diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/cluster.yml | 2 | ||||
| -rw-r--r-- | docs/index.rst | 1 | ||||
| -rw-r--r-- | docs/oom_cloud_setup_guide.rst | 3 | ||||
| -rw-r--r-- | docs/oom_hardcoded_certificates.rst | 8 | ||||
| -rw-r--r-- | docs/oom_project_description.rst | 1 | ||||
| -rw-r--r-- | docs/oom_quickstart_guide.rst | 32 | ||||
| -rw-r--r-- | docs/oom_setup_kubernetes_rancher.rst | 14 | ||||
| -rw-r--r-- | docs/oom_user_guide.rst | 2 | ||||
| -rw-r--r-- | docs/release-notes.rst | 81 |
9 files changed, 101 insertions, 43 deletions
diff --git a/docs/cluster.yml b/docs/cluster.yml index d4962d3478..0757e15a28 100644 --- a/docs/cluster.yml +++ b/docs/cluster.yml @@ -144,7 +144,7 @@ ssh_agent_auth: false authorization: mode: rbac ignore_docker_version: false -kubernetes_version: "v1.13.5-rancher1-2" +kubernetes_version: "v1.15.11-rancher1-2" private_registries: - url: nexus3.onap.org:10001 user: docker diff --git a/docs/index.rst b/docs/index.rst index 340b43be67..c8048d142e 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _master_index: OOM Documentation Repository diff --git a/docs/oom_cloud_setup_guide.rst b/docs/oom_cloud_setup_guide.rst index e3790f88db..2c6eb9a5f8 100644 --- a/docs/oom_cloud_setup_guide.rst +++ b/docs/oom_cloud_setup_guide.rst @@ -2,6 +2,7 @@ .. International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2019 Amdocs, Bell Canada +.. _oom_cloud_setup_guide: .. Links .. _Microsoft Azure: https://wiki.onap.org/display/DW/Cloud+Native+Deployment#CloudNativeDeployment-MicrosoftAzure @@ -53,7 +54,7 @@ The versions of Kubernetes that are supported by OOM are as follows: casablanca 1.11.5 2.9.1 1.11.5 17.03.x dublin 1.13.5 2.12.3 1.13.5 18.09.5 el alto 1.15.2 2.14.2 1.15.2 18.09.x - frankfurt 1.15.9 2.16.3 1.15.9 18.09.x + frankfurt 1.15.9 2.16.6 1.15.11 18.09.x ============== =========== ====== ======== ======== Minimum Hardware Configuration diff --git a/docs/oom_hardcoded_certificates.rst b/docs/oom_hardcoded_certificates.rst index 5aeee2e07f..7706f2cd2d 100644 --- a/docs/oom_hardcoded_certificates.rst +++ b/docs/oom_hardcoded_certificates.rst @@ -20,10 +20,16 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/SEARCH-DATA | Yes | No | No | aai/oom/components/aai-search-data/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | AAI/SPARKY-BE | Yes | No | No | aai/oom/components/aai-spary-be/resources/config/auth/org.onap.aai.p12 | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/BABEL | No | Yes | No | aai/oom/components/aai-babel/resources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | AAI/MODEL-LOADER | Yes | Yes | No | aai/oom/components/aai-model-loaderresources/config/auth/tomcat_keystore | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.keyfile | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | APPC | Yes | No | No | kubernetes/appc/resources/config/certs/org.onap.appc.p12 | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SDC | Yes | No? | No? | kubernetes/sdc/resources/cert | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | SO | Yes | No? | Yes | kubernetes/so/resources/config/certificates | @@ -58,3 +64,5 @@ Here's the list of these certificates: +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ | OOF/OOF-OSDF | Yes | No | No | kubernetes/oof/resources/config | +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ + | CLI | No | Yes | No | kubernetes/cli/resources/certificates | + +------------------+------------------+------------------+--------------------------------------------------------------------------------------------+ diff --git a/docs/oom_project_description.rst b/docs/oom_project_description.rst index 7903b709d8..b8c18dc93f 100644 --- a/docs/oom_project_description.rst +++ b/docs/oom_project_description.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _oom_project_description: ONAP Operations Manager Project ############################### diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index 2607805015..565c43f467 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -2,7 +2,7 @@ .. Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2019 Amdocs, Bell Canada - +.. _oom_quickstart_guide: .. _quick-start-label: OOM Quick Start Guide @@ -23,6 +23,7 @@ available), follow the following instructions to deploy ONAP. where <BRANCH> can be an offical release tag, such as 4.0.0-ONAP for Dublin 5.0.1-ONAP for El Alto +6.0.0-ONAP for Frankfurt **Step 2.** Install Helm Plugins required to deploy ONAP:: @@ -53,6 +54,7 @@ with items like the OpenStack tenant information. d. Update the OpenStack parameters that will be used by robot, SO and APPC helm charts or use an override file to replace them. + e. Add in the command line a value for the global master password (global.masterPassword). @@ -77,7 +79,7 @@ openssl algorithm that works with the python based Robot Framework. c. Generating SO Encrypted Password: The SO Encrypted Password uses a java based encryption utility since the Java encryption library is not easy to integrate with openssl/python that -ROBOT uses in Dublin. +ROBOT uses in Dublin and upper versions. .. note:: To generate SO ``openStackEncryptedPasswordHere`` and ``openStackSoEncryptedPassword`` @@ -98,11 +100,12 @@ ROBOT uses in Dublin. d. Update the OpenStack parameters: -There are assumptions in the demonstration VNF heat templates about the networking -available in the environment. To get the most value out of these templates and the -automation that can help confirm the setup is correct, please observe the following +There are assumptions in the demonstration VNF heat templates about the networking +available in the environment. To get the most value out of these templates and the +automation that can help confirm the setup is correct, please observe the following constraints. + ``openStackPublicNetId:`` This network should allow heat templates to add interfaces. This need not be an external network, floating IPs can be assigned to the ports on @@ -124,7 +127,7 @@ constraints. setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. -Example Keystone v2.0 +Example Keystone v2.0 .. literalinclude:: example-integration-override.yaml :language: yaml @@ -135,7 +138,6 @@ Example Keystone v3 (required for Rocky and later releases) :language: yaml - **Step 4.** To setup a local Helm server to server up the ONAP charts:: > helm serve & @@ -168,13 +170,23 @@ follows:: single command .. note:: - The ``--timeout 900`` is currently required in Dublin to address long running initialization tasks - for DMaaP and SO. Without this timeout value both applications may fail to deploy. + The ``--timeout 900`` is currently required in Dublin and up to address long + running initialization tasks for DMaaP and SO. Without this timeout value both + applications may fail to deploy. + +.. danger:: + We've added the master password on the command line. + You shouldn't put it in a file for safety reason + please don't forget to change the value to something random + + A space is also added in front of the command so "history" doesn't catch it. + This masterPassword is very sensitive, please be careful! + To deploy all ONAP applications use this command:: > cd oom/kubernetes - > helm deploy dev local/onap --namespace onap -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 + > helm deploy dev local/onap --namespace onap --set global.masterPassword=myAwesomePasswordThatINeedToChange -f onap/resources/overrides/onap-all.yaml -f onap/resources/overrides/environment.yaml -f onap/resources/overrides/openstack.yaml --timeout 900 All override files may be customized (or replaced by other overrides) as per needs. diff --git a/docs/oom_setup_kubernetes_rancher.rst b/docs/oom_setup_kubernetes_rancher.rst index 1b5d6d1985..428fa59a4e 100644 --- a/docs/oom_setup_kubernetes_rancher.rst +++ b/docs/oom_setup_kubernetes_rancher.rst @@ -267,16 +267,12 @@ Configure Rancher Kubernetes Engine (RKE) Install RKE ----------- Download and install RKE on a VM, desktop or laptop. -Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v0.2.1 +Binaries can be found here for Linux and Mac: https://github.com/rancher/rke/releases/tag/v1.0.6 RKE requires a *cluster.yml* as input. An example file is show below that describes a Kubernetes cluster that will be mapped onto the OpenStack VMs created earlier in this guide. -Example: **cluster.yml** - -.. image:: images/rke/rke_1.png - Click :download:`cluster.yml <cluster.yml>` to download the configuration file. @@ -341,8 +337,8 @@ Install Kubectl Download and install kubectl. Binaries can be found here for Linux and Mac: -https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/linux/amd64/kubectl -https://storage.googleapis.com/kubernetes-release/release/v1.15.2/bin/darwin/amd64/kubectl +https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/linux/amd64/kubectl +https://storage.googleapis.com/kubernetes-release/release/v1.15.11/bin/darwin/amd64/kubectl You only need to install kubectl where you'll launch kubernetes command. This can be any machines of the kubernetes cluster or a machine that has IP access @@ -388,9 +384,9 @@ Install Helm Example Helm client install on Linux:: - > wget http://storage.googleapis.com/kubernetes-helm/helm-v2.14.2-linux-amd64.tar.gz + > wget https://get.helm.sh/helm-v2.16.6-linux-amd64.tar.gz - > tar -zxvf helm-v2.14.2-linux-amd64.tar.gz + > tar -zxvf helm-v2.16.6-linux-amd64.tar.gz > sudo mv linux-amd64/helm /usr/local/bin/helm diff --git a/docs/oom_user_guide.rst b/docs/oom_user_guide.rst index 4cc1ab6d22..7340ddf7fd 100644 --- a/docs/oom_user_guide.rst +++ b/docs/oom_user_guide.rst @@ -1,6 +1,7 @@ .. This work is licensed under a Creative Commons Attribution 4.0 International License. .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2018 Amdocs, Bell Canada +.. _oom_user_guide: .. Links .. _Curated applications for Kubernetes: https://github.com/kubernetes/charts @@ -403,6 +404,7 @@ below:: 10.12.6.155 msb.api.simpledemo.onap.org 10.12.6.155 clamp.api.simpledemo.onap.org 10.12.6.155 so.api.simpledemo.onap.org + 10.12.6.155 sdc.workflow.plugin.simpledemo.onap.org Ensure you've disabled any proxy settings the browser you are using to access the portal and then simply access now the new ssl-encrypted URL: diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 154c6ab1cd..41e42b5cc4 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -3,15 +3,68 @@ .. http://creativecommons.org/licenses/by/4.0 .. Copyright 2017 Bell Canada & Amdocs Intellectual Property. All rights .. reserved. - -.. Links -.. _release-notes-label: +.. _release_notes: ONAP Operations Manager Release Notes ===================================== +Version 6.0.0 (Frankfurt Release) +--------------------------------- + +:Release Date: 2020-xx-xx + +Summary +------- + +The focus of this release is to strengthen the foundation of OOM installer. +A list of issues resolved in this release can be found here: https://jira.onap.org/projects/OOM/versions/10826 + +**Software Requirements** + +* Upgraded to Kubernetes 1.15.x and Helm 2.16.x + +**Hardcoded Password removal** + +* All mariadb galera password are not hardcoded + +**New Features** + +* Ingress deployment is getting more and more usable +* Use of dynamic Persistent Volume is available + +**Bug Fixes** + +**Known Issues** + +The following known issues will be addressed in a future release: + +* [`OOM-2075 <https://jira.onap.org/browse/OOM-2075>`_] - https://jira.onap.org/browse/OOM-2075 + +**Security Notes** + +*Fixed Security Issues* + +* In default deployment OOM (consul-server-ui) exposes HTTP port 30270 outside of cluster. [`OJSI-134 <https://jira.onap.org/browse/OJSI-134>`_] +* CVE-2019-12127 - OOM exposes unprotected API/UI on port 30270 [`OJSI-202 <https://jira.onap.org/browse/OJSI-202>`_] + +*Known Security Issues* + +* Hard coded password used for all oom deployments [`OJSI-188 <https://jira.onap.org/browse/OJSI-188>`_] + +*Known Vulnerabilities in Used Modules* + +OOM code has been formally scanned during build time using NexusIQ and no +Critical vulnerability was found. + +Quick Links: + + - `OOM project page <https://wiki.onap.org/display/DW/ONAP+Operations+Manager+Project>`_ + + - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ + + Version 5.0.1 (El Alto Release) ----------------------------------- +------------------------------- :Release Date: 2019-10-10 @@ -61,22 +114,6 @@ Quick Links: - `Passing Badge information for OOM <https://bestpractices.coreinfrastructure.org/en/projects/1631>`_ -Version 6.0.0 (Frankfurt) ----------------------------------- - -:Release Date: 2020-05-14 - -Summary -------- - -**Software Requirements** - -* Upgraded to Kubernetes 1.15.x and Helm 2.16.x - -**Hardcoded Password removal** - -* All mariadb galera password are not hardcoded - Version 5.0.0 (El Alto Early Drop) ---------------------------------- @@ -120,7 +157,7 @@ Summary * Automated rolling upgrades for applications * In-place schema and data migrations * Blue-Green deployment environment migration (e.g. Pre-prod to Prod) - * Upgrades from embedded database instance into shared database instance + * Upgrades from embedded database instance into shared database instance * Release-to-release upgrade support delivered for the following projects @@ -268,7 +305,7 @@ Story * [`OOM-52 <https://jira.onap.org/browse/OOM-52>`_] - OOM ONAP Configuration Management - Parameterization of docker images * [`OOM-53 <https://jira.onap.org/browse/OOM-53>`_] - OOM ONAP Configuration Management - Parameterization for Sizing * [`OOM-63 <https://jira.onap.org/browse/OOM-63>`_] - Kubernetes cluster created by TOSCA description -* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the “Lab” project environment +* [`OOM-85 <https://jira.onap.org/browse/OOM-85>`_] - Test the code in the "Lab" project environment * [`OOM-86 <https://jira.onap.org/browse/OOM-86>`_] - Monitoring the health status of ONAP components * [`OOM-87 <https://jira.onap.org/browse/OOM-87>`_] - Configure TOSCA description via dashboard * [`OOM-88 <https://jira.onap.org/browse/OOM-88>`_] - Deploy Holmes on K8S cluster by TOSCA description |