1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
|
Integrate ONAP with Nokia VNFM
==============================
The following section describes how to integrate the Nokia Virtualized Network Function Manager (VNFM) into ONAP.
Prepare the VNFM
----------------
* Start the VNFM.
- The VNFM must be able to communicate with the ONAP VF-C interface, the virtualized infrastructure manager (VIM) and the virtualized network function (VNF), so the VNFM must
have the correct network setup. The VNFM uses lifecycle notifications (LCNs) to notify the VF-C about the executed changes, therefore, the LCN zone of the
VNFM must be configured so that the VNFM is able to reach the VF-C LCN interface.
* Register driver in CBAM
- Using SSH, log in to the CloudBand Application Manager (CBAM) virtual machine as cbam user and determine the Keycloak
auto-generated admin password with the following command: ectl get /cbam/cluster/components/keycloak/admin_credentials/password
- Copy the printout of the command.
- Access the Keycloak login page with the following URL: https://<cbamIp>/auth/admin where <cbamIp> is the FQDN or IP
address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port.
Result: The Keycloak Administration Console login page loads up.
- Log in to Keycloak with the 'admin' username and the auto-generated admin password you copied to clipboard, then change the auto-generated password and note the new password.
Result: You are logged in to the Keycloak Administration Console.
- Add a new client on Keycloak:
- From the Configure menu, select Clients.
- Result: The Clients pane appears.
- Click Create.
- Result: The Add Client pane appears.
- Set the Client ID to onapClientId and click Save. Note the Client ID which will be referred to as <clientId>.
- Result: The following notification appears: Success! The client has been created. The new client's profile page appears.
- Customize the following settings for the newly created client:
- Access Type: select confidential. Keycloak will generate a client secret that serves as a type of password for your client.
- Make sure the following settings are ON: Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled, Authorization Enabled
- Type * in the Valid Redirect URIs field.
- Click Save.
- Result: The following notification appears: Success! Your changes have been saved to the client.
- Note the Client Secret which will be referred to as <clientSecret>:
- Select the Credentials tab.
- From the Client Authenticator drop-down list, select the Client ID and Secret and check the value of Secret.
- Add a new user on Keycloak:
- From the Manage menu, select Users.
- Result: The Users pane appears.
- Click Add user and define the parameters for the creation:
- Username: onap
- Note the username, it will be referred to as <onapUsername>.
- User Enabled: make sure it is On.
- Click Save.
- Result: The following notification appears: Success! The user has been created. The new user's profile page appears.
- Create a password for the user: select the Credentials tab on the user profile and set the password.
- Note: The user is prompted to change this password when logging in to CBAM for the first time.
- Assign the "user" role to the created user:
- Select the Role Mappings tab on the user profile.
- Select the "user" role from the Available Roles box, then click Add selected.
- Access the CBAM GUI login page with the following URL: https://<cbamIp> where <cbamIp> is the FQDN or IP address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port.
- Log in to CBAM GUI using the created user.
- Change and note the password which will be referred to as <onapPassword>.
- Using SSH, add SSL certificates for all VIM connections or disable certificate verification as follows:
- For insecure connection (all certificates are automatically trusted)
- execute the below commands in the following order:
.. code-block:: console
sudo su -
ectl set /cbam/cluster/components/tlm/insecure_vim_connection true
ectl set /actions/reconfigure start
journalctl -fu cbam-reconfigure.service
- Wait for the "Started cbam-reconfigure.service." message.
- For secure connection : read the CBAM documentation.
Prepare /ets/hosts file on your laptop
--------------------------------------
Note: This is an optional step with which it is easier to copy paste URLs
* Using the OpenStack Horizon Dashboard, find the ONAP servers you have deployed and note their IP addresses.
* Depending on your operating system, use the respective method to prepare an /ets/hosts file to link the DNS servers to the corresponding IP addresses, see the table below:
+-------------------+---------------------------------+
| IP address | DNS entry |
+===================+=================================+
| <fill IP address> | portal.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | policy.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | sdc.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | vid.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | aai.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | msb.api.simpledemo.onap.org |
+-------------------+---------------------------------+
| <fill IP address> | robot.api.simpledemo.onap.org |
+-------------------+---------------------------------+
Add the VNFM driver to ONAP
---------------------------
- Locate and note the IP address of the MSB (MSB_IP) on the OpenStack Horizon Dashboard. Look at the VM instances of ONAP and find one with vm1-multi-service name. This is where the MSB is located.
- Create VIM in A&AI Note:
- The VIM may already exist.
- Repeat this step for all VIMs planned to be used.
- Go to http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vim/vimView.html
- Result: The ONAP platform opens.
- On the platform, click Register.
- Result: The registration form opens.
- Fill in the fields.
- Note: Cloud credentials are supplied by the VNF integrator.
- To obtain the value of the Auth URL field and the tenant id (which will be required later), follow these steps:
- Note: The actual steps depend on the OpenStack Dashboard version and vendor.
- Go to OpenStack Horizon Dashboard.
- Select the Project main tab.
- Select the API Access tab.
- Click View Credentials.
- Copy the value of Authentication URL and paste it in the Auth URL field.
- Note the value of Project ID: this is the <tenantId> which will be required later (Repeat this step for all tenants planned to be used within the VIM.)
- Click Save.
- Result: The driver has been successfully added.
- Create tenant
- Note:
- The tenant may already exist.
- Repeat this step for all tenants planned to be used within the VIM.
- Using a REST client of your choice, send a request to the following URL: https://aai.api.simpledemo.onap.org:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/<cloudOwner>/<cloudRegion>/tenants/tenant/<tenantId>
- download the content of the request: `aai.create.tenant.request.json <sample/aai.create.tenant.request.json>`
- In the request URL and in the content of the request, substitute <tenantId>, <cloudRegion> and <cloudOwner> with the respective values.
- HTTP method: PUT
- Set the following values in the Header of the request:
- basic auth AAI:AAI
- X-FromAppId : any
- Content-type: application/json
- Accept: application/json
- Register the VNFM as an external system:
- Access the following URL: http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vnfm/vnfmView.html
- Result: The ONAP platform opens
- The VNFM has four end points. These end points must be configured in the external system configuration of the VNFM.
- Authentication endpoint: https://$CBAM_IP:443/auth/
- Life-cycle management endpoint: https://<cbamIp>:443/vnfm/lcm/v3/
- Life-cycle change notification endpoint: https://<cbamIp>:443/vnfm/lcn/v3/
- Catalog endpoint: https://<cbamIp>:443/api/catalog/adapter/
- On the platform, click Register.
- Result: The registration form opens.
- Fill in the fields as follows:
- Note: Cloud credentials are supplied by the VNF integrator.
+-----------------+------------------------------------------+
| key | Value |
+-----------------+------------------------------------------+
| Name | CbamVnfm |
+-----------------+------------------------------------------+
| type | NokiaSVNFM |
+-----------------+------------------------------------------+
| Vendor | Nokia |
+-----------------+------------------------------------------+
| version | v1 |
+-----------------+------------------------------------------+
| URL | <authUrl>_<lcmUrl>_<lcnUrl>_<catalogUrl> |
+-----------------+------------------------------------------+
| VIM | any |
+-----------------+------------------------------------------+
| certificate URL | |
+-----------------+------------------------------------------+
| Username | <onapUsername>_<clientId> |
+-----------------+------------------------------------------+
| Password | <onapPassword>_<clientSecret> |
+-----------------+------------------------------------------+
- Click Save.
- Result: The registration has been completed.
- Determine the UUID of the VNFM:
- Access the following URL: http://msb.api.simpledemo.onap.org:9518/api/aai-esr-server/v1/vnfms
- Look for the previously registered VNFM and note the value of <vnfmId>.
Configure the SVNFM driver (generic)
------------------------------------
- Using SSH, download the CBAM SVNFM driver by executing the following command:
docker pull https://nexus.onap.org/content/sites/raw/onap/vfc/nfvo/svnfm/nokiav2:1.1.0-STAGING-latest
- Determine the IMAGE ID:
- Execute the following command: docker images
- Find the required image and note the IMAGE ID.
- Start the driver:
- Fill in the required values and execute the following:
.. code-block:: console
export MULTI_NODE_IP=<multiNodeIp>
export VNFM_ID=<vnfmId>
export IMAGE_ID=<imageId>
docker run --name vfc_nokia -p 8089:8089 -e "MSB_IP=$MULTI_NODE_IP" -e "CONFIGURE=kuku" -e "EXTERNAL_IP=$MULTI_NODE_IP" -e "VNFM_ID=$VNFM_ID" -d --stop-timeout 300 $IMAGE_ID
- Determine the identifier of the container:
- Execute the following command: docker ps
- Find the required container and note the CONTAINER ID (first column/first row on the list).
- Verify if the VNFM driver has been successfully started by executing the following commands:
.. code-block:: console
execute docker exec -it <containerId> /bin/bash
execute tail -f service.log
- Result: The SVNFM integration is successful if the end of the command output contains "Started NokiaSvnfmApplication".
- Verify if the SVNFM is registered into MSB:
- Go to http://msb.api.simpledemo.onap.org/msb
- Check if NokiaSVNFM micro service is present in the boxes.
Configure the SVNFM driver (ONAP demo environment)
--------------------------------------------------
This step is executed instead of the "Configure the SVNFM driver (generic)" in case of an ONAP demo environment.
- Configure the already running instance:
- Execute the following command: docker exec -it `docker ps | grep nokiav2 | awk '{print $1}'` /bin/bash
- Edit /service/application.properties:
- In this file, change the default values of the following keys to the correct values: vnfmId
- Restart the VNFM service
- Execute the following command: ps -ef | grep java |
|