Update for Keystone v3

Updates for new variables to init cloud in SO

Issue-ID: OOM-1982
Change-Id: Icf4f6bafb1884bc3758fabe4072733526c79cc42
Signed-off-by: Brian Freeman <bf1936@att.com>
(cherry picked from commit acf8cd8ecb9a69399b2cece93bce54c3cff00052)

4 files changed, 146 insertions, 13 deletions

diff --git a/docs/example-integration-override-v3.yaml b/docs/example-integration-override-v3.yaml
new file mode 100644
index 0000000000..659389a920
--- /dev/null
+++ b/docs/example-integration-override-v3.yaml
@@ -0,0 +1,64 @@
+global:
+  repository: 10.12.5.2:5000
+  pullPolicy: IfNotPresent
+#################################################################
+# This override file configures openstack parameters for ONAP
+#################################################################
+robot:
+  enabled: true
+  flavor: large
+  appcUsername: "appc@appc.onap.org"
+  appcPassword: "demo123456!"
+  # KEYSTONE Version 3  Required for Rocky and beyond
+  openStackKeystoneAPIVersion: "v3"
+  # OS_AUTH_URL without the /v3 from the openstack .RC file
+  openStackKeyStoneUrl: "http://10.12.25.2:5000"
+  # OS_PROJECT_ID from the openstack .RC file
+  openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
+  # OS_USERNAME from the openstack .RC file
+  openStackUserName: "OS_USERNAME_HERE"
+  #  OS_PROJECT_DOMAIN_ID from the openstack .RC file
+  #  in some environments it is a string but in other environmens it may be a numeric
+  openStackDomainId:  "default"
+  #  OS_USER_DOMAIN_NAME from the openstack .RC file
+  openStackUserDomain:  "Default"
+  openStackProjectName: "OPENSTACK_PROJECT_NAME_HERE"
+  ubuntu14Image: "ubuntu-14-04-cloud-amd64"
+  ubuntu16Image: "ubuntu-16-04-cloud-amd64"
+  openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
+  openStackPrivateNetId: "83c84b68-80be-4990-8d7f-0220e3c6e5c8"
+  openStackPrivateSubnetId: "e571c1d1-8ac0-4744-9b40-c3218d0a53a0"
+  openStackPrivateNetCidr: "10.0.0.0/16"
+  openStackOamNetworkCidrPrefix: "10.0"
+  openStackSecurityGroup: "bbe028dc-b64f-4f11-a10f-5c6d8d26dc89"
+  dcaeCollectorIp: "10.12.6.109"
+  vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh"
+  demoArtifactsVersion: "1.4.0"
+  demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
+  scriptVersion: "1.4.0"
+  rancherIpAddress: "10.12.6.160"
+  config:
+    # use the python utility to encrypt the OS_PASSWORD for the OS_USERNAME
+    openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PYTHON_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
+    openStackSoEncryptedPassword:  "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY"
+so:
+  enabled: true
+  so-catalog-db-adapter:
+    config:
+      openStackUserName: "OS_USERNAME_HERE"
+      # OS_AUTH_URL (keep the /v3) from the openstack .RC file
+      openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
+      # use the SO Java utility to encrypt the OS_PASSWORD for the OS_USERNAME
+      openStackEncryptedPasswordHere: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY"
+appc:
+  enabled: true
+  replicaCount: 3
+  config:
+    enableClustering: true
+    openStackType: "OpenStackProvider"
+    openStackName: "OpenStack"
+    openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
+    openStackServiceTenantName: "OPENSTACK_PROJECT_NAME_HERE"
+    openStackDomain: "OPEN_STACK_DOMAIN_NAME_HERE"
+    openStackUserName: "OS_USER_NAME_HERE"
+    openStackEncryptedPassword: "OPENSTACK_CLEAR_TEXT_PASSWORD_HERE"
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 3c491b4447..6742101c7a 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -30,7 +30,7 @@ file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deplo
 OpenStack tenant information.
 
 .. note::
-  Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in 
+  Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in
   the oom/kubernetes/onap/resources/overrides/ directory.
 
 
@@ -77,23 +77,65 @@ Java encryption library is not easy to integrate with openssl/python that
 ROBOT uses in Dublin.
 
 .. note::
-  To generate SO openStackEncryptedPasswordHere :
+  To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword:
+
+  SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key`
 
-  SO_ENCRYPTION_KEY=`cat ~/oom/kubenertes/so/resources/config/mso/encrypt.key`
   OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX
 
   git clone http://gerrit.onap.org/r/integration
 
   cd integration/deployment/heat/onap-rke/scripts
+
+
   javac Crypto.java
+
+  [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ]
+
   java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY"
 
 
 d. Update the OpenStack parameters:
 
+There are assumptions in the demonstration VNF heat templates about the networking 
+available in the environment. To get the most value out of these templates and the 
+automation that can help confirm the setup is correct, please observe the following 
+constraints.
+
+openStackPublicNetId: 
+
+This network should allow heat templates to add interfaces. 
+This need not be an external network, floating IPs can be assigned to the ports on 
+the VMs that are created by the heat template but its important that neutron allow 
+ports to be created on them.
+
+openStackPrivateNetCidr: "10.0.0.0/16"
+
+This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
+The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the 
+demonstration ip addressing plan embodied in the preload template prevent conflicts when 
+instantiating the various VNFs. If you need to change this, you will need to modify the preload 
+data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data 
+in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect 
+to create.
+
+openStackOamNetworkCidrPrefix: "10.0"
+
+This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
+robot scripts for demonstration. A production deployment need not worry about this
+setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
+
+
+Example Keystone v2.0 
 .. literalinclude:: example-integration-override.yaml
    :language: yaml
 
+Example Keystone v3  (required for Rocky and later releases)
+.. literalinclude:: example-integration-override-v3.yaml
+   :language: yaml
+
+
+
 **Step 4.** To setup a local Helm server to server up the ONAP charts::
 
   > helm serve &
diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
index 64e5273f5c..0f3f0c2dde 100644
--- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
+++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py
@@ -66,6 +66,7 @@ GLOBAL_INJECTED_OPENSTACK_TENANT_ID = '{{ .Values.openStackTenantId }}'
 GLOBAL_INJECTED_OPENSTACK_USERNAME = '{{ .Values.openStackUserName }}'
 GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME = '{{ .Values.openStackProjectName }}'
 GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID = '{{ .Values.openStackDomainId }}'
+GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN = '{{ .Values.openStackUserDomain }}'
 GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION = '{{ .Values.openStackKeystoneAPIVersion }}'
 GLOBAL_INJECTED_REGION_THREE = '{{ .Values.openStackRegionRegionThree }}'
 GLOBAL_INJECTED_KEYSTONE_REGION_THREE = '{{ .Values.openStackKeyStoneUrlRegionThree }}'
@@ -73,6 +74,7 @@ GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION_REGION_THREE = '{{ .Values.openSt
 GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = '{{ .Values.openStackUserNameRegionThree }}'
 GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE = '{{ .Values.openStackPasswordRegionThree }}'
 GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE  = '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}'
+GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD = '{{ .Values.config.openStackSoEncryptedPassword}}'
 GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = '{{ .Values.openStackTenantIdRegionThree }}'
 GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = '{{ .Values.openStackProjectNameRegionThree }}'
 GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = '{{ .Values.openStackDomainIdRegionThree }}'
@@ -165,6 +167,7 @@ GLOBAL_INJECTED_PROPERTIES = {
     "GLOBAL_INJECTED_OPENSTACK_USERNAME" : '{{ .Values.openStackUserName }}',
     "GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME" : '{{ .Values.openStackProjectName }}',
     "GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID" : '{{ .Values.openStackDomainId }}',
+    "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN" : '{{ .Values.openStackUserDomain }}',
     "GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION" : '{{ .Values.openStackKeystoneAPIVersion }}',
     "GLOBAL_INJECTED_REGION_THREE" : '{{ .Values.openStackRegionRegionThree }}',
     "GLOBAL_INJECTED_KEYSTONE_REGION_THREE" : '{{ .Values.openStackKeyStoneUrlRegionThree }}',
@@ -172,6 +175,7 @@ GLOBAL_INJECTED_PROPERTIES = {
     "GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE" : '{{ .Values.openStackUserNameRegionThree }}',
     "GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE" : '{{ .Values.openStackPasswordRegionThree }}',
     "GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE" : '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}',
+    "GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD" :  '{{ .Values.config.openStackSoEncryptedPassword}}',
     "GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE" : '{{ .Values.openStackTenantIdRegionThree }}',
     "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE" : '{{ .Values.openStackProjectNameRegionThree }}',
     "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE" : '{{ .Values.openStackDomainIdRegionThree }}',
diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml
index ff59bedd7d..699a544837 100644
--- a/kubernetes/robot/values.yaml
+++ b/kubernetes/robot/values.yaml
@@ -37,6 +37,7 @@ config:
 
 # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment
   openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
+  openStackSoEncryptedPassword: "SAME_STRING_AS_SO_JAVA_ENCRYPTED_PASSWORD"
 
 # Demo configuration
 # Nexus demo artifact version.  Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION
@@ -45,24 +46,46 @@ demoArtifactsVersion: "1.4.0"
 demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
 # Openstack medium sized flavour name.  Maps GLOBAL_INJECTED_VM_FLAVOR
 openStackFlavourMedium: "m1.medium"
+
+#################  Openstack .RC Parameters ################################333
+# KEYSTONE Version 3  Required for Rocky and beyond
+# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION
+openStackKeystoneAPIVersion: "v2.0"
+
+# OS_AUTH_URL without the /v3 or /v2.0 from the openstack .RC file
 # Openstack keystone URL.  Maps to GLOBAL_INJECTED_KEYSTONE
 openStackKeyStoneUrl: "http://1.2.3.4:5000"
+
+# OS_PROJECT_ID from the openstack .RC file
+# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
+openStackTenantId: "47899782ed714295b1151681fdfd51f5"
+
+#  OS_PROJECT_NAME from the openstack .RC file
+# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME
+openStackProjectName: "onap"
+
+# OS_USERNAME from the openstack .RC file
+# username for Openstack tenant where VNFs will be spawned.  Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
+openStackUserName: "tenantUsername"
+
+#  OS_PROJECT_DOMAIN_ID from the openstack .RC file
+#  in some environments it is a string but in other environmens it may be a numeric
+# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID
+openStackDomainId: "default"
+
+#  OS_USER_DOMAIN from the openstack .RC file
+# Use Domain of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN
+openStackUserDomain:  "Default"
+
+
 # UUID of the Openstack network that can assign floating ips.  Maps to GLOBAL_INJECTED_PUBLIC_NET_ID
 openStackPublicNetId: "e8f51958045716781ffc"
 # password for Openstack tenant where VNFs will be spawned.  Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD
 openStackPassword: "tenantPassword"
 # Openstack region.  Maps to GLOBAL_INJECTED_REGION
 openStackRegion: "RegionOne"
-# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID
-openStackTenantId: "47899782ed714295b1151681fdfd51f5"
-# username for Openstack tenant where VNFs will be spawned.  Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME
-openStackUserName: "tenantUsername"
-# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME
-openStackProjectName: "onap"
-# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID
-openStackDomainId: "Default"
-# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION
-openStackKeystoneAPIVersion: "v2.0"
+
+
 # Values for second cloud instante for VNF instantiatioen testing and keystone v3
 openStackRegionRegionThree: "RegionThree"
 openStackKeyStoneUrlRegionThree: "http://1.2.3.4:5000"