summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/example-integration-override-v3.yaml64
-rw-r--r--docs/oom_quickstart_guide.rst82
-rw-r--r--docs/oom_setup_kubernetes_rancher.rst34
-rw-r--r--docs/release-notes.rst15
4 files changed, 159 insertions, 36 deletions
diff --git a/docs/example-integration-override-v3.yaml b/docs/example-integration-override-v3.yaml
new file mode 100644
index 0000000000..659389a920
--- /dev/null
+++ b/docs/example-integration-override-v3.yaml
@@ -0,0 +1,64 @@
+global:
+ repository: 10.12.5.2:5000
+ pullPolicy: IfNotPresent
+#################################################################
+# This override file configures openstack parameters for ONAP
+#################################################################
+robot:
+ enabled: true
+ flavor: large
+ appcUsername: "appc@appc.onap.org"
+ appcPassword: "demo123456!"
+ # KEYSTONE Version 3 Required for Rocky and beyond
+ openStackKeystoneAPIVersion: "v3"
+ # OS_AUTH_URL without the /v3 from the openstack .RC file
+ openStackKeyStoneUrl: "http://10.12.25.2:5000"
+ # OS_PROJECT_ID from the openstack .RC file
+ openStackTenantId: "09d8566ea45e43aa974cf447ed591d77"
+ # OS_USERNAME from the openstack .RC file
+ openStackUserName: "OS_USERNAME_HERE"
+ # OS_PROJECT_DOMAIN_ID from the openstack .RC file
+ # in some environments it is a string but in other environmens it may be a numeric
+ openStackDomainId: "default"
+ # OS_USER_DOMAIN_NAME from the openstack .RC file
+ openStackUserDomain: "Default"
+ openStackProjectName: "OPENSTACK_PROJECT_NAME_HERE"
+ ubuntu14Image: "ubuntu-14-04-cloud-amd64"
+ ubuntu16Image: "ubuntu-16-04-cloud-amd64"
+ openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4"
+ openStackPrivateNetId: "83c84b68-80be-4990-8d7f-0220e3c6e5c8"
+ openStackPrivateSubnetId: "e571c1d1-8ac0-4744-9b40-c3218d0a53a0"
+ openStackPrivateNetCidr: "10.0.0.0/16"
+ openStackOamNetworkCidrPrefix: "10.0"
+ openStackSecurityGroup: "bbe028dc-b64f-4f11-a10f-5c6d8d26dc89"
+ dcaeCollectorIp: "10.12.6.109"
+ vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh"
+ demoArtifactsVersion: "1.4.0"
+ demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases"
+ scriptVersion: "1.4.0"
+ rancherIpAddress: "10.12.6.160"
+ config:
+ # use the python utility to encrypt the OS_PASSWORD for the OS_USERNAME
+ openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PYTHON_PASSWORD_HERE_XXXXXXXXXXXXXXXX"
+ openStackSoEncryptedPassword: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY"
+so:
+ enabled: true
+ so-catalog-db-adapter:
+ config:
+ openStackUserName: "OS_USERNAME_HERE"
+ # OS_AUTH_URL (keep the /v3) from the openstack .RC file
+ openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
+ # use the SO Java utility to encrypt the OS_PASSWORD for the OS_USERNAME
+ openStackEncryptedPasswordHere: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY"
+appc:
+ enabled: true
+ replicaCount: 3
+ config:
+ enableClustering: true
+ openStackType: "OpenStackProvider"
+ openStackName: "OpenStack"
+ openStackKeyStoneUrl: "http://10.12.25.2:5000/v3"
+ openStackServiceTenantName: "OPENSTACK_PROJECT_NAME_HERE"
+ openStackDomain: "OPEN_STACK_DOMAIN_NAME_HERE"
+ openStackUserName: "OS_USER_NAME_HERE"
+ openStackEncryptedPassword: "OPENSTACK_CLEAR_TEXT_PASSWORD_HERE"
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst
index 3c491b4447..bd5e3eeee6 100644
--- a/docs/oom_quickstart_guide.rst
+++ b/docs/oom_quickstart_guide.rst
@@ -30,7 +30,7 @@ file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deplo
OpenStack tenant information.
.. note::
- Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in
+ Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in
the oom/kubernetes/onap/resources/overrides/ directory.
@@ -77,23 +77,65 @@ Java encryption library is not easy to integrate with openssl/python that
ROBOT uses in Dublin.
.. note::
- To generate SO openStackEncryptedPasswordHere :
+ To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword:
+
+ SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key`
- SO_ENCRYPTION_KEY=`cat ~/oom/kubenertes/so/resources/config/mso/encrypt.key`
OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX
git clone http://gerrit.onap.org/r/integration
cd integration/deployment/heat/onap-rke/scripts
+
+
javac Crypto.java
+
+ [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ]
+
java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY"
d. Update the OpenStack parameters:
+There are assumptions in the demonstration VNF heat templates about the networking
+available in the environment. To get the most value out of these templates and the
+automation that can help confirm the setup is correct, please observe the following
+constraints.
+
+openStackPublicNetId:
+
+This network should allow heat templates to add interfaces.
+This need not be an external network, floating IPs can be assigned to the ports on
+the VMs that are created by the heat template but its important that neutron allow
+ports to be created on them.
+
+openStackPrivateNetCidr: "10.0.0.0/16"
+
+This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
+The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
+demonstration ip addressing plan embodied in the preload template prevent conflicts when
+instantiating the various VNFs. If you need to change this, you will need to modify the preload
+data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
+in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
+to create.
+
+openStackOamNetworkCidrPrefix: "10.0"
+
+This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
+robot scripts for demonstration. A production deployment need not worry about this
+setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
+
+
+Example Keystone v2.0
.. literalinclude:: example-integration-override.yaml
:language: yaml
+Example Keystone v3 (required for Rocky and later releases)
+.. literalinclude:: example-integration-override-v3.yaml
+ :language: yaml
+
+
+
**Step 4.** To setup a local Helm server to server up the ONAP charts::
> helm serve &
@@ -129,32 +171,42 @@ single command
The --timeout 900 is currently required in Dublin to address long running initialization tasks
for DMaaP and SO. Without this timeout value both applications may fail to deploy.
- a. To deploy all ONAP applications use this command::
+To deploy all ONAP applications use this command::
> cd oom/kubernetes
- > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
+ > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900
- b. If you are using a custom override (e.g. integration-override.yaml) use this command::
+All override files may be customized (or replaced by other overrides) as per needs.
- > helm deploy dev local/onap -f /root/integration-override.yaml --namespace onap --timeout 900
+onap-all.yaml
+ Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file.
- c. If you have a slower cloud environment you may want to use the public-cloud.yaml
- which has longer delay intervals on database updates.::
+environment.yaml
- > helm deploy dev local/onap -f /root/oom/kubernetes/onap/resources/environments/public-cloud.yaml -f /root/integration-override.yaml --namespace onap --timeout 900
+ Includes configuration values specific to the deployment environment.
+ Example: adapt readiness and liveness timers to the level of performance of your infrastructure
-**Step 9.** Commands to interact with the OOM installation
+openstack.yaml
-Use the following to monitor your deployment and determine when ONAP is
-ready for use::
+ Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests.
+
+**Step 9.** Verify ONAP installation
+
+Use the following to monitor your deployment and determine when ONAP is ready for use::
> kubectl get pods -n onap -o=wide
-Undeploying onap can be done using the following command::
+.. note::
+ While all pods may be in a Running state, it is not a guarantee that all components are running fine.
+
+ Launch the healthcheck tests using Robot to verify that the components are healthy.
+
+ > ~/oom/kubernetes/robot/ete-k8s.sh onap health
- > helm undeploy dev --purge
+**Step 10.** Undeploy ONAP
+> helm undeploy dev --purge
More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins
diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst
index 3ccde8d418..90a060b592 100644
--- a/docs/oom_setup_kubernetes_rancher.rst
+++ b/docs/oom_setup_kubernetes_rancher.rst
@@ -30,19 +30,19 @@ to deploy and manage our Kubernetes Cluster.
The result at the end of this tutorial will be:
-*1.* Creation of a Key Pair to use with Open Stack and RKE
+#. Creation of a Key Pair to use with Open Stack and RKE
-*2.* Creation of OpenStack VMs to host Kubernetes Control Plane
+#. Creation of OpenStack VMs to host Kubernetes Control Plane
-*3.* Creation of OpenStack VMs to host Kubernetes Workers
+#. Creation of OpenStack VMs to host Kubernetes Workers
-*4.* Installation and configuration of RKE to setup an HA Kubernetes
+#. Installation and configuration of RKE to setup an HA Kubernetes
-*5.* Installation and configuration of kubectl
+#. Installation and configuration of kubectl
-*5.* Installation and configuration of helm
+#. Installation and configuration of helm
-*7.* Creation of an NFS Server to be used by ONAP as shared persistance
+#. Creation of an NFS Server to be used by ONAP as shared persistance
There are many ways one can execute the above steps. Including automation through the use of HEAT to setup the OpenStack VMs.
To better illustrate the steps involved, we have captured the manual creation of such an environment using the ONAP Wind River Open Lab.
@@ -62,7 +62,8 @@ Use an existing key pair, import one or create a new one to assign.
For the purpose of this guide, we will assume a new local key called "onap-key"
has been downloaded and is copied into **~/.ssh/**, from which it can be referenced.
-Example:
+Example::
+
> mv onap-key ~/.ssh
> chmod 600 ~/.ssh/onap-key
@@ -250,13 +251,11 @@ in this file.
Run RKE
-------
-From within the same directory as the cluster.yml file, simply execute:
+From within the same directory as the cluster.yml file, simply execute::
> rke up
-The output will look something like:
-
-.. code-block::
+The output will look something like::
INFO[0000] Initiating Kubernetes cluster
INFO[0000] [certificates] Generating admin certificates and kubeconfig
@@ -307,6 +306,9 @@ https://storage.googleapis.com/kubernetes-release/release/v1.13.5/bin/darwin/amd
Validate deployment
-------------------
+
+::
+
> cp kube_config_cluster.yml ~/.kube/config.onap
> export KUBECONFIG=~/.kube/config.onap
@@ -315,7 +317,7 @@ Validate deployment
> kubectl get nodes -o=wide
-.. code-block::
+::
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
onap-control-1 Ready controlplane,etcd 3h53m v1.13.5 10.0.0.8 <none> Ubuntu 18.04 LTS 4.15.0-22-generic docker://18.9.5
@@ -338,7 +340,8 @@ Validate deployment
Install Helm
============
-Example Helm client install on Linux:
+Example Helm client install on Linux::
+
> wget http://storage.googleapis.com/kubernetes-helm/helm-v2.12.3-linux-amd64.tar.gz
> tar -zxvf helm-v2.12.3-linux-amd64.tar.gz
@@ -347,6 +350,9 @@ Example Helm client install on Linux:
Initialize Kubernetes Cluster for use by Helm
---------------------------------------------
+
+::
+
> kubectl -n kube-system create serviceaccount tiller
> kubectl create clusterrolebinding tiller --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index ae22cb25ee..dc10400dfb 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -7,16 +7,16 @@
.. Links
.. _release-notes-label:
-Release Notes
-=============
+ONAP Operations Manager Release Notes
+=====================================
-Version 4.0.0 Dublin Release
-----------------------------
+Version 4.0.0 (Dublin Release)
+------------------------------
-:Release Date: 2019-06-10
+:Release Date: 2019-06-26
Summary
-=======
+-------
**Platform Resiliency**
@@ -55,6 +55,7 @@ Summary
* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_]
* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_]
+* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_]
*Known Vulnerabilities in Used Modules*
@@ -78,7 +79,7 @@ Version 3.0.0 Casablanca Release
:Release Date: 2018-11-30
Summary
-=======
+-------
The focus of this release was on incremental improvements in the following
areas: