diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/oom_quickstart_guide.rst | 109 | ||||
-rw-r--r-- | docs/oom_user_guide.rst | 2 | ||||
-rw-r--r-- | docs/release-notes.rst | 53 | ||||
-rw-r--r-- | docs/slave_nfs_node.sh | 2 |
4 files changed, 106 insertions, 60 deletions
diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 2399dc3c7e..2607805015 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -29,25 +29,25 @@ where <BRANCH> can be an offical release tag, such as > sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm -**Step 3.** Customize the helm charts like oom/kubernetes/onap/values.yaml or an override -file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deployment with items like the -OpenStack tenant information. +**Step 3.** Customize the helm charts like `oom/kubernetes/onap/values.yaml` or an override +file like `onap-all.yaml`, `onap-vfw.yaml` or `openstack.yaml` file to suit your deployment +with items like the OpenStack tenant information. .. note:: - Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in - the oom/kubernetes/onap/resources/overrides/ directory. + Standard and example override files (e.g. `onap-all.yaml`, `openstack.yaml`) can be found in + the `oom/kubernetes/onap/resources/overrides/` directory. a. You may want to selectively enable or disable ONAP components by changing - the `enabled: true/false` flags. + the ``enabled: true/false`` flags. - b. Encyrpt the OpenStack password using the shell tool for robot and put it in - the robot helm charts or robot section of openstack.yaml + b. Encrypt the OpenStack password using the shell tool for robot and put it in + the robot helm charts or robot section of `openstack.yaml` c. Encrypt the OpenStack password using the java based script for SO helm charts - or SO section of openstack.yaml. + or SO section of `openstack.yaml`. d. Update the OpenStack parameters that will be used by robot, SO and APPC helm @@ -60,7 +60,7 @@ a. Enabling/Disabling Components: Here is an example of the nominal entries that need to be provided. We have different values file available for different contexts. -.. literalinclude:: onap-values.yaml +.. literalinclude:: ../kubernetes/onap/values.yaml :language: yaml @@ -69,11 +69,10 @@ The ROBOT encrypted Password uses the same encryption.key as SO but an openssl algorithm that works with the python based Robot Framework. .. note:: - To generate ROBOT openStackEncryptedPasswordHere : + To generate ROBOT ``openStackEncryptedPasswordHere``:: - ``cd so/resources/config/mso/`` - - ``/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p`` + cd so/resources/config/mso/ + /oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p`` c. Generating SO Encrypted Password: The SO Encrypted Password uses a java based encryption utility since the @@ -81,23 +80,21 @@ Java encryption library is not easy to integrate with openssl/python that ROBOT uses in Dublin. .. note:: - To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword: - - SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key` - - OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX - - git clone http://gerrit.onap.org/r/integration + To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword`` + ensure `default-jdk` is installed:: - cd integration/deployment/heat/onap-rke/scripts + apt-get update; apt-get install default-jdk + Then execute:: - javac Crypto.java + SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key` + OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX - [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ] - - java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY" + git clone http://gerrit.onap.org/r/integration + cd integration/deployment/heat/onap-rke/scripts + javac Crypto.java + java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY" d. Update the OpenStack parameters: @@ -106,35 +103,34 @@ available in the environment. To get the most value out of these templates and t automation that can help confirm the setup is correct, please observe the following constraints. -openStackPublicNetId: - -This network should allow heat templates to add interfaces. -This need not be an external network, floating IPs can be assigned to the ports on -the VMs that are created by the heat template but its important that neutron allow -ports to be created on them. - -openStackPrivateNetCidr: "10.0.0.0/16" +``openStackPublicNetId:`` + This network should allow heat templates to add interfaces. + This need not be an external network, floating IPs can be assigned to the ports on + the VMs that are created by the heat template but its important that neutron allow + ports to be created on them. -This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity. -The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the -demonstration ip addressing plan embodied in the preload template prevent conflicts when -instantiating the various VNFs. If you need to change this, you will need to modify the preload -data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data -in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect -to create. +``openStackPrivateNetCidr: "10.0.0.0/16"`` + This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity. + The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the + demonstration ip addressing plan embodied in the preload template prevent conflicts when + instantiating the various VNFs. If you need to change this, you will need to modify the preload + data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data + in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect + to create. -openStackOamNetworkCidrPrefix: "10.0" - -This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the -robot scripts for demonstration. A production deployment need not worry about this -setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. +``openStackOamNetworkCidrPrefix: "10.0"`` + This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the + robot scripts for demonstration. A production deployment need not worry about this + setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. Example Keystone v2.0 + .. literalinclude:: example-integration-override.yaml :language: yaml Example Keystone v3 (required for Rocky and later releases) + .. literalinclude:: example-integration-override-v3.yaml :language: yaml @@ -166,13 +162,13 @@ follows:: .. literalinclude:: helm-search.txt .. note:: - The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use `make` to update your local Helm repository. + The setup of the Helm repository is a one time activity. If you make changes to your deployment charts or values be sure to use ``make`` to update your local Helm repository. **Step 8.** Once the repo is setup, installation of ONAP can be done with a single command .. note:: - The --timeout 900 is currently required in Dublin to address long running initialization tasks + The ``--timeout 900`` is currently required in Dublin to address long running initialization tasks for DMaaP and SO. Without this timeout value both applications may fail to deploy. To deploy all ONAP applications use this command:: @@ -182,18 +178,15 @@ To deploy all ONAP applications use this command:: All override files may be customized (or replaced by other overrides) as per needs. -onap-all.yaml - +`onap-all.yaml` Enables the modules in the ONAP deployment. As ONAP is very modular, it is possible to customize ONAP and disable some components through this configuration file. -environment.yaml - +`environment.yaml` Includes configuration values specific to the deployment environment. Example: adapt readiness and liveness timers to the level of performance of your infrastructure -openstack.yaml - +`openstack.yaml` Includes all the Openstack related information for the default target tenant you want to use to deploy VNFs from ONAP and/or additional parameters for the embedded tests. **Step 9.** Verify ONAP installation @@ -205,12 +198,12 @@ Use the following to monitor your deployment and determine when ONAP is ready fo .. note:: While all pods may be in a Running state, it is not a guarantee that all components are running fine. - Launch the healthcheck tests using Robot to verify that the components are healthy. + Launch the healthcheck tests using Robot to verify that the components are healthy:: - > ~/oom/kubernetes/robot/ete-k8s.sh onap health + > ~/oom/kubernetes/robot/ete-k8s.sh onap health -**Step 10.** Undeploy ONAP +**Step 10.** Undeploy ONAP:: -> helm undeploy dev --purge + > helm undeploy dev --purge More examples of using the deploy and undeploy plugins can be found here: https://wiki.onap.org/display/DW/OOM+Helm+%28un%29Deploy+plugins diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index f19924dd17..48701f7c31 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -250,7 +250,7 @@ precedence of all. The top level onap/values.yaml file contains the values required to be set before deploying ONAP. Here is the contents of this file: -.. include:: onap_values.yaml +.. include:: ../kubernetes/onap/values.yaml :code: yaml One may wish to create a value file that is specific to a given deployment such diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 01e3524666..fd90a37428 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -10,6 +10,59 @@ ONAP Operations Manager Release Notes ===================================== +Version 5.0.1 (El Alto Release) +---------------------------------- + +:Release Date: 2019-10-10 + +Summary +------- + +The focus of this release was on maintanence and as such no new features were delivered. +A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10726 + +**New Features** + +**Bug Fixes** + +* 25 defects addressed (see link above) + +**Known Issues** + +The following known issues will be addressed in a future release: + +* [`OOM-1480 <https://jira.onap.org/browse/OOM-1480>`_] - postgres chart does not set root password when installing on an existing database instances +* [`OOM-1966 <https://jira.onap.org/browse/OOM-1966>`_] - ONAP on HA Kubernetes Cluster - Documentation update +* [`OOM-1995 <https://jira.onap.org/browse/OOM-1995>`_] - Mariadb Galera cluster pods keep failing +* [`OOM-2061 <https://jira.onap.org/browse/OOM-2061>`_] - Details Missing for installing the kubectl section +* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - Invalid MTU for Canal CNI interfaces +* [`OOM-2080 <https://jira.onap.org/browse/OOM-2080>`_] - Need for "ReadWriteMany" access on storage when deploying on Kubernetes? +* [`OOM-2091 <https://jira.onap.org/browse/OOM-2091>`_] - incorrect release deployed +* [`OOM-2132 <https://jira.onap.org/browse/OOM-2132>`_] - Common Galera server.cnf does not contain Camunda required settings + +**Security Notes** + +*Fixed Security Issues* + +*Known Security Issues* + +* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_] +* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] +* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_] + +*Known Vulnerabilities in Used Modules* + +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. + +Quick Links: + + - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ + + - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ + + + Version 5.0.0 (El Alto Early Drop) ---------------------------------- diff --git a/docs/slave_nfs_node.sh b/docs/slave_nfs_node.sh index 5cb164ccac..fb2e230b7a 100644 --- a/docs/slave_nfs_node.sh +++ b/docs/slave_nfs_node.sh @@ -22,4 +22,4 @@ sudo mkdir -p /dockerdata-nfs #Mount the remote NFS directory to the local one sudo mount $MASTER_IP:/dockerdata-nfs /dockerdata-nfs/ -echo "$MASTER_IP:/dockerdata-nfsĀ /dockerdata-nfs nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab +echo "$MASTER_IP:/dockerdata-nfs /dockerdata-nfs nfs auto,nofail,noatime,nolock,intr,tcp,actimeo=1800 0 0" | sudo tee -a /etc/fstab |