diff options
author | Borislav Glozman <Borislav.Glozman@amdocs.com> | 2019-07-14 06:05:57 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-07-14 06:05:57 +0000 |
commit | ca98e9bde4e6e5eb11cb7370073fb43b8254e8bc (patch) | |
tree | de3635ecc485d2bb50385a2c967f14ff92bda62d | |
parent | 484428600ecc0a9eb70ced4582a473c5b12042fd (diff) | |
parent | acf8cd8ecb9a69399b2cece93bce54c3cff00052 (diff) |
Merge "Update for Keystone v3"
-rw-r--r-- | docs/example-integration-override-v3.yaml | 64 | ||||
-rw-r--r-- | docs/oom_quickstart_guide.rst | 48 | ||||
-rw-r--r-- | kubernetes/robot/resources/config/eteshare/config/vm_properties.py | 4 | ||||
-rw-r--r-- | kubernetes/robot/values.yaml | 43 |
4 files changed, 146 insertions, 13 deletions
diff --git a/docs/example-integration-override-v3.yaml b/docs/example-integration-override-v3.yaml new file mode 100644 index 0000000000..659389a920 --- /dev/null +++ b/docs/example-integration-override-v3.yaml @@ -0,0 +1,64 @@ +global: + repository: 10.12.5.2:5000 + pullPolicy: IfNotPresent +################################################################# +# This override file configures openstack parameters for ONAP +################################################################# +robot: + enabled: true + flavor: large + appcUsername: "appc@appc.onap.org" + appcPassword: "demo123456!" + # KEYSTONE Version 3 Required for Rocky and beyond + openStackKeystoneAPIVersion: "v3" + # OS_AUTH_URL without the /v3 from the openstack .RC file + openStackKeyStoneUrl: "http://10.12.25.2:5000" + # OS_PROJECT_ID from the openstack .RC file + openStackTenantId: "09d8566ea45e43aa974cf447ed591d77" + # OS_USERNAME from the openstack .RC file + openStackUserName: "OS_USERNAME_HERE" + # OS_PROJECT_DOMAIN_ID from the openstack .RC file + # in some environments it is a string but in other environmens it may be a numeric + openStackDomainId: "default" + # OS_USER_DOMAIN_NAME from the openstack .RC file + openStackUserDomain: "Default" + openStackProjectName: "OPENSTACK_PROJECT_NAME_HERE" + ubuntu14Image: "ubuntu-14-04-cloud-amd64" + ubuntu16Image: "ubuntu-16-04-cloud-amd64" + openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4" + openStackPrivateNetId: "83c84b68-80be-4990-8d7f-0220e3c6e5c8" + openStackPrivateSubnetId: "e571c1d1-8ac0-4744-9b40-c3218d0a53a0" + openStackPrivateNetCidr: "10.0.0.0/16" + openStackOamNetworkCidrPrefix: "10.0" + openStackSecurityGroup: "bbe028dc-b64f-4f11-a10f-5c6d8d26dc89" + dcaeCollectorIp: "10.12.6.109" + vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh" + demoArtifactsVersion: "1.4.0" + demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" + scriptVersion: "1.4.0" + rancherIpAddress: "10.12.6.160" + config: + # use the python utility to encrypt the OS_PASSWORD for the OS_USERNAME + openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PYTHON_PASSWORD_HERE_XXXXXXXXXXXXXXXX" + openStackSoEncryptedPassword: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY" +so: + enabled: true + so-catalog-db-adapter: + config: + openStackUserName: "OS_USERNAME_HERE" + # OS_AUTH_URL (keep the /v3) from the openstack .RC file + openStackKeyStoneUrl: "http://10.12.25.2:5000/v3" + # use the SO Java utility to encrypt the OS_PASSWORD for the OS_USERNAME + openStackEncryptedPasswordHere: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY" +appc: + enabled: true + replicaCount: 3 + config: + enableClustering: true + openStackType: "OpenStackProvider" + openStackName: "OpenStack" + openStackKeyStoneUrl: "http://10.12.25.2:5000/v3" + openStackServiceTenantName: "OPENSTACK_PROJECT_NAME_HERE" + openStackDomain: "OPEN_STACK_DOMAIN_NAME_HERE" + openStackUserName: "OS_USER_NAME_HERE" + openStackEncryptedPassword: "OPENSTACK_CLEAR_TEXT_PASSWORD_HERE" diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index a641fabf60..bd5e3eeee6 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -30,7 +30,7 @@ file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deplo OpenStack tenant information. .. note:: - Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in + Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in the oom/kubernetes/onap/resources/overrides/ directory. @@ -77,23 +77,65 @@ Java encryption library is not easy to integrate with openssl/python that ROBOT uses in Dublin. .. note:: - To generate SO openStackEncryptedPasswordHere : + To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword: + + SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key` - SO_ENCRYPTION_KEY=`cat ~/oom/kubenertes/so/resources/config/mso/encrypt.key` OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX git clone http://gerrit.onap.org/r/integration cd integration/deployment/heat/onap-rke/scripts + + javac Crypto.java + + [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ] + java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY" d. Update the OpenStack parameters: +There are assumptions in the demonstration VNF heat templates about the networking +available in the environment. To get the most value out of these templates and the +automation that can help confirm the setup is correct, please observe the following +constraints. + +openStackPublicNetId: + +This network should allow heat templates to add interfaces. +This need not be an external network, floating IPs can be assigned to the ports on +the VMs that are created by the heat template but its important that neutron allow +ports to be created on them. + +openStackPrivateNetCidr: "10.0.0.0/16" + +This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity. +The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the +demonstration ip addressing plan embodied in the preload template prevent conflicts when +instantiating the various VNFs. If you need to change this, you will need to modify the preload +data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data +in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect +to create. + +openStackOamNetworkCidrPrefix: "10.0" + +This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the +robot scripts for demonstration. A production deployment need not worry about this +setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. + + +Example Keystone v2.0 .. literalinclude:: example-integration-override.yaml :language: yaml +Example Keystone v3 (required for Rocky and later releases) +.. literalinclude:: example-integration-override-v3.yaml + :language: yaml + + + **Step 4.** To setup a local Helm server to server up the ONAP charts:: > helm serve & diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py index 64e5273f5c..0f3f0c2dde 100644 --- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py @@ -66,6 +66,7 @@ GLOBAL_INJECTED_OPENSTACK_TENANT_ID = '{{ .Values.openStackTenantId }}' GLOBAL_INJECTED_OPENSTACK_USERNAME = '{{ .Values.openStackUserName }}' GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME = '{{ .Values.openStackProjectName }}' GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID = '{{ .Values.openStackDomainId }}' +GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN = '{{ .Values.openStackUserDomain }}' GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION = '{{ .Values.openStackKeystoneAPIVersion }}' GLOBAL_INJECTED_REGION_THREE = '{{ .Values.openStackRegionRegionThree }}' GLOBAL_INJECTED_KEYSTONE_REGION_THREE = '{{ .Values.openStackKeyStoneUrlRegionThree }}' @@ -73,6 +74,7 @@ GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION_REGION_THREE = '{{ .Values.openSt GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = '{{ .Values.openStackUserNameRegionThree }}' GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE = '{{ .Values.openStackPasswordRegionThree }}' GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE = '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD = '{{ .Values.config.openStackSoEncryptedPassword}}' GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = '{{ .Values.openStackTenantIdRegionThree }}' GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = '{{ .Values.openStackProjectNameRegionThree }}' GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = '{{ .Values.openStackDomainIdRegionThree }}' @@ -165,6 +167,7 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_OPENSTACK_USERNAME" : '{{ .Values.openStackUserName }}', "GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME" : '{{ .Values.openStackProjectName }}', "GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID" : '{{ .Values.openStackDomainId }}', + "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN" : '{{ .Values.openStackUserDomain }}', "GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION" : '{{ .Values.openStackKeystoneAPIVersion }}', "GLOBAL_INJECTED_REGION_THREE" : '{{ .Values.openStackRegionRegionThree }}', "GLOBAL_INJECTED_KEYSTONE_REGION_THREE" : '{{ .Values.openStackKeyStoneUrlRegionThree }}', @@ -172,6 +175,7 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE" : '{{ .Values.openStackUserNameRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE" : '{{ .Values.openStackPasswordRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE" : '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}', + "GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD" : '{{ .Values.config.openStackSoEncryptedPassword}}', "GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE" : '{{ .Values.openStackTenantIdRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE" : '{{ .Values.openStackProjectNameRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE" : '{{ .Values.openStackDomainIdRegionThree }}', diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 65da947c95..5443771e9b 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -37,6 +37,7 @@ config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackSoEncryptedPassword: "SAME_STRING_AS_SO_JAVA_ENCRYPTED_PASSWORD" # Demo configuration # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION @@ -45,24 +46,46 @@ demoArtifactsVersion: "1.4.0" demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR openStackFlavourMedium: "m1.medium" + +################# Openstack .RC Parameters ################################333 +# KEYSTONE Version 3 Required for Rocky and beyond +# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION +openStackKeystoneAPIVersion: "v2.0" + +# OS_AUTH_URL without the /v3 or /v2.0 from the openstack .RC file # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE openStackKeyStoneUrl: "http://1.2.3.4:5000" + +# OS_PROJECT_ID from the openstack .RC file +# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID +openStackTenantId: "47899782ed714295b1151681fdfd51f5" + +# OS_PROJECT_NAME from the openstack .RC file +# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME +openStackProjectName: "onap" + +# OS_USERNAME from the openstack .RC file +# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME +openStackUserName: "tenantUsername" + +# OS_PROJECT_DOMAIN_ID from the openstack .RC file +# in some environments it is a string but in other environmens it may be a numeric +# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID +openStackDomainId: "default" + +# OS_USER_DOMAIN from the openstack .RC file +# Use Domain of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN +openStackUserDomain: "Default" + + # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID openStackPublicNetId: "e8f51958045716781ffc" # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD openStackPassword: "tenantPassword" # Openstack region. Maps to GLOBAL_INJECTED_REGION openStackRegion: "RegionOne" -# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID -openStackTenantId: "47899782ed714295b1151681fdfd51f5" -# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME -openStackUserName: "tenantUsername" -# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME -openStackProjectName: "onap" -# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID -openStackDomainId: "Default" -# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION -openStackKeystoneAPIVersion: "v2.0" + + # Values for second cloud instante for VNF instantiatioen testing and keystone v3 openStackRegionRegionThree: "RegionThree" openStackKeyStoneUrlRegionThree: "http://1.2.3.4:5000" |