Integrate ONAP with Nokia VNFM ============================== The following section describes how to integrate the Nokia Virtualized Network Function Manager (VNFM) into ONAP. Prepare the VNFM ---------------- * Start the VNFM. - The VNFM must be able to communicate with the ONAP VF-C interface, the virtualized infrastructure manager (VIM) and the virtualized network function (VNF), so the VNFM must have the correct network setup. The VNFM uses lifecycle notifications (LCNs) to notify the VF-C about the executed changes, therefore, the LCN zone of the VNFM must be configured so that the VNFM is able to reach the VF-C LCN interface. * Register driver in CBAM - Using SSH, log in to the CloudBand Application Manager (CBAM) virtual machine as cbam user and determine the Keycloak auto-generated admin password with the following command: ectl get /cbam/cluster/components/keycloak/admin_credentials/password - Copy the printout of the command. - Access the Keycloak login page with the following URL: https:///auth/admin where is the FQDN or IP address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port. Result: The Keycloak Administration Console login page loads up. - Log in to Keycloak with the 'admin' username and the auto-generated admin password you copied to clipboard, then change the auto-generated password and note the new password. Result: You are logged in to the Keycloak Administration Console. - Add a new client on Keycloak: - From the Configure menu, select Clients. - Result: The Clients pane appears. - Click Create. - Result: The Add Client pane appears. - Set the Client ID to onapClientId and click Save. Note the Client ID which will be referred to as . - Result: The following notification appears: Success! The client has been created. The new client's profile page appears. - Customize the following settings for the newly created client: - Access Type: select confidential. Keycloak will generate a client secret that serves as a type of password for your client. - Make sure the following settings are ON: Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled, Authorization Enabled - Type * in the Valid Redirect URIs field. - Click Save. - Result: The following notification appears: Success! Your changes have been saved to the client. - Note the Client Secret which will be referred to as : - Select the Credentials tab. - From the Client Authenticator drop-down list, select the Client ID and Secret and check the value of Secret. - Add a new user on Keycloak: - From the Manage menu, select Users. - Result: The Users pane appears. - Click Add user and define the parameters for the creation: - Username: onap - Note the username, it will be referred to as . - User Enabled: make sure it is On. - Click Save. - Result: The following notification appears: Success! The user has been created. The new user's profile page appears. - Create a password for the user: select the Credentials tab on the user profile and set the password. - Note: The user is prompted to change this password when logging in to CBAM for the first time. - Assign the "user" role to the created user: - Select the Role Mappings tab on the user profile. - Select the "user" role from the Available Roles box, then click Add selected. - Access the CBAM GUI login page with the following URL: https:// where is the FQDN or IP address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port. - Log in to CBAM GUI using the created user. - Change and note the password which will be referred to as . - Using SSH, add SSL certificates for all VIM connections or disable certificate verification as follows: - For insecure connection (all certificates are automatically trusted) - execute the below commands in the following order: .. code-block:: console sudo su - ectl set /cbam/cluster/components/tlm/insecure_vim_connection true ectl set /actions/reconfigure start journalctl -fu cbam-reconfigure.service - Wait for the "Started cbam-reconfigure.service." message. - For secure connection : read the CBAM documentation. Prepare /ets/hosts file on your laptop -------------------------------------- Note: This is an optional step with which it is easier to copy paste URLs * Using the OpenStack Horizon Dashboard, find the ONAP servers you have deployed and note their IP addresses. * Depending on your operating system, use the respective method to prepare an /ets/hosts file to link the DNS servers to the corresponding IP addresses, see the table below: +-------------------+---------------------------------+ | IP address | DNS entry | +===================+=================================+ | | portal.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | policy.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | sdc.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | vid.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | aai.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | msb.api.simpledemo.onap.org | +-------------------+---------------------------------+ | | robot.api.simpledemo.onap.org | +-------------------+---------------------------------+ Add the VNFM driver to ONAP --------------------------- - Locate and note the IP address of the MSB (MSB_IP) on the OpenStack Horizon Dashboard. Look at the VM instances of ONAP and find one with vm1-multi-service name. This is where the MSB is located. - Create VIM in A&AI Note: - The VIM may already exist. - Repeat this step for all VIMs planned to be used. - Go to http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vim/vimView.html - Result: The ONAP platform opens. - On the platform, click Register. - Result: The registration form opens. - Fill in the fields. - Note: Cloud credentials are supplied by the VNF integrator. - To obtain the value of the Auth URL field and the tenant id (which will be required later), follow these steps: - Note: The actual steps depend on the OpenStack Dashboard version and vendor. - Go to OpenStack Horizon Dashboard. - Select the Project main tab. - Select the API Access tab. - Click View Credentials. - Copy the value of Authentication URL and paste it in the Auth URL field. - Note the value of Project ID: this is the which will be required later (Repeat this step for all tenants planned to be used within the VIM.) - Click Save. - Result: The driver has been successfully added. - Create tenant - Note: - The tenant may already exist. - Repeat this step for all tenants planned to be used within the VIM. - Using a REST client of your choice, send a request to the following URL: https://aai.api.simpledemo.onap.org:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region///tenants/tenant/ - download the content of the request: `aai.create.tenant.request.json ` - In the request URL and in the content of the request, substitute , and with the respective values. - HTTP method: PUT - Set the following values in the Header of the request: - basic auth AAI:AAI - X-FromAppId : any - Content-type: application/json - Accept: application/json - Register the VNFM as an external system: - Access the following URL: http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vnfm/vnfmView.html - Result: The ONAP platform opens - The VNFM has four end points. These end points must be configured in the external system configuration of the VNFM. - Authentication endpoint: https://$CBAM_IP:443/auth/ - Life-cycle management endpoint: https://:443/vnfm/lcm/v3/ - Life-cycle change notification endpoint: https://:443/vnfm/lcn/v3/ - Catalog endpoint: https://:443/api/catalog/adapter/ - On the platform, click Register. - Result: The registration form opens. - Fill in the fields as follows: - Note: Cloud credentials are supplied by the VNF integrator. +-----------------+------------------------------------------+ | key | Value | +-----------------+------------------------------------------+ | Name | CbamVnfm | +-----------------+------------------------------------------+ | type | NokiaSVNFM | +-----------------+------------------------------------------+ | Vendor | Nokia | +-----------------+------------------------------------------+ | version | v1 | +-----------------+------------------------------------------+ | URL | ___ | +-----------------+------------------------------------------+ | VIM | any | +-----------------+------------------------------------------+ | certificate URL | | +-----------------+------------------------------------------+ | Username | _ | +-----------------+------------------------------------------+ | Password | _ | +-----------------+------------------------------------------+ - Click Save. - Result: The registration has been completed. - Determine the UUID of the VNFM: - Access the following URL: http://msb.api.simpledemo.onap.org:9518/api/aai-esr-server/v1/vnfms - Look for the previously registered VNFM and note the value of . Configure the SVNFM driver (generic) ------------------------------------ - Using SSH, download the CBAM SVNFM driver by executing the following command: docker pull https://nexus.onap.org/content/sites/raw/onap/vfc/nfvo/svnfm/nokiav2:1.1.0-STAGING-latest - Determine the IMAGE ID: - Execute the following command: docker images - Find the required image and note the IMAGE ID. - Start the driver: - Fill in the required values and execute the following: .. code-block:: console export MULTI_NODE_IP= export VNFM_ID= export IMAGE_ID= docker run --name vfc_nokia -p 8089:8089 -e "MSB_IP=$MULTI_NODE_IP" -e "CONFIGURE=kuku" -e "EXTERNAL_IP=$MULTI_NODE_IP" -e "VNFM_ID=$VNFM_ID" -d --stop-timeout 300 $IMAGE_ID - Determine the identifier of the container: - Execute the following command: docker ps - Find the required container and note the CONTAINER ID (first column/first row on the list). - Verify if the VNFM driver has been successfully started by executing the following commands: .. code-block:: console execute docker exec -it /bin/bash execute tail -f service.log - Result: The SVNFM integration is successful if the end of the command output contains "Started NokiaSvnfmApplication". - Verify if the SVNFM is registered into MSB: - Go to http://msb.api.simpledemo.onap.org/msb - Check if NokiaSVNFM micro service is present in the boxes. Configure the SVNFM driver (ONAP demo environment) -------------------------------------------------- This step is executed instead of the "Configure the SVNFM driver (generic)" in case of an ONAP demo environment. - Configure the already running instance: - Execute the following command: docker exec -it `docker ps | grep nokiav2 | awk '{print $1}'` /bin/bash - Edit /service/application.properties: - In this file, change the default values of the following keys to the correct values: vnfmId - Restart the VNFM service - Execute the following command: ps -ef | grep java |