diff options
author | Andreas Geissler <andreas-geissler@telekom.de> | 2023-06-19 17:00:14 +0200 |
---|---|---|
committer | Andreas Geissler <andreas-geissler@telekom.de> | 2023-06-20 09:13:37 +0200 |
commit | 912aba36a7e406141a473ac18cfed787536f2aaf (patch) | |
tree | a356b8193f950bb1362cab0abf045483bcaf39ba /docs/sections/guides | |
parent | cf72ae2047cada3be4be2b548afd1e61eeaa9601 (diff) |
[DOC] Update the London OOM Guides
Fix failures in the OOM documentation and add missing
descriptions.
Issue-ID: OOM-3179
Issue-ID: OOM-3149
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Change-Id: Ie88fc4ffc3888371690a4f39c47a6cc76451047b
Diffstat (limited to 'docs/sections/guides')
7 files changed, 107 insertions, 101 deletions
diff --git a/docs/sections/guides/access_guides/oom_access_info.rst b/docs/sections/guides/access_guides/oom_access_info.rst index 4e9866725e..ebc2f65104 100644 --- a/docs/sections/guides/access_guides/oom_access_info.rst +++ b/docs/sections/guides/access_guides/oom_access_info.rst @@ -15,10 +15,43 @@ OOM Access Info .. figure:: ../../resources/images/oom_logo/oomLogoV2-medium.png :align: right -Access via NodePort/Loadbalancer -******************************** +Access via Ingress (production) +******************************* -The ONAP deployment created by OOM operates in a private IP network that isn't +Using Ingress as access method requires the installation of an Ingress +controller and the configuration of the ONAP deployment to use it. + +For "ONAP on ServiceMesh" you can find the instructions in: + +- :ref:`oom_base_optional_addons` +- :ref:`oom_customize_overrides` + +In the ServiceMesh deployment the Istio IngressGateway is the only access point +for ONAP component interfaces. +Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>), +which is used as central address. +All APIs/UIs are provided via separate URLs which are routed to the component service. +To use these URLs they need to be resolvable via DNS or via /etc/hosts. + +The domain name is usually defined in the `global` section of the ONAP helm-charts, +`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of +the service (e.g. "sdc-fe-ui") is defined in the component's chart. + +.. code-block:: none + + <ingress-IP> kiali.simpledemo.onap.org + <ingress-IP> cds-ui.simpledemo.onap.org + <ingress-IP> sdc-fe-ui.simpledemo.onap.org + ... + +To access e.g. the SDC UI now the new ssl-encrypted URL: + +``https://sdc-fe-ui.simpledemo.onap.org/sdc1`` + +Access via NodePort/Loadbalancer (development) +********************************************** + +In the development setop OOM operates in a private IP network that isn't publicly accessible (i.e. OpenStack VMs with private internal network) which blocks access to the ONAP User Interfaces. To enable direct access to a service from a user's own environment (a laptop etc.) @@ -34,56 +67,32 @@ Kubernetes node. When using the `Loadbalancer` as `service:type` `Kubernetes LoadBalancer`_ object which gets a separate IP address. -.. note:: - The following example uses the `ONAP Portal`, which is not actively maintained - in Kohn and will be replaced in the future - -When e.g. the `portal-app` chart is deployed a Kubernetes service is created that +When e.g. the `sdc-fe` chart is deployed a Kubernetes service is created that instantiates a load balancer. The LB chooses the private interface of one of the nodes as in the example below (10.0.0.4 is private to the K8s cluster only). Then to be able to access the portal on port 8989 from outside the K8s & OpenStack environment, the user needs to assign/get the floating IP address that corresponds to the private IP as follows:: - > kubectl -n onap get services|grep "portal-app" - portal-app LoadBalancer 10.43.142.201 10.0.0.4 8989:30215/TCP,8006:30213/TCP,8010:30214/TCP 1d app=portal-app,release=dev + > kubectl -n onap get services|grep "sdc-fe" + sdc-fe LoadBalancer 10.43.142.201 10.0.0.4 8181:30207/TCP -In this example, use the 11.0.0.4 private address as a key find the +In this example, use the 10.0.0.4 private address as a key find the corresponding public address which in this example is 10.12.6.155. If you're using OpenStack you'll do the lookup with the horizon GUI or the OpenStack CLI for your tenant (openstack server list). That IP is then used in your `/etc/hosts` to map the fixed DNS aliases required by the ONAP Portal as shown below:: - 10.12.6.155 portal.api.simpledemo.onap.org - 10.12.6.155 vid.api.simpledemo.onap.org - 10.12.6.155 sdc.api.fe.simpledemo.onap.org - 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org - 10.12.6.155 sdc.dcae.plugin.simpledemo.onap.org - 10.12.6.155 portal-sdk.simpledemo.onap.org - 10.12.6.155 policy.api.simpledemo.onap.org - 10.12.6.155 aai.api.sparky.simpledemo.onap.org - 10.12.6.155 cli.api.simpledemo.onap.org - 10.12.6.155 msb.api.discovery.simpledemo.onap.org - 10.12.6.155 msb.api.simpledemo.onap.org - 10.12.6.155 clamp.api.simpledemo.onap.org - 10.12.6.155 so.api.simpledemo.onap.org - 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org + 10.43.142.201 sdc.fe.simpledemo.onap.org Ensure you've disabled any proxy settings the browser you are using to access the portal and then simply access now the new ssl-encrypted URL: -``https://portal.api.simpledemo.onap.org:30225/ONAPPORTAL/login.htm`` +``http://sdc.fe.simpledemo.onap.org:30207sdc1/portal`` .. note:: - Using the HTTPS based Portal URL the Browser needs to be configured to accept - unsecure credentials. - Additionally when opening an Application inside the Portal, the Browser - might block the content, which requires to disable the blocking and reloading - of the page - -.. note:: - Besides the ONAP Portal the Components can deliver additional user interfaces, + Besides the ONAP SDC the Components can deliver additional user interfaces, please check the Component specific documentation. .. note:: @@ -141,36 +150,3 @@ Kubernetes command: kubectl get svc -n onap -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}' - -(Optional) Access via Ingress -***************************** - -Using Ingress as access method requires the installation of an Ingress -controller and the configuration of the ONAP deployment to use it. - -For "ONAP on ServiceMesh" you can find the instructions in: - -- :ref:`oom_base_optional_addons` -- :ref:`oom_customize_overrides` - -In the ServiceMesh deployment the Istio IngressGateway is the only access point -for ONAP component interfaces. -Usually the Ingress is accessed via a LoadBalancer IP (<ingress-IP>), -which is used as central address. -All APIs/UIs are provided via separate URLs which are routed to the component service. -To use these URLs they need to be resolvable via DNS or via /etc/hosts. - -The domain name is usually defined in the `global` section of the ONAP helm-charts, -`virtualhost.baseurl` (here "simpledemo.onap.org") whereas the hostname of -the service (e.g. "sdc-fe-ui") is defined in the component's chart. - -.. code-block:: none - - <ingress-IP> kiali.simpledemo.onap.org - <ingress-IP> cds-ui.simpledemo.onap.org - <ingress-IP> sdc-fe-ui.simpledemo.onap.org - ... - -To access e.g. the SDC UI now the new ssl-encrypted URL: - -``https://sdc-fe-ui.simpledemo.onap.org/sdc1`` diff --git a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst index 90a20613fa..f3e3113ff5 100644 --- a/docs/sections/guides/deployment_guides/oom_customize_overrides.rst +++ b/docs/sections/guides/deployment_guides/oom_customize_overrides.rst @@ -32,7 +32,8 @@ Users can customize the override files to suit their required deployment. Enabling/Disabling Components -***************************** +============================= + Here is an example of the nominal entries that need to be provided. Different values files are available for different contexts. @@ -43,20 +44,30 @@ Different values files are available for different contexts. | -(Optional) "ONAP on Service Mesh" -********************************* +ONAP "Production" Setup +======================= + +The production setup deploys ONAP components exposing its external services +via Ingress with TLS termination. +Internal traffic encryption will be ensured by using Istio ServiceMesh. + +For external access we start to establish Authentication via Oauth2-proxy +and Keycloak, which will be completed in the coming release. + +To enable both "ServiceMesh" and "Ingress" configuration entries need +to be set before deployment. -To enable "ONAP on Service Mesh" both "ServiceMesh" and "Ingress" -configuration entries need to be configured before deployment. +Service Mesh and Ingress configuration +-------------------------------------- -Global settings relevant for ServiceMesh: +Global settings relevant for ServiceMesh and Ingress: .. code-block:: yaml global: ingress: # generally enable ingress for ONAP components - enabled: false + enabled: true # enable all component's Ingress interfaces enable_all: false # default Ingress base URL @@ -88,6 +99,7 @@ Global settings relevant for ServiceMesh: tls: true # be aware that linkerd is not well tested engine: "istio" # valid value: istio or linkerd + ... aafEnabled: false cmpv2Enabled: false tlsEnabled: false @@ -118,5 +130,24 @@ Ingress settings: - namespace: istio-ingress → (optional) overrides the namespace of the ingress gateway which is used for the created SSL certificate .. note:: - For "ONAP on Istio" an example override file (`onap-all-ingress-istio.yaml`) + For the Ingress setup an example override file (`onap-all-ingress-istio.yaml`) can be found in the `oom/kubernetes/onap/resources/overrides/` directory. + +External Authentication configuration +------------------------------------- + +For enabling of external authentication via Oauth2-Proxy and Keycloak +the following settings have to be done in the ONAP values override. +It will enable the deployment of the ONAP Realm to Keycloak and +installation and integration of the Oauth2-Proxy as external Auth-Provider. + +.. code-block:: yaml + + platform: + enabled: true + cmpv2-cert-service: + enabled: false + keycloak-init: + enabled: true + oauth2-proxy: + enabled: true
\ No newline at end of file diff --git a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst index 50701dd597..b0deff0e2b 100644 --- a/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst +++ b/docs/sections/guides/deployment_guides/oom_dev_testing_local_deploy.rst @@ -33,11 +33,7 @@ tools to host the updated helm charts. Chart museum is required to host the helm charts locally when deploying in a development environment:: - > curl -LO https://s3.amazonaws.com/chartmuseum/release/latest/bin/linux/amd64/chartmuseum - - > chmod +x ./chartmuseum - - > mv ./chartmuseum /usr/local/bin + > curl https://raw.githubusercontent.com/helm/chartmuseum/main/scripts/get-chartmuseum | bash **Step 4.** To setup a local Helm server to store the ONAP charts:: diff --git a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst index a0dafcef9b..e9312382b3 100644 --- a/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst +++ b/docs/sections/guides/deployment_guides/oom_helm_testing_repo_deploy.rst @@ -17,7 +17,7 @@ ONAP hosts the OOM `testing` helm charts in it's `ONAP helm testing repository`_ This is helm repo contains: * The `latest` charts built from the head of the `OOM`_ project's master - branch, tagged with the version number of the current development cycle (ie. 11.0.0). + branch, tagged with the version number of the current development cycle (ie. 12.0.0). Add the OOM testing repo & Deploy diff --git a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst index 1b9db50fe0..0d2271026b 100644 --- a/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst +++ b/docs/sections/guides/infra_guides/oom_infra_deployment_requirements.rst @@ -50,7 +50,7 @@ The versions of software that are supported by OOM are as follows: ============== =========== ======= ======== ======== ============= ======== Jakarta 1.22.4 3.6.3 1.22.4 20.10.x 1.8.0 0.28.0 Kohn 1.23.8 3.8.2 1.23.8 20.10.x 1.8.0 0.32.0 - London 1.23.8 3.8.2 1.23.x 20.10.x 1.11.1 0.35.0 + London 1.23.8 3.8.2 1.23.x 20.10.x 1.12.2 0.35.0 ============== =========== ======= ======== ======== ============= ======== .. table:: OOM Software Requirements (production) diff --git a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst index 1fb7baa53a..3fb68f8b95 100644 --- a/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst +++ b/docs/sections/guides/infra_guides/oom_infra_ingres_controller_setup.rst @@ -13,7 +13,10 @@ OOM Ingress controller setup ============================ .. warning:: - This guide should prob go in the Optional addons section + This guide does not describe the Istio Ingress Gateway configuration + required for the ONAP Production Setup in London + The installation of Istio Ingress (and Gateway-API) is described in + :ref:`OOM Base Platform<oom_base_setup_guide>` This optional guide provides instruction how to setup experimental ingress controller feature. For this, we are hosting our cluster on OpenStack VMs and using the diff --git a/docs/sections/guides/user_guides/oom_user_guide.rst b/docs/sections/guides/user_guides/oom_user_guide.rst index 449d5de3fa..d31c818d44 100644 --- a/docs/sections/guides/user_guides/oom_user_guide.rst +++ b/docs/sections/guides/user_guides/oom_user_guide.rst @@ -23,7 +23,7 @@ OOM User Guide .. warning:: - **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETING AS SOME INFO IS NO LONGER RELEVANT** + **THIS PAGE NEEDS TO BE EITHER REWRITTEN OR SOMETHING AS SOME INFO IS NO LONGER RELEVANT** The ONAP Operations Manager (OOM) provide the ability to manage the entire life-cycle of an ONAP installation, from the initial deployment to final @@ -186,7 +186,7 @@ Here is an excerpt of this file: dependencies: <...> - name: so - version: ~11.0.0 + version: ~12.0.0 repository: '@local' condition: so.enabled <...> @@ -334,10 +334,10 @@ Below is the example for the same:: > helm list NAME REVISION UPDATED STATUS CHART APP VERSION NAMESPACE - dev 1 Wed Oct 14 13:49:52 2020 DEPLOYED onap-11.0.0 Kohn onap - dev-cassandra 5 Thu Oct 15 14:45:34 2020 DEPLOYED cassandra-11.0.0 onap - dev-contrib 1 Wed Oct 14 13:52:53 2020 DEPLOYED contrib-11.0.0 onap - dev-mariadb-galera 1 Wed Oct 14 13:55:56 2020 DEPLOYED mariadb-galera-11.0.0 onap + dev 1 Wed Oct 14 13:49:52 2020 DEPLOYED onap-12.0.0 london onap + dev-cassandra 5 Thu Oct 15 14:45:34 2020 DEPLOYED cassandra-12.0.0 onap + dev-contrib 1 Wed Oct 14 13:52:53 2020 DEPLOYED contrib-12.0.0 onap + dev-mariadb-galera 1 Wed Oct 14 13:55:56 2020 DEPLOYED mariadb-galera-12.0.0 onap Here the Name column shows the RELEASE NAME, In our case we want to try the scale operation on cassandra, thus the RELEASE NAME would be dev-cassandra. @@ -351,10 +351,10 @@ Below is the example for the same:: > helm search cassandra NAME CHART VERSION APP VERSION DESCRIPTION - local/cassandra 11.0.0 ONAP cassandra - local/portal-cassandra 11.0.0 Portal cassandra - local/aaf-cass 11.0.0 ONAP AAF cassandra - local/sdc-cs 11.0.0 ONAP Service Design and Creation Cassandra + local/cassandra 12.0.0 ONAP cassandra + local/portal-cassandra 12.0.0 Portal cassandra + local/aaf-cass 12.0.0 ONAP AAF cassandra + local/sdc-cs 12.0.0 ONAP Service Design and Creation Cassandra Here the Name column shows the chart name. As we want to try the scale operation for cassandra, thus the corresponding chart name is local/cassandra @@ -416,7 +416,7 @@ Prior to doing an upgrade, determine of the status of the deployed charts:: > helm list NAME REVISION UPDATED STATUS CHART NAMESPACE - so 1 Mon Feb 5 10:05:22 2020 DEPLOYED so-11.0.0 onap + so 1 Mon Feb 5 10:05:22 2020 DEPLOYED so-12.0.0 onap When upgrading a cluster a parameter controls the minimum size of the cluster during the upgrade while another parameter controls the maximum number of nodes @@ -439,21 +439,21 @@ sequence of events described in the previous paragraph would be initiated. For example, to upgrade a container by changing configuration, specifically an environment value:: - > helm upgrade so onap/so --version 11.0.1 --set enableDebug=true + > helm upgrade so onap/so --version 12.0.1 --set enableDebug=true Issuing this command will result in the appropriate container being stopped by Kubernetes and replaced with a new container with the new environment value. To upgrade a component to a new version with a new configuration file enter:: - > helm upgrade so onap/so --version 11.0.1 -f environments/demo.yaml + > helm upgrade so onap/so --version 12.0.1 -f environments/demo.yaml To fetch release history enter:: > helm history so REVISION UPDATED STATUS CHART DESCRIPTION - 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-11.0.0 Install complete - 2 Mon Jul 5 10:10:55 2022 DEPLOYED so-11.0.1 Upgrade complete + 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-12.0.0 Install complete + 2 Mon Jul 5 10:10:55 2022 DEPLOYED so-12.0.1 Upgrade complete Unfortunately, not all upgrades are successful. In recognition of this the lineup of pods within an ONAP deployment is tagged such that an administrator @@ -475,9 +475,9 @@ For example, to roll-back back to previous system revision enter:: > helm history so REVISION UPDATED STATUS CHART DESCRIPTION - 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-11.0.0 Install complete - 2 Mon Jul 5 10:10:55 2022 SUPERSEDED so-11.0.1 Upgrade complete - 3 Mon Jul 5 10:14:32 2022 DEPLOYED so-11.0.0 Rollback to 1 + 1 Mon Jul 5 10:05:22 2022 SUPERSEDED so-12.0.0 Install complete + 2 Mon Jul 5 10:10:55 2022 SUPERSEDED so-12.0.1 Upgrade complete + 3 Mon Jul 5 10:14:32 2022 DEPLOYED so-12.0.0 Rollback to 1 .. note:: |