (not from the future and from the past but not more than 30s). In the *payload* parameter *configuration-parameters* section must correspond to all the parameters defined in the template of *DistributeTraffic* action in CDT.

DMaaP event distribution
~~~~~~~~~~~~~~~~~~~~~~~~

The last option that can be used to test DistributeTraffic API is distribution of DMaaP event e.g. from SO container. It is the closest way to how DistributeTraffic API will be used in the future – invoked from a specific workflow by SO BPMN engine. For that we have a python script that prepares input parameters for DMaaP request. There is a need to change in the script IP address and Port of DMaaP. This script can be copied into any machine/container than has access to DMaaP – in particular it can be copied into the SO container.

::

    from datetime import datetime
    import os
    import json
    from pprint import pprint
    from random import randint

    request_id = randint(1, 100000000)

    curr_utc_timestamp = datetime.utcnow().strftime('%Y-%m-%dT%H:%M:%S.244Z')

    data = ''

    with open('dmaap-payload.json') as json_data:
        data = json.load(json_data)
        data['body']['input']['common-header']['timestamp'] = curr_utc_timestamp
        data['body']['input']['common-header']['request-id'] = request_id
        json_data.close()
        pprint(data)

    with open('dmaap-payload.json', 'w') as outfile:
        json.dump(data, outfile)

    os.system('curl -X POST -v -H "Content-Type: application/json" -d @./dmaap-payload.json http://10.12.6.80:3904/events/APPC-LCM-READ')


POST request to DMaaP requires that *payload* data is specific to a APPC LCM request and defines the same input parameters for the DistributeTraffic LCM action like in the two previous methods.

::

    {
        "body": {
            "input": {
                "action": "DistributeTraffic",
                "payload": "{\"configuration-parameters\":{\"ConfigFileName\":\"/opt/onap/ccsdk/Playbooks/dt-vpkg-1-config.json\",\"playbook\":\"ansible_vfw_distributetraffic@0.00.yml\",\"node_list\":\"[vpkg-1]\"}}",
                "common-header": {
                    "api-ver": "2.00",
                    "timestamp": "2018-10-22T11:11:25.244Z",
                    "flags": {
                        "force": "TRUE",
                        "mode": "NORMAL",
                        "ttl": 36000
                    },
                    "request-id": 27081074,
                    "originator-id": "demo",
                    "sub-request-id": "1540197850899"
                },
                "action-identifiers": {
                    "vnf-id": "50ac9605-ce63-442d-a103-80e9cf4753ca"
                }
            }
        },
        "cambria.partition": "APPC",
        "rpc-name": "distribute-traffic",
        "correlation-id": "c09ac7d1-de62-0016-2000-e63701125557-201",
        "version": "2.0",
        "type": "request"
    }