summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--docs/Chapter2/index.rst15
-rw-r--r--docs/Chapter4/Resiliency.rst2
-rw-r--r--docs/Chapter5/Heat/ONAP Heat Networking.rst4
-rw-r--r--docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Neutron Parameters.rst6
-rw-r--r--docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Nova Parameters.rst6
-rw-r--r--docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Resource IDs.rst4
-rw-r--r--docs/Chapter5/Tosca.rst6
-rwxr-xr-xdocs/Chapter7/Configuration-Management.rst304
-rwxr-xr-xdocs/Chapter7/Monitoring-And-Management.rst24
-rw-r--r--docs/Chapter7/PNF-Plug-and-Play.rst4
-rw-r--r--docs/Chapter8/Ansible-JSON-Key-Value-Description.rst2
-rw-r--r--docs/Chapter8/Ansible-Playbook-Examples.rst26
-rw-r--r--docs/changes-by-section-casablanca.rst1010
13 files changed, 710 insertions, 703 deletions
diff --git a/docs/Chapter2/index.rst b/docs/Chapter2/index.rst
index 6e25788..5a5fed9 100644
--- a/docs/Chapter2/index.rst
+++ b/docs/Chapter2/index.rst
@@ -132,7 +132,7 @@ Glossary
Identity and Access Management
IPSec
- IP Security
+ IP Security
JMS
Java Message Service
@@ -153,7 +153,7 @@ Glossary
Lightweight Directory Access Protocol
LTE
- Long-Term Evolution
+ Long-Term Evolution
MD5
Message-Digest Algorithm
@@ -198,7 +198,7 @@ Glossary
Open Platform for Network Functions Virtualization
OWASP
- Open Web Application Security Project
+ Open Web Application Security Project
PCEF
Policy and Charging Enforcement Function
@@ -243,7 +243,7 @@ Glossary
Security Assertion Markup Language
SCEP
- Simple Certificate Enrollment Protocol
+ Simple Certificate Enrollment Protocol
SDN
Software-Defined Networking
@@ -255,7 +255,7 @@ Glossary
Secure Hash Algorithm
SLA
- Service Level Agreement
+ Service Level Agreement
SNMP
Simple Network Management Protocol
@@ -282,7 +282,7 @@ Glossary
Threshold Crossing Alert
TLS
- Transport Layer Security
+ Transport Layer Security
TOSCA
Topology and Orchestration Specification for Cloud Applications
@@ -372,4 +372,5 @@ Submitting Feedback
------------------------------------
Please refer to the `VNF Requirements - How to Contribute <https://wiki.onap.org/display/DW/VNFRQTS+How+to+Contribute>`__
guide for instructions on how to create issues or contribute changes to the
-VNF Requirements project. \ No newline at end of file
+VNF Requirements project.
+
diff --git a/docs/Chapter4/Resiliency.rst b/docs/Chapter4/Resiliency.rst
index dbe41ff..ccfdf2d 100644
--- a/docs/Chapter4/Resiliency.rst
+++ b/docs/Chapter4/Resiliency.rst
@@ -718,4 +718,4 @@ of a VNF or VM and store it (Openstack).
:keyword: MUST
:introduced: casablanca
- The VNF **MUST** support ONAP Controller's Snapshot command. \ No newline at end of file
+ The VNF **MUST** support ONAP Controller's Snapshot command.
diff --git a/docs/Chapter5/Heat/ONAP Heat Networking.rst b/docs/Chapter5/Heat/ONAP Heat Networking.rst
index 09a2244..8149a8a 100644
--- a/docs/Chapter5/Heat/ONAP Heat Networking.rst
+++ b/docs/Chapter5/Heat/ONAP Heat Networking.rst
@@ -173,10 +173,10 @@ or an external gateway or router
* If the network name in is used to reference the network, the output
parameter name in the base template **MUST** follow the naming convention
``int_{network-role}_net_name``
-
+
``{network-role}`` **MUST** be the network-role of the internal network
created in the Base Module.
-
+
``The Base Module Output Parameter MUST be declared in the ``parameters:``
section of the Incremental Module(s) where the ``OS::Neutron::Port``
resource(s) is attaching to the internal network.
diff --git a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Neutron Parameters.rst b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Neutron Parameters.rst
index d2a7240..eb02322 100644
--- a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Neutron Parameters.rst
+++ b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Neutron Parameters.rst
@@ -1499,11 +1499,11 @@ VIP Assignment, External Networks, Supported by Automation
OS::Nova::Server
* ``{network-role}`` is the {network-role} of the external
network
-
+
And the parameter **MUST** be declared as ``type: string``
and **MUST** be enumerated in the environment file.
- OR
+ OR
the parameter name **MUST** follow the
naming convention
@@ -1516,7 +1516,7 @@ VIP Assignment, External Networks, Supported by Automation
OS::Nova::Server
* ``{network-role}`` is the {network-role} of the external
network
-
+
And the parameter **MUST** be declared as ``type: comma_delimited_list``
and **MUST** be enumerated in the environment file.
diff --git a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Nova Parameters.rst b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Nova Parameters.rst
index 0876628..4cbf3f5 100644
--- a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Nova Parameters.rst
+++ b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Nova Parameters.rst
@@ -376,10 +376,10 @@ Property: availability_zone
:updated: casablanca
The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
- property ``availability_zone`` parameter name
+ property ``availability_zone`` parameter name
**MUST** follow the naming convention
-
- * ``availability_zone_{index}``
+
+ * ``availability_zone_{index}``
where ``{index}`` is a numeric value that **MUST** start at zero
in a VNF's Heat Orchestration Templates and **MUST**
diff --git a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Resource IDs.rst b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Resource IDs.rst
index 69fa19d..0d1093b 100644
--- a/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Resource IDs.rst
+++ b/docs/Chapter5/Heat/ONAP Heat Resource ID and Parameter Naming Convention/Resource IDs.rst
@@ -131,7 +131,7 @@ Heat Orchestration Template resources are described in :ref:`resources`.
When a VNF's Heat Orchestration Template's Resource ID contains an
``{index}``, the ``{index}`` is a numeric value that **MUST** start at
- zero and **MUST** increment by one.
+ zero and **MUST** increment by one.
As stated in R-16447,
*a VNF's <resource ID> MUST be unique across all Heat
@@ -139,7 +139,7 @@ Heat Orchestration Template resources are described in :ref:`resources`.
Nested YAML files that are used to create the VNF*. While the ``{index}``
will start at zero in the VNF, the ``{index}`` may not start at zero
in a given Heat Orchestration Template or HEAT Orchestration Template
- Nested YAML file.
+ Nested YAML file.
OpenStack Heat Resources Resource ID Naming Convention
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
diff --git a/docs/Chapter5/Tosca.rst b/docs/Chapter5/Tosca.rst
index e3d6102..79c6ad2 100644
--- a/docs/Chapter5/Tosca.rst
+++ b/docs/Chapter5/Tosca.rst
@@ -75,7 +75,7 @@ protocol, which supports multiple TOSCA template yaml files, and also
supports self-defined node or other extensions.
VNF or PNF CSAR Package
-^^^^^^^^^^^^^^^^^^^^^^
+^^^^^^^^^^^^^^^^^^^^^^^^
CSAR Overview
~~~~~~~~~~~~~~~~
@@ -185,7 +185,7 @@ VNF Package Contents
The VNF or PNF CSAR PACKAGE with TOSCA-Metadata **MUST** include following
additional keywords pointing to TOSCA files:
-
+
- ETSI-Entry-Manifest
- ETSI-Entry-Change-Log
@@ -683,7 +683,7 @@ Relationship Types
The PNFD provided by a PNF vendor **MUST** comply with the following
Relationship Types as specified in ETSI NFV-SOL001 standard:
-
+
- tosca.datatypes.nfv.VirtualLinksTo
diff --git a/docs/Chapter7/Configuration-Management.rst b/docs/Chapter7/Configuration-Management.rst
index e7e36bf..e728871 100755
--- a/docs/Chapter7/Configuration-Management.rst
+++ b/docs/Chapter7/Configuration-Management.rst
@@ -59,8 +59,8 @@ the VNF or PNF.
``ConfigModify``: The APPC client is requesting a configuration
update to a subset of the total configuration parameters of an VNF or PNF or to
apply customer specific configurations. The configuration update is
-typically done while the VNF or PNF is in service and should not disrupt traffic.
-This command requires exclusive access rights of the VNF or PNF.
+typically done while the VNF or PNF is in service and should not disrupt
+traffic. This command requires exclusive access rights of the VNF or PNF.
``ConfigBackup``: The APPC client is requesting a backup of the
configuration parameters where the parameters are stored on the VNF or PNF.
@@ -76,12 +76,13 @@ exclusive access rights of the VNF or PNF.
the configuration parameters to the VNF or PNF that were saved by ConfigBackup
command. This command is typically requested as part of an orchestration
flow for scenarios such as a software upgrade where the software upgrade
-may have failed and the VNF or PNF needs to be rolled back to the prior configuration.
-When the ConfigRestore command is executed, the VNF or PNF configuration parameters
-which were backed to persistent preserved storage are applied to the VNF or PNF
-(replacing existing parameters). The ConfigRestore is typically done while
-the VNF or PNF is not in service (i.e., in a maintenance state). This command
-requires exclusive access rights of the VNF or PNF.
+may have failed and the VNF or PNF needs to be rolled back to the prior
+configuration.
+When the ConfigRestore command is executed, the VNF or PNF configuration
+parameters which were backed to persistent preserved storage are applied to the
+VNF or PNF (replacing existing parameters). The ConfigRestore is typically done
+while the VNF or PNF is not in service (i.e., in a maintenance state). This
+command requires exclusive access rights of the VNF or PNF.
``ConfigScaleOut``: The APPC/SDN-C client is requesting that a configuration
be applied after the VNF instance has been scaled out (i.e., one or more
@@ -149,7 +150,8 @@ Lifecycle Management Related Commands
**The following commands are needed to support various lifecycle management
flows where the VNF may need to be removed for service.**
-Full details on the APIs can be found in the :doc:`APPC LCM API Guide <../../../../appc.git/docs/APPC LCM API Guide/APPC LCM API Guide>`
+Full details on the APIs can be found in the
+:doc:`APPC LCM API Guide <../../../../appc.git/docs/APPC LCM API Guide/APPC LCM API Guide>`
``DistributeTraffic`` The APPC/SDN-C client is requesting a change to
traffic distribution (redistribution) done by a traffic balancing/distribution
@@ -164,12 +166,12 @@ command may need to follow traffic distribution changes (assigning weight 0
or very low weight to VNF instance). The VNF application remains in an active
state.
-``QuiesceTraffic`` The APPC/SDN-C client is requesting the VNF or PNF gracefully
-stop traffic (aka block and drain traffic). The method for quiescing traffic
-is specific to the VNF or PNF architecture. The action is completed when all
-(in-flight transactions) traffic has stopped. The VNF or PNF remains in an active
-state where the VNF or PNF is able to process traffic (initiated using the
-ResumeTraffic action).
+``QuiesceTraffic`` The APPC/SDN-C client is requesting the VNF or PNF
+gracefully stop traffic (aka block and drain traffic). The method for quiescing
+traffic is specific to the VNF or PNF architecture. The action is completed
+when all (in-flight transactions) traffic has stopped. The VNF or PNF remains
+in an active state where the VNF or PNF is able to process traffic (initiated
+using the ResumeTraffic action).
``ResumeTraffic``: The APPC/SDN-C client is requesting the VNF or PNF resume
processing traffic. The method to resume traffic is specific to the VNF or PNF
@@ -181,12 +183,12 @@ This is equivalent to quiescing the traffic and then stopping the application
processes. The processes can be restarted using the StartApplication command.
``StartApplication``: The APPC client is requesting that the application
-running on the VNF or PNF is started. Get ready to process traffic. Traffic processing
-can be resumed using the ResumeTraffic command.
+running on the VNF or PNF is started. Get ready to process traffic.
+Traffic processing can be resumed using the ResumeTraffic command.
**The following commands are needed to support software upgrades, in-place or
-other type of software upgrade. The VNF or PNF instance may be removed from service
-for the upgrade.**
+other type of software upgrade. The VNF or PNF instance may be removed from
+service for the upgrade.**
``UpgradePrecheck``: The APPC/SDN-C client is requesting a confirmation that
the VNF or PNF can (and needs to) be upgraded to a specific software version
@@ -199,17 +201,17 @@ software upgrade be performed on the VNF or PNF. The software to be applied is
pre-loaded to a specified location.
``UpgradePostCheck``: The APPC/SDN-C client is requesting a confirmation that
-the VNF or PNF software upgrade has been completed successfully (VNF or PNF upgraded to
-the new software version). Checking software installed and running on the VNF or PNF
-matches software version, of the newly upgraded software, is one of the
-recommended checks.
+the VNF or PNF software upgrade has been completed successfully (VNF or PNF
+upgraded to the new software version). Checking software installed and running
+on the VNF or PNF matches software version, of the newly upgraded software, is
+one of the recommended checks.
-``UpgradeBackup``: The APPC/SDN-C client is requesting that the VNF or PNF is backed
-up prior to the UpgradeSoftware.
+``UpgradeBackup``: The APPC/SDN-C client is requesting that the VNF or PNF is
+backed up prior to the UpgradeSoftware.
-``UpgradeBackOut``: The APPC/SDN-C client is requesting that the VNF or PNF upgrade
-is backed out (in the event that the SoftwareUpgrade or UpgradePostCheck
-failed).
+``UpgradeBackOut``: The APPC/SDN-C client is requesting that the VNF or PNF
+upgrade is backed out (in the event that the SoftwareUpgrade or
+UpgradePostCheck failed).
.. req::
:id: R-328086
@@ -298,15 +300,16 @@ HealthCheck and Failure Related Commands
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
``HealthCheck`` The APPC/SDN-C client is requesting a health check over the
-entire scope of the VNF or PNF. The VNF or PNF must be 100% healthy, ready to take requests
-and provide services, with all VNF or PNF required capabilities ready to provide
-services and with all active and standby resources fully ready with no open
-MINOR, MAJOR or CRITICAL alarms. This is expected to be the default in the
-event that no parameter is passed to the Healthcheck playbook, cookbook, etc.
-
-Some VNFs or PNFs may support and desire to run partial healthchecks and receive a
-successful response when partial health check completes without errors.
-The parameter name used by HealthCheck playbook to request non-default
+entire scope of the VNF or PNF. The VNF or PNF must be 100% healthy, ready to
+take requests and provide services, with all VNF or PNF required capabilities
+ready to provide services and with all active and standby resources fully ready
+with no open MINOR, MAJOR or CRITICAL alarms. This is expected to be the
+default in the event that no parameter is passed to the Healthcheck playbook,
+cookbook, etc.
+
+Some VNFs or PNFs may support and desire to run partial healthchecks and
+receive a successful response when partial health check completes without
+errors. The parameter name used by HealthCheck playbook to request non-default
partial health check is healthcheck_type. Example of health check types
could be healthcheck_type=GuestOS, healthcheck_type=noDB,
healthcheck_type=noConnections, healthcheck_type=IgnoreAlarms, etc..
@@ -334,8 +337,8 @@ APPC/SDN-C are designed to support a standard set of protocols in
order to communicate with the VNF or PNF instance. The supported protocols are
NETCONF, Ansible, Chef, and REST.
-NETCONF and REST require the VNF or PNF to implement a server which supports the RPC
-or REST calls.
+NETCONF and REST require the VNF or PNF to implement a server which supports
+the RPC or REST calls.
Ansible and Chef require the use of a Ansible or Chef server which communicates
with the APPC/SDN-C (northbound) and the VNF or PNF VM's (southbound).
@@ -366,7 +369,7 @@ NETCONF server supporting NETCONF APIs to comply with target ONAP and
industry standards.
VNF or PNF Configuration via NETCONF Requirements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Configuration Management
+++++++++++++++++++++++++++
@@ -762,8 +765,8 @@ NETCONF Server Requirements
:keyword: MUST
The VNF or PNF **MUST** support all operations, administration and
- management (OAM) functions available from the supplier for VNFs or PNFs using
- the supplied YANG code and associated NETCONF servers.
+ management (OAM) functions available from the supplier for VNFs or PNFs
+ using the supplied YANG code and associated NETCONF servers.
.. req::
:id: R-60656
@@ -986,13 +989,13 @@ REST APIs
:keyword: MUST
The VNF or PNF **MUST** support the HealthCheck RPC. The HealthCheck
- RPC executes a VNF or PNF Provider-defined VNF or PNF HealthCheck over the scope of
- the entire VNF or PNF (e.g., if there are multiple VNFCs, then run a health check,
- as appropriate, for all VNFCs). It returns a 200 OK if the test completes.
- A JSON object is returned indicating state (healthy, unhealthy), scope
- identifier, time-stamp and one or more blocks containing info and fault
- information. If the VNF or PNF is unable to run the HealthCheck, return a
- standard http error code and message.
+ RPC executes a VNF or PNF Provider-defined VNF or PNF HealthCheck over the
+ scope of the entire VNF or PNF (e.g., if there are multiple VNFCs, then
+ run a health check, as appropriate, for all VNFCs). It returns a 200 OK if
+ the test completes. A JSON object is returned indicating state (healthy,
+ unhealthy), scope identifier, time-stamp and one or more blocks containing
+ info and fault information. If the VNF or PNF is unable to run the
+ HealthCheck, return a standard http error code and message.
Examples of responses when HealthCheck runs and is able to provide a healthy
or unhealthy response:
@@ -1040,7 +1043,7 @@ Chef-Client and Push Jobs Client on the VNF or PNF
(https://downloads.chef.io/).
VNF or PNF Configuration via Chef Requirements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Chef Client Requirements
+++++++++++++++++++++++++
@@ -1090,8 +1093,8 @@ Chef Roles/Requirements
:keyword: MUST
The VNF or PNF Package **MUST** include all relevant Chef artifacts
- (roles/cookbooks/recipes) required to execute VNF or PNF actions requested by
- ONAP for loading on appropriate Chef Server.
+ (roles/cookbooks/recipes) required to execute VNF or PNF actions requested
+ by ONAP for loading on appropriate Chef Server.
.. req::
:id: R-26567
@@ -1112,7 +1115,8 @@ Chef Roles/Requirements
:keyword: MUST NOT
The VNF or PNF **MUST NOT** use any instance specific parameters
- for the VNF or PNF in roles/cookbooks/recipes invoked for a VNF or PNF action.
+ for the VNF or PNF in roles/cookbooks/recipes invoked for a VNF or PNF
+ action.
.. req::
:id: R-37929
@@ -1149,8 +1153,8 @@ Chef Roles/Requirements
The VNF or PNF **MUST** populate an attribute, defined as node
['PushJobOutput'] with the desired output on all nodes in the push job
- that execute chef-client run if the VNF or PNF action requires the output of a
- chef-client run be made available (e.g., get running configuration).
+ that execute chef-client run if the VNF or PNF action requires the output
+ of a chef-client run be made available (e.g., get running configuration).
.. req::
:id: R-30654
@@ -1159,7 +1163,8 @@ Chef Roles/Requirements
The VNF or PNF Package **MUST** have appropriate cookbooks that are
designed to automatically 'rollback' to the original state in case of
- any errors for actions that change state of the VNF or PNF (e.g., configure).
+ any errors for actions that change state of the VNF or PNF (e.g.,
+ configure).
.. req::
:id: R-65755
@@ -1259,11 +1264,11 @@ of 'playbooks' over ssh. The 'playbooks' are a structured set of
tasks which contain all the necessary resources and execution capabilities
to take the necessary action on one or more target VMs (and/or VNFCs)
of the VNF. ONAP will utilize the framework of an Ansible Server that
-will host all Ansible artifacts and run playbooks to manage VNFs or PNFs that support
-Ansible.
+will host all Ansible artifacts and run playbooks to manage VNFs or PNFs that
+support Ansible.
VNF or PNF Configuration via Ansible Requirements
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ansible Client Requirements
+++++++++++++++++++++++++++++
@@ -1305,16 +1310,16 @@ Ansible Client Requirements
:keyword: MUST
:updated: casablanca
- The VNF or PNF **MUST** load the Ansible Server SSH public key onto VNF or PNF
- VM(s) /root/.ssh/authorized_keys as part of instantiation. Alternative,
- is for Ansible Server SSH public key to be loaded onto VNF or PNF VM(s) under
- /home/<Mechanized user ID>/.ssh/authorized_keys as part of instantiation,
- when a Mechanized user ID is created during instantiation, and Configure
- and all playbooks are designed to use a mechanized user ID only for
- authentication (never using root authentication during Configure playbook
- run). This will allow the Ansible Server to authenticate to perform
- post-instantiation configuration without manual intervention and without
- requiring specific VNF or PNF login IDs and passwords.
+ The VNF or PNF **MUST** load the Ansible Server SSH public key onto VNF or
+ PNF VM(s) /root/.ssh/authorized_keys as part of instantiation. Alternative,
+ is for Ansible Server SSH public key to be loaded onto VNF or PNF VM(s)
+ under /home/<Mechanized user ID>/.ssh/authorized_keys as part of
+ instantiation, when a Mechanized user ID is created during instantiation,
+ and Configure and all playbooks are designed to use a mechanized user ID
+ only for authentication (never using root authentication during Configure
+ playbook run). This will allow the Ansible Server to authenticate to
+ perform post-instantiation configuration without manual intervention and
+ without requiring specific VNF or PNF login IDs and passwords.
*CAUTION*: For VNFs or PNFs configured using Ansible, to eliminate the need
for manual steps, post-instantiation and pre-configuration, to
@@ -1341,8 +1346,8 @@ Ansible Client Requirements
:keyword: MUST
:introduced: casablanca
- The VNF or PNF **MUST** permit authentication, using root account, only right
- after instantiation and until post-instantiation configuration is
+ The VNF or PNF **MUST** permit authentication, using root account, only
+ right after instantiation and until post-instantiation configuration is
completed.
.. req::
@@ -1352,7 +1357,7 @@ Ansible Client Requirements
:introduced: casablanca
The VNF or PNF **MUST** provide the ability to remove root access once
- post-instantiation configuration (Configure) is completed.
+ post-instantiation configuration (Configure) is completed.
.. req::
:id: R-91745
@@ -1373,8 +1378,8 @@ Ansible Client Requirements
:keyword: MUST
:introduced: casablanca
- The VNF or PNF **MUST** provide the ability to include a "from=" clause in SSH
- public keys associated with mechanized user IDs created for an Ansible
+ The VNF or PNF **MUST** provide the ability to include a "from=" clause in
+ SSH public keys associated with mechanized user IDs created for an Ansible
Server cluster to use for VNF or PNF VM authentication.
.. req::
@@ -1386,7 +1391,7 @@ Ansible Client Requirements
The VNF or PNF **MUST** define the "from=" clause to provide the list of IP
addresses of the Ansible Servers in the Cluster, separated by coma, to
restrict use of the SSH key pair to elements that are part of the Ansible
- Cluster owner of the issued and assigned mechanized user ID.
+ Cluster owner of the issued and assigned mechanized user ID.
.. req::
:id: R-94567
@@ -1394,9 +1399,9 @@ Ansible Client Requirements
:keyword: MUST
:introduced: casablanca
- The VNF or PNF **MUST** provide Ansible playbooks that are designed to run using
- an inventory hosts file in a supported format with only IP addresses or
- IP addresses and VM/VNF or PNF names.
+ The VNF or PNF **MUST** provide Ansible playbooks that are designed to run
+ using an inventory hosts file in a supported format with only IP addresses
+ or IP addresses and VM/VNF or PNF names.
.. req::
:id: R-67124
@@ -1404,10 +1409,10 @@ Ansible Client Requirements
:keyword: MUST
:introduced: casablanca
- The VNF or PNF **MUST** provide Ansible playbooks that are designed to run using
- an inventory hosts file in a supported format; with group names matching
- VNFC 3-character string adding "vip" for groups with virtual IP addresses
- shared by multiple VMs as seen in examples provided in Appendix.
+ The VNF or PNF **MUST** provide Ansible playbooks that are designed to run
+ using an inventory hosts file in a supported format; with group names
+ matching VNFC 3-character string adding "vip" for groups with virtual IP
+ addresses shared by multiple VMs as seen in examples provided in Appendix.
.. req::
:id: R-24482
@@ -1415,10 +1420,10 @@ Ansible Client Requirements
:keyword: MUST
:introduced: casablanca
- The VNF or PNF **MUST** provide Ansible playbooks that are designed to run using
- an inventory hosts file in a supported format; with site group that shall
- be used to add site specific configurations to the target VNF or PNF VM(s) as
- needed.
+ The VNF or PNF **MUST** provide Ansible playbooks that are designed to run
+ using an inventory hosts file in a supported format; with site group that
+ shall be used to add site specific configurations to the target VNF or PNF
+ VM(s) as needed.
Ansible Playbook Requirements
+++++++++++++++++++++++++++++++
@@ -1434,7 +1439,7 @@ complete the desired action.
:introduced: casablanca
The VNF or PNF **MUST** support Ansible playbooks that are compatible with
- Ansible version 2.6 or later.
+ Ansible version 2.6 or later.
.. req::
:id: R-40293
@@ -1451,9 +1456,9 @@ complete the desired action.
:updated: casablanca
The VNF or PNF **MUST** support each APPC/SDN-C VNF or PNF action
- by invocation of **one** playbook [#7.3.4]_. The playbook will be responsible
- for executing all necessary tasks (as well as calling other playbooks)
- to complete the request.
+ by invocation of **one** playbook [#7.3.4]_. The playbook will be
+ responsible for executing all necessary tasks (as well as calling other
+ playbooks) to complete the request.
.. req::
:id: R-33280
@@ -1469,18 +1474,18 @@ complete the desired action.
:keyword: MUST
:updated: casablanca
- The VNF or PNF **MUST** utilize information from key value pairs that will be
- provided by the Ansible Server as "extra-vars" during invocation to
- execute the desired VNF or PNF action. The "extra-vars" attribute-value pairs
- are passed to the Ansible Server by an APPC/SDN-C as part of the
+ The VNF or PNF **MUST** utilize information from key value pairs that will
+ be provided by the Ansible Server as "extra-vars" during invocation to
+ execute the desired VNF or PNF action. The "extra-vars" attribute-value
+ pairs are passed to the Ansible Server by an APPC/SDN-C as part of the
Rest API request. If the playbook requires files, they must also be
supplied using the methodology detailed in the Ansible Server API, unless
they are bundled with playbooks, example, generic templates. Any files
containing instance specific info (attribute-value pairs), not obtainable
from any ONAP inventory databases or other sources, referenced and used an
input by playbooks, shall be provisioned (and distributed) in advance of
- use, e.g., VNF or PNF instantiation. Recommendation is to avoid these instance
- specific, manually created in advance of instantiation, files.
+ use, e.g., VNF or PNF instantiation. Recommendation is to avoid these
+ instance specific, manually created in advance of instantiation, files.
The Ansible Server will determine if a playbook invoked to execute an
VNF or PNF action finished successfully or not using the "PLAY_RECAP" summary
@@ -1508,14 +1513,14 @@ will be considered to have failed.
:keyword: MUST
:updated: casablanca
- The VNF or PNF **MUST** write to a response file in JSON format that will be
- retrieved and made available by the Ansible Server if, as part of a VNF or PNF
- action (e.g., audit), a playbook is required to return any VNF or PNF
- information/response. The text files must be written in the main playbook
- home directory, in JSON format. The JSON file must be created for the VNF or PNF
- with the name '<VNF or PNF name>_results.txt'. All playbook output results, for
- all VNF or PNF VMs, to be provided as a response to the request, must be written
- to this response file.
+ The VNF or PNF **MUST** write to a response file in JSON format that will
+ be retrieved and made available by the Ansible Server if, as part of a VNF
+ or PNF action (e.g., audit), a playbook is required to return any VNF or
+ PNF information/response. The text files must be written in the main
+ playbook home directory, in JSON format. The JSON file must be created for
+ the VNF or PNF with the name '<VNF or PNF name>_results.txt'. All playbook
+ output results, for all VNF or PNF VMs, to be provided as a response to the
+ request, must be written to this response file.
.. req::
:id: R-51442
@@ -1572,8 +1577,8 @@ will be considered to have failed.
:keyword: MUST
:updated: casablanca
- The VNF or PNF **MUST** return control from Ansible Playbooks only after all
- tasks performed by playbook are fully complete, signaling that the
+ The VNF or PNF **MUST** return control from Ansible Playbooks only after
+ all tasks performed by playbook are fully complete, signaling that the
playbook completed all tasks. When starting services, return control
only after all services are up. This is critical for workflows where
the next steps are dependent on prior tasks being fully completed.
@@ -1581,12 +1586,12 @@ will be considered to have failed.
Detailed examples:
``StopApplication Playbook`` – StopApplication Playbook shall return control
-and a completion status response only after VNF or PNF application is fully stopped,
-all processes/services stopped.
+and a completion status response only after VNF or PNF application is fully
+stopped, all processes/services stopped.
``StartApplication Playbook`` – StartApplication Playbook shall return control
-and a completion status only after all VNF or PNF application services are fully up,
-all processes/services started and ready to provide services.
+and a completion status only after all VNF or PNF application services are
+fully up, all processes/services started and ready to provide services.
**NOTE**: Start Playbook should not be declared complete/done after starting
one or several processes that start the other processes.
@@ -1594,20 +1599,21 @@ one or several processes that start the other processes.
HealthCheck Playbook:
SUCCESS – HealthCheck success shall be returned (return code 0) by a
-Playbook or Cookbook only when VNF or PNF is 100% healthy, ready to take requests
-and provide services, with all VNF or PNF required capabilities ready to provide
-services and with all active and standby resources fully ready with no
-open MINOR, MAJOR or CRITICAL alarms.
+Playbook or Cookbook only when VNF or PNF is 100% healthy, ready to take
+requests and provide services, with all VNF or PNF required capabilities ready
+to provide services and with all active and standby resources fully ready with
+no open MINOR, MAJOR or CRITICAL alarms.
NOTE: In some cases, a switch may need to be turned on, but a VNF or PNF
reported as healthy, should be ready to take service requests or be
already processing service requests successfully.
A successful execution of a health-check playbook shall create one response
-file (per VNF or PNF) in JSON format, named after the VNF or PNF instance, followed by
-"_results.txt" (<VNF or PNF instance name>_results.txt) to be provided as a response
-to the requestor, indicating health-check was executed and completed
-successfully, example: vfdb9904v_results.txt, with the following contents:
+file (per VNF or PNF) in JSON format, named after the VNF or PNF instance,
+followed by "_results.txt" (<VNF or PNF instance name>_results.txt) to be
+provided as a response to the requestor, indicating health-check was executed
+and completed successfully, example: vfdb9904v_results.txt, with the following
+contents:
.. code-block:: java
@@ -1632,18 +1638,18 @@ Example:
**NOTE**: See section 7.3.1.4 for comments on support of partial health checks.
FAILURE – A health check playbook shall return a non-zero return code in
-case VNF or PNF is not 100% healthy because one or more VNF or PNF application processes
-are stopped or not ready to take service requests or because critical or
-non-critical resources are not ready or because there are open MINOR, MAJOR
+case VNF or PNF is not 100% healthy because one or more VNF or PNF application
+processes are stopped or not ready to take service requests or because critical
+or non-critical resources are not ready or because there are open MINOR, MAJOR
or CRITICAL traps/alarms or because there are issues with the VNF or PNF that
need attention even if they do not impact services provided by the VNF or PNF.
A failed health-check playbook shall also create one file (per VNF or PNF), in
-JSON format, named after the VNF or PNF instance name, followed by "_results.txt"
-to indicate health-check was executed and found issues in the health of
-the VNF or PNF. This is to differentiate from failure to run health-check playbook
-or playbook tasks to verify the health of the VNF or PNF,
-example: vfdb9904v_results.txt, with the following contents:
+JSON format, named after the VNF or PNF instance name, followed by
+"_results.txt" to indicate health-check was executed and found issues in the
+health of the VNF or PNF. This is to differentiate from failure to run
+health-check playbook or playbook tasks to verify the health of the VNF or
+PNF, example: vfdb9904v_results.txt, with the following contents:
.. code-block:: java
@@ -1680,9 +1686,9 @@ Example:
See `VNF or PNF REST APIs`_ for additional details on HealthCheck.
-Some VNFs or PNFs may support and desire to run partial health checks and receive
-a successful response when partial health check completes without errors.
-The parameter name used by HealthCheck playbook to request non-default
+Some VNFs or PNFs may support and desire to run partial health checks and
+receive a successful response when partial health check completes without
+errors. The parameter name used by HealthCheck playbook to request non-default
partial health check is healthcheck_type. Example of health check types
could be healthcheck_type=GuestOS, healthcheck_type=noDB,
healthcheck_type=noConnections, healthcheck_type=IgnoreAlarms, etc.. This
@@ -1698,9 +1704,9 @@ performs a full VNF or PNF health check.
:keyword: SHOULD
:introduced: casablanca
- The VNF or PNF provider **MUST** deliver a new set of playbooks that includes
- all updated and unchanged playbooks for any new revision to an existing
- set of playbooks.
+ The VNF or PNF provider **MUST** deliver a new set of playbooks that
+ includes all updated and unchanged playbooks for any new revision to an
+ existing set of playbooks.
.. req::
:id: R-49911
@@ -1750,28 +1756,28 @@ Table 8. APPC/SDN-C APIs and NETCONF Commands
+-------------+--------------------+--------------------+--------------------+
|**Command** |**NETCONF Support** |**Chef Support** |**Ansible** |
+=============+====================+====================+====================+
-|General |For each RPC, the |VNF or PNF Vendor must |VNF Vendor must |
-|Comments |appropriate RPC |provide any |provide an Ansible |
+|General |For each RPC, the |VNF or PNF Vendor |VNF Vendor must |
+|Comments |appropriate RPC |must provide any |provide an Ansible |
| |operation is listed.|necessary roles, |playbook to retrieve|
| | |cookbooks, recipes |the running |
| | |to retrieve the |configuration from a|
| | |running |VNF and place the |
| | |configuration from |output on the |
-| | |a VNF or PNF and place it |Ansible server in |
-| | |in the respective |a manner aligned |
-| | |Node Objects |with playbook |
-| | |'PushJobOutput' |requirements listed |
-| | |attribute of all |in this document. |
-| | |nodes in NodeList | |
-| | |when triggered |The PlaybookName |
-| | |by a chef-client |must be provided |
-| | |run. |in the JSON file. |
+| | |a VNF or PNF and |Ansible server in |
+| | |place it in the |a manner aligned |
+| | |respective Node |with playbook |
+| | |Objects |requirements listed |
+| | |'PushJobOutput' |in this document. |
+| | |attribute of all | |
+| | |nodes in NodeList |The PlaybookName |
+| | |when triggered by a |must be provided |
+| | |chef-client run. |in the JSON file. |
| | | | |
| | |The JSON file for |NodeList must list |
-| | |this VNF or PNF action is |IP addresses or DNS |
-| | |required to set |supported FQDNs of |
-| | |"PushJobFlag" to |an example VNF |
-| | |"True" and |on which to |
+| | |this VNF or PNF |IP addresses or DNS |
+| | |action is required |supported FQDNs of |
+| | |to set "PushJobFlag"|an example VNF |
+| | |to "True" and |on which to |
| | |"GetOutputFlag" to |execute playbook. |
| | |"True". The "Node" | |
| | |JSON dictionary | |
@@ -1802,8 +1808,8 @@ Table 8. APPC/SDN-C APIs and NETCONF Commands
+-------------+--------------------+--------------------+--------------------+
|Configure, |The <edit-config> |Supported via a |Supported via a |
|ModifyConfig |operation loads all |cookbook that |playbook that |
-| |or part of a |updates the VNF or PNF |updates the VNF |
-| |specified data set |configuration. |configuration. |
+| |or part of a |updates the VNF or |updates the VNF |
+| |specified data set |PNF configuration. |configuration. |
| |to the specified | | |
| |target database. If | | |
| |there is no | | |
diff --git a/docs/Chapter7/Monitoring-And-Management.rst b/docs/Chapter7/Monitoring-And-Management.rst
index a0aa58e..2b85a19 100755
--- a/docs/Chapter7/Monitoring-And-Management.rst
+++ b/docs/Chapter7/Monitoring-And-Management.rst
@@ -62,11 +62,11 @@ While this document is focused on specifying some of the records from the
ONAP perspective, there may be other external bodies using the same framework
to specify additional records. For example, OPNFV has a VES project that is
looking to specify records for OpenStack's internal telemetry to manage
-application (VNFs or PNFs), physical and virtual infrastructure (compute, storage,
-network devices, etc.) and virtual infrastructure managers (cloud controllers,
-SDN controllers). It uses ONAP's VES Agent to generate VES events from the NF
-and Intel's collectD agent to generate infrastructure VES events. Note that
-any configurable parameters for these data records (e.g., frequency,
+application (VNFs or PNFs), physical and virtual infrastructure (compute,
+storage, network devices, etc.) and virtual infrastructure managers (cloud
+controllers, SDN controllers). It uses ONAP's VES Agent to generate VES events
+from the NF and Intel's collectD agent to generate infrastructure VES events.
+Note that any configurable parameters for these data records (e.g., frequency,
granularity, policy-based configuration) will be managed using the
"Configuration" framework described in the prior sections of this document.
The infrastructure metrics have been funneled via the ONAP Multi-VIM Project
@@ -402,22 +402,22 @@ minimizing changes to data delivery.
:introduced: casablanca
:updated: dublin
- The VNF or PNF **MUST** deliver event records to ONAP using the common transport
- mechanisms and protocols defined in this specification.
+ The VNF or PNF **MUST** deliver event records to ONAP using the common
+ transport mechanisms and protocols defined in this specification.
The term 'Event Record' is used throughout this document to represent various
forms of telemetry or instrumentation made available by the VNFs or PNFs
-including, faults, status events, various other types of VNF or PNF measurements
-and logs.
+including, faults, status events, various other types of VNF or PNF
+measurements and logs.
Common structures and delivery protocols for other types of data will be given
in future versions of this document as we gain more insight into data volumes
and required processing.
In the following sections, we provide options for encoding, serialization and
-data delivery. Agreements between Service Providers and VNF or PNF providers determine
-which encoding, serialization and delivery method to use for particular
-data sets.
+data delivery. Agreements between Service Providers and VNF or PNF providers
+determine which encoding, serialization and delivery method to use for
+particular data sets.
.. req::
:id: R-932071
diff --git a/docs/Chapter7/PNF-Plug-and-Play.rst b/docs/Chapter7/PNF-Plug-and-Play.rst
index a8167d3..e1dbbbe 100644
--- a/docs/Chapter7/PNF-Plug-and-Play.rst
+++ b/docs/Chapter7/PNF-Plug-and-Play.rst
@@ -193,11 +193,11 @@ The following are the requirements related to PNF Plug and Play.
:introduced: casablanca
The PNF **MUST** support one of the protocols for a Service Configuration
- message exchange between the PNF and PNF Controller (in ONAP):
+ message exchange between the PNF and PNF Controller (in ONAP):
a) Netconf/YANG, b) Chef, or c) Ansible.
Note: The PNF Controller may be VF-C, APP-C or SDN-C based on the
- PNF and PNF domain.
+ PNF and PNF domain.
.. req::
:id: R-707977
diff --git a/docs/Chapter8/Ansible-JSON-Key-Value-Description.rst b/docs/Chapter8/Ansible-JSON-Key-Value-Description.rst
index 5dc5f4c..e78ce5c 100644
--- a/docs/Chapter8/Ansible-JSON-Key-Value-Description.rst
+++ b/docs/Chapter8/Ansible-JSON-Key-Value-Description.rst
@@ -61,7 +61,7 @@ Ansible JSON file example:
"fixed_ip_address": "1xx.2yy.zzz.105"
},
{
- "ne_id": "vfdb9904vm004rdb001",
+ "ne_id": "vfdb9904vm004rdb001",
"fixed_ip_address": "1xx.2yy.zzz.106"
}
]
diff --git a/docs/Chapter8/Ansible-Playbook-Examples.rst b/docs/Chapter8/Ansible-Playbook-Examples.rst
index edeeb28..365d41c 100644
--- a/docs/Chapter8/Ansible-Playbook-Examples.rst
+++ b/docs/Chapter8/Ansible-Playbook-Examples.rst
@@ -148,7 +148,7 @@ A&AI or other sources that still need to be created or edited manually,
in advance of VNF instantiation, shall be created under ``ansible/vars``
directory. Recommendation is to use JSON files, explicitly referenced by
the playbooks, for this purpose, example:
-``<VNF_instance_name>.json``.
+``<VNF_instance_name>.json``.
**Example of playbook task explicitly referencing a VNF instance specific json
file and loading the contents as global variables**:
@@ -231,7 +231,7 @@ One of the first tasks on the Ansible Playbooks is to combine the VNF
type generic templates, stored on the Ansible Server with playbooks, with
the overriding parameters passed down from APPC/SDN-C, to create the
VNF instance specific set of attribute-value pairs to be used for the run, in
-INI format.
+INI format.
Here is an excerpt from such a file that should look somewhat similar to ENV
files:
@@ -302,7 +302,7 @@ named after the VNF instance, as follows:
ansible/inventory/<VNF_instance_name>hosts
Example of inventory hosts file path, relative to ansible playbooks (ansible)
-root directory (playbooks_dir):
+root directory (playbooks_dir):
.. code-block:: text
@@ -465,7 +465,7 @@ APPC/SDN-C command name in lowercase):
- ``upgradesoftware`` – Contains VNF SW upgrade (UpgradeSoftware)
playbook(s), roles,...
-- ``upgradepostcheck`` – Contains VNF upgraded (new) SW version check
+- ``upgradepostcheck`` – Contains VNF upgraded (new) SW version check
(UpgradePostCheck) playbook(s), roles,...
- ``upgradebackout`` – Contains VNF (SoftwareUpgrade) back out
@@ -613,8 +613,8 @@ Server via Rest API as part of request:
"NodeList": [
{
- "vnfc_type": "oam",
- "ne_id_vip": "vfdb9904vm001oam001",
+ "vnfc_type": "oam",
+ "ne_id_vip": "vfdb9904vm001oam001",
"floating_ip_address_vip": "1xx.2yy.zzz.109",
"site": "wp0ny",
"vm_info": [
@@ -623,7 +623,7 @@ Server via Rest API as part of request:
"fixed_ip_address": "1xx.2yy.zzz.109"
},
{
- "ne_id": "vfdb9904vm002oam001",
+ "ne_id": "vfdb9904vm002oam001",
"fixed_ip_address": "1xx.2yy.zzz.110"
}
]
@@ -633,11 +633,11 @@ Server via Rest API as part of request:
"site": "wp0ny",
"vm_info": [
{
- "ne_id": "vfdb9904vm003rdb001",
+ "ne_id": "vfdb9904vm003rdb001",
"fixed_ip_address": "1xx.2yy.zzz.105"
},
{
- "ne_id": "vfdb9904vm004rdb001",
+ "ne_id": "vfdb9904vm004rdb001",
"fixed_ip_address": "1xx.2yy.zzz.106"
}
]
@@ -670,8 +670,8 @@ With no names, only IP addresses, template "InventoryNames": "None" (Default)
oam
rdb
-With VM names and IP addresses, template inventory names setting "InventoryNames":
-"VM"
+With VM names and IP addresses, template inventory names setting
+"InventoryNames": "VM"
.. code-block:: text
@@ -684,7 +684,7 @@ With VM names and IP addresses, template inventory names setting "InventoryNames
[oam]
vfdb9904vm001 ansible_host=1xx.2yy.zzz.109
- vfdb9904vm002 ansible_host=1xx.2yy.zzz.110
+ vfdb9904vm002 ansible_host=1xx.2yy.zzz.110
[rdb]
vfdb9904vm003 ansible_host=1xx.2yy.zzz.105
@@ -815,7 +815,7 @@ VNFC (VM) type, plus "vip" string, example of such a group name "oamvip".
.. code-block:: text
$ mkdir –p vars/vfdb9904v.json
- $
+ $
$ cat vfdb9904v.json
...
{
diff --git a/docs/changes-by-section-casablanca.rst b/docs/changes-by-section-casablanca.rst
index 0330d54..76dfb86 100644
--- a/docs/changes-by-section-casablanca.rst
+++ b/docs/changes-by-section-casablanca.rst
@@ -38,7 +38,7 @@ Configuration Management > Ansible Standards and Capabilities > xNF Configuratio
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-24482`
@@ -47,7 +47,7 @@ Requirements Added
an inventory hosts file in a supported format; with site group that shall
be used to add site specific configurations to the target xNF VM(s) as
needed.
-
+
.. container:: note
@@ -57,7 +57,7 @@ Requirements Added
addresses of the Ansible Servers in the Cluster, separated by coma, to
restrict use of the SSH key pair to elements that are part of the Ansible
Cluster owner of the issued and assigned mechanized user ID.
-
+
.. container:: note
@@ -67,7 +67,7 @@ Requirements Added
an inventory hosts file in a supported format; with group names matching
VNFC 3-character string adding "vip" for groups with virtual IP addresses
shared by multiple VMs as seen in examples provided in Appendix.
-
+
.. container:: note
@@ -76,7 +76,7 @@ Requirements Added
The xNF **MUST** provide the ability to include a "from=" clause in SSH
public keys associated with mechanized user IDs created for an Ansible
Server cluster to use for xNF VM authentication.
-
+
.. container:: note
@@ -85,7 +85,7 @@ Requirements Added
The xNF **MUST** provide Ansible playbooks that are designed to run using
an inventory hosts file in a supported format with only IP addresses or
IP addresses and VM/xNF names.
-
+
.. container:: note
@@ -94,7 +94,7 @@ Requirements Added
The xNF **MUST** permit authentication, using root account, only right
after instantiation and until post-instantiation configuration is
completed.
-
+
.. container:: note
@@ -102,11 +102,11 @@ Requirements Added
The xNF **MUST** provide the ability to remove root access once
post-instantiation configuration (Configure) is completed.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -117,7 +117,7 @@ Requirements Changed
xNF that playbooks will target. ONAP will initiate requests to the
Ansible Server for invocation of playbooks against these end
points [#7.3.3]_.
-
+
.. container:: note
@@ -129,7 +129,7 @@ Requirements Changed
**Note**: Ansible Server itself may be used to upload new SSH public
keys onto supported xNFs.
-
+
.. container:: note
@@ -151,7 +151,7 @@ Requirements Changed
upload of SSH public keys, SSH public keys loaded during (heat)
instantiation shall be preserved and not removed by (heat) embedded
(userdata) scripts.
-
+
.. container:: note
@@ -160,7 +160,7 @@ Requirements Changed
The xNF **MUST** support SSH and allow SSH access by the
Ansible server to the endpoint VM(s) and comply with the Network
Cloud Service Provider guidelines for authentication and access.
-
+
.. container:: note
@@ -172,7 +172,7 @@ Requirements Changed
instantiation to support Ansible. This may include creating Mechanized user
ID(s) used by the Ansible Server(s) on VNF VM(s) and uploading and
installing new SSH keys used by the mechanized use ID(s).
-
+
Configuration Management > Ansible Standards and Capabilities > xNF Configuration via Ansible Requirements > Ansible Playbook Requirements
------------------------------------------------------------------------------------------------------------------------------------------
@@ -180,7 +180,7 @@ Configuration Management > Ansible Standards and Capabilities > xNF Configuratio
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -189,7 +189,7 @@ Requirements Added
The xNF provider **MUST** deliver a new set of playbooks that includes
all updated and unchanged playbooks for any new revision to an existing
set of playbooks.
-
+
.. container:: note
@@ -197,7 +197,7 @@ Requirements Added
The xNF **MUST** support Ansible playbooks that are compatible with
Ansible version 2.6 or later.
-
+
.. container:: note
@@ -206,11 +206,11 @@ Requirements Added
The xNF provider **MUST** assign a new point release to the updated
playbook set. The functionality of a new playbook set must be tested before
it is deployed to the production.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -228,7 +228,7 @@ Requirements Changed
input by playbooks, shall be provisioned (and distributed) in advance of
use, e.g., xNF instantiation. Recommendation is to avoid these instance
specific, manually created in advance of instantiation, files.
-
+
.. container:: note
@@ -239,7 +239,7 @@ Requirements Changed
playbook completed all tasks. When starting services, return control
only after all services are up. This is critical for workflows where
the next steps are dependent on prior tasks being fully completed.
-
+
.. container:: note
@@ -255,7 +255,7 @@ Requirements Changed
on workflow to terminate and re-instantiate VNF VMs and then re-run
playbook(s)). Backing up updated files is also recommended to support
rollback when soft rollback is feasible.
-
+
.. container:: note
@@ -269,7 +269,7 @@ Requirements Changed
with the name '<xNF name>_results.txt'. All playbook output results, for
all xNF VMs, to be provided as a response to the request, must be written
to this response file.
-
+
.. container:: note
@@ -279,7 +279,7 @@ Requirements Changed
by invocation of **one** playbook [#7.3.4]_. The playbook will be responsible
for executing all necessary tasks (as well as calling other playbooks)
to complete the request.
-
+
.. container:: note
@@ -290,7 +290,7 @@ Requirements Changed
operations such as backing out of software upgrades, configuration
changes or other work as this will help backing out of configuration
changes when needed.
-
+
.. container:: note
@@ -309,7 +309,7 @@ Requirements Changed
models, that send remediation action requests to an APPC/SDN-C; these
are triggered as a response to an event or correlated events published
to Event Bus.
-
+
Configuration Management > Chef Standards and Capabilities > xNF Configuration via Chef Requirements > Chef Roles/Requirements
------------------------------------------------------------------------------------------------------------------------------
@@ -317,7 +317,7 @@ Configuration Management > Chef Standards and Capabilities > xNF Configuration v
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -329,7 +329,7 @@ Requirements Changed
(see Section 7.c, APPC/SDN-C APIs and Behavior, for list of xNF
actions and requirements), when triggered by a chef-client run list
in JSON file.
-
+
Configuration Management > Controller Interactions With xNF > Configuration Commands
------------------------------------------------------------------------------------
@@ -337,49 +337,49 @@ Configuration Management > Controller Interactions With xNF > Configuration Comm
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-20741`
The xNF **MUST** support APPC/SDN-C ``Configure`` command.
-
+
.. container:: note
:need:`R-94084`
The xNF **MUST** support APPC/SDN-C ``ConfigScaleOut`` command.
-
+
.. container:: note
:need:`R-32981`
The xNF **MUST** support APPC ``ConfigBackup`` command.
-
+
.. container:: note
:need:`R-48247`
The xNF **MUST** support APPC ``ConfigRestore`` command.
-
+
.. container:: note
:need:`R-56385`
The xNF **MUST** support APPC ``Audit`` command.
-
+
.. container:: note
:need:`R-19366`
The xNF **MUST** support APPC ``ConfigModify`` command.
-
+
Configuration Management > Controller Interactions With xNF > HealthCheck and Failure Related Commands
------------------------------------------------------------------------------------------------------
@@ -387,14 +387,14 @@ Configuration Management > Controller Interactions With xNF > HealthCheck and Fa
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-41430`
The xNF **MUST** support APPC/SDN-C ``HealthCheck`` command.
-
+
Configuration Management > Controller Interactions With xNF > Lifecycle Management Related Commands
---------------------------------------------------------------------------------------------------
@@ -402,7 +402,7 @@ Configuration Management > Controller Interactions With xNF > Lifecycle Manageme
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -411,74 +411,74 @@ Requirements Added
The xNF **MUST**, if serving as a distribution point or anchor point for
steering point from source to destination, support the ONAP Controller's
``DistributeTraffic`` command.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-12706`
The xNF **MUST** support APPC/SDN-C ``QuiesceTraffic`` command.
-
+
.. container:: note
:need:`R-49466`
The xNF **MUST** support APPC/SDN-C ``UpgradeSoftware`` command.
-
+
.. container:: note
:need:`R-82811`
The xNF **MUST** support APPC ``StartApplication`` command.
-
+
.. container:: note
:need:`R-07251`
The xNF **MUST** support APPC/SDN-C ``ResumeTraffic`` command.
-
+
.. container:: note
:need:`R-45856`
The xNF **MUST** support APPC/SDN-C ``UpgradePostCheck`` command.
-
+
.. container:: note
:need:`R-65641`
The xNF **MUST** support APPC/SDN-C ``UpgradeBackOut`` command.
-
+
.. container:: note
:need:`R-83146`
The xNF **MUST** support APPC ``StopApplication`` command.
-
+
.. container:: note
:need:`R-97343`
The xNF **MUST** support APPC/SDN-C ``UpgradeBackup`` command.
-
+
.. container:: note
:need:`R-19922`
The xNF **MUST** support APPC/SDN-C ``UpgradePrecheck`` command.
-
+
Configuration Management > NETCONF Standards and Capabilities > xNF Configuration via NETCONF Requirements > NETCONF Server Requirements
----------------------------------------------------------------------------------------------------------------------------------------
@@ -486,7 +486,7 @@ Configuration Management > NETCONF Standards and Capabilities > xNF Configuratio
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -495,7 +495,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``discard-changes()`` - Revert the candidate configuration
data store to the running configuration.
-
+
.. container:: note
@@ -504,7 +504,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``get-config(source, filter`` - Retrieve a (filtered subset of
a) configuration from the configuration data store source.
-
+
.. container:: note
@@ -513,7 +513,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``commit(confirmed, confirm-timeout)`` - Commit candidate
configuration data store to the running configuration.
-
+
.. container:: note
@@ -523,7 +523,7 @@ Requirements Changed
``edit-config(target, default-operation, test-option, error-option,
config)`` - Edit the target configuration data store by merging,
replacing, creating, or deleting new config elements.
-
+
.. container:: note
@@ -531,7 +531,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``lock(target)`` - Lock the configuration data store target.
-
+
.. container:: note
@@ -539,7 +539,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``close-session()`` - Gracefully close the current session.
-
+
.. container:: note
@@ -547,7 +547,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``kill-session(session``- Force the termination of **session**.
-
+
.. container:: note
@@ -555,7 +555,7 @@ Requirements Changed
The xNF **MUST** implement the protocol operation:
``unlock(target)`` - Unlock the configuration data store target.
-
+
.. container:: note
@@ -564,7 +564,7 @@ Requirements Changed
The xNF **SHOULD** implement the protocol operation:
``delete-config(target)`` - Delete the named configuration
data store target.
-
+
.. container:: note
@@ -573,7 +573,7 @@ Requirements Changed
The xNF **SHOULD** implement the protocol operation:
``copy-config(target, source)`` - Copy the content of the
configuration data store source to the configuration data store target.
-
+
Contrail Resource Parameters > Contrail Network Parameters > External Networks
------------------------------------------------------------------------------
@@ -581,7 +581,7 @@ Contrail Resource Parameters > Contrail Network Parameters > External Networks
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -596,7 +596,7 @@ Requirements Changed
* **MUST** be declared as type ``string``
* **MUST NOT** be enumerated in the VNF's Heat Orchestration Template's
Environment File
-
+
Heat > Cinder Volumes
---------------------
@@ -604,7 +604,7 @@ Heat > Cinder Volumes
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -614,7 +614,7 @@ Requirements Removed
"outputs" in the volume template for each Cinder volume
resource universally unique identifier (UUID) (i.e. ONAP
Volume Template Output Parameters).
-
+
Heat > Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata
--------------------------------------------------------------------------------------------------------
@@ -622,7 +622,7 @@ Heat > Heat Orchestration Template Format > Heat Orchestration Template Structur
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -630,7 +630,7 @@ Requirements Removed
A VNF's Heat Orchestration Template's OS::Nova::Server
resource **MUST** contain the attribute "metadata".
-
+
Heat > Heat Template Constructs > Heat Files Support (get_file)
---------------------------------------------------------------
@@ -638,7 +638,7 @@ Heat > Heat Template Constructs > Heat Files Support (get_file)
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -646,7 +646,7 @@ Requirements Removed
When using the intrinsic function get_file, the included files
**MUST** have unique file names within the scope of the VNF.
-
+
Heat > Heat Template Constructs > Nested Heat Template Requirements
-------------------------------------------------------------------
@@ -654,7 +654,7 @@ Heat > Heat Template Constructs > Nested Heat Template Requirements
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -662,7 +662,7 @@ Requirements Removed
The VNF Heat Orchestration Template **MUST** have unique
file names within the scope of the VNF for a nested heat yaml file.
-
+
Heat > Networking > External Networks
-------------------------------------
@@ -670,7 +670,7 @@ Heat > Networking > External Networks
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -679,7 +679,7 @@ Requirements Removed
When a VNF connects to an external network, a network role,
referred to as the '{network-role}' **MUST** be assigned to the
external network for use in the VNF's Heat Orchestration Template.
-
+
Heat > Networking > Internal Networks
-------------------------------------
@@ -687,7 +687,7 @@ Heat > Networking > Internal Networks
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -697,7 +697,7 @@ Requirements Removed
is created in the same Heat Orchestration Template as the internal network,
then the port resource **MUST** use a 'get_resource' to obtain
the network UUID.
-
+
Heat > ONAP Resource ID and Parameter Naming Convention > Contrail Resource Parameters > Contrail Network Parameters > External Networks
----------------------------------------------------------------------------------------------------------------------------------------
@@ -705,7 +705,7 @@ Heat > ONAP Resource ID and Parameter Naming Convention > Contrail Resource Para
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -714,7 +714,7 @@ Requirements Removed
A VNF's Heat Orchestration Template's parameter
'{network-role}_net_fqdn'
**MUST** be declared as type 'string'.
-
+
Heat > ONAP Resource ID and Parameter Naming Convention > Resource: OS::Nova::Server – Metadata Parameters > vm_role
--------------------------------------------------------------------------------------------------------------------
@@ -722,7 +722,7 @@ Heat > ONAP Resource ID and Parameter Naming Convention > Resource: OS::Nova::Se
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -737,7 +737,7 @@ Requirements Removed
- hard coded in the VNF's Heat Orchestration
Template's OS::Nova::Resource metadata property.
-
+
Heat > ONAP Support of Environment Files
----------------------------------------
@@ -745,7 +745,7 @@ Heat > ONAP Support of Environment Files
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -753,7 +753,7 @@ Requirements Removed
The VNF Heat Orchestration Template **MUST** have a
corresponding environment file for a Cinder Volume Module.
-
+
.. container:: note
@@ -761,7 +761,7 @@ Requirements Removed
The VNF Heat Orchestration Template **MUST** have a
corresponding environment file for an Incremental module.
-
+
.. container:: note
@@ -769,7 +769,7 @@ Requirements Removed
The VNF Heat Orchestration Template **MUST** have a corresponding
environment file for a Base Module.
-
+
Monitoring & Management > Data Structure Specification of the Event Record
--------------------------------------------------------------------------
@@ -777,7 +777,7 @@ Monitoring & Management > Data Structure Specification of the Event Record
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -787,7 +787,7 @@ Requirements Added
recommend actions that may be taken at specific thresholds, or if specific
conditions repeat within a specified time interval, using the semantics and
syntax described by the :doc:`VES Event Registration specification<../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>`.
-
+
.. container:: note
@@ -796,7 +796,7 @@ Requirements Added
The xNF Provider **MAY** require that specific events, identified by their
``eventName``, require that certain fields, which are optional in the common
event format, must be present when they are published.
-
+
.. container:: note
@@ -810,7 +810,7 @@ Requirements Added
* Required fields
* Optional fields
* Any special handling to be performed for that event
-
+
.. container:: note
@@ -820,7 +820,7 @@ Requirements Added
event format defined in the
:doc:`VES Event Listener<../../../../vnfsdk/model.git/docs/files/VESEventListener_7_0_1>`
specification.
-
+
Monitoring & Management > Event Records - Data Structure Description > Common Event Header
------------------------------------------------------------------------------------------
@@ -828,7 +828,7 @@ Monitoring & Management > Event Records - Data Structure Description > Common Ev
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -853,7 +853,7 @@ Requirements Added
* ``version`` - the version of the event header
* ``vesEventListenerVersion`` - Version of the VES event listener API spec
that this event is compliant with
-
+
Monitoring & Management > Event Records - Data Structure Description > Miscellaneous
------------------------------------------------------------------------------------
@@ -861,7 +861,7 @@ Monitoring & Management > Event Records - Data Structure Description > Miscellan
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -870,7 +870,7 @@ Requirements Added
The VNF, when publishing events, **MUST NOT** send information through
extensible structures if the event specification has explicitly defined
fields for that information.
-
+
.. container:: note
@@ -880,7 +880,7 @@ Requirements Added
able to collect even if the information field is identified as optional.
However, if the data cannot be collected, then optional fields can be
omitted.
-
+
.. container:: note
@@ -890,7 +890,7 @@ Requirements Added
words and acronyms used as keys that will be sent through extensible fields.
When an acronym is used as the key, then only the first letter shall be
capitalized.
-
+
Monitoring & Management > Monitoring & Management Requirements > Asynchronous and Synchronous Data Delivery
-----------------------------------------------------------------------------------------------------------
@@ -898,7 +898,7 @@ Monitoring & Management > Monitoring & Management Requirements > Asynchronous an
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -906,7 +906,7 @@ Requirements Added
The xNF **SHOULD** deliver all syslog messages to the VES Collector per the
specifications in Monitoring and Management chapter.
-
+
Monitoring & Management > Monitoring & Management Requirements > Bulk Performance Measurement
---------------------------------------------------------------------------------------------
@@ -914,7 +914,7 @@ Monitoring & Management > Monitoring & Management Requirements > Bulk Performanc
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -922,7 +922,7 @@ Requirements Added
The xNF **SHOULD** support File transferring protocol, such as FTPES or SFTP,
when supporting the event-driven bulk transfer of monitoring data.
-
+
.. container:: note
@@ -930,7 +930,7 @@ Requirements Added
The xNF **SHOULD** support the data schema defined in 3GPP TS 32.435, when
supporting the event-driven bulk transfer of monitoring data.
-
+
.. container:: note
@@ -938,7 +938,7 @@ Requirements Added
The xNF **SHOULD** support FileReady VES event for event-driven bulk transfer
of monitoring data.
-
+
Monitoring & Management > Monitoring & Management Requirements > Google Protocol Buffers (GPB)
----------------------------------------------------------------------------------------------
@@ -946,7 +946,7 @@ Monitoring & Management > Monitoring & Management Requirements > Google Protocol
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -963,7 +963,7 @@ Requirements Added
the state of an xNF resource.
* The required Google Protocol Buffers (GPB) metadata is provided in the
form of .proto files.
-
+
.. container:: note
@@ -979,7 +979,7 @@ Requirements Added
processing high volume events
* A supporting PM content metadata file to be used by analytics
applications to process high volume measurement events
-
+
Monitoring & Management > Monitoring & Management Requirements > JSON
---------------------------------------------------------------------
@@ -987,7 +987,7 @@ Monitoring & Management > Monitoring & Management Requirements > JSON
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -998,7 +998,7 @@ Requirements Changed
High-volume data is to be encoded and serialized using
`Avro <http://avro.apache.org/>`_, where the Avro [#7.4.1]_ data
format are described using JSON.
-
+
Monitoring & Management > Monitoring & Management Requirements > Reporting Frequency
------------------------------------------------------------------------------------
@@ -1006,7 +1006,7 @@ Monitoring & Management > Monitoring & Management Requirements > Reporting Frequ
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1014,7 +1014,7 @@ Requirements Added
The xNF **MUST** report exactly one Measurement event per period
per source name.
-
+
Monitoring & Management > Monitoring & Management Requirements > VNF telemetry via standardized interface
---------------------------------------------------------------------------------------------------------
@@ -1022,7 +1022,7 @@ Monitoring & Management > Monitoring & Management Requirements > VNF telemetry v
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1030,11 +1030,11 @@ Requirements Added
The xNF MUST produce heartbeat indicators consisting of events containing
the common event header only per the VES Listener Specification.
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1043,7 +1043,7 @@ Requirements Removed
The xNF **MUST** provide all telemetry (e.g., fault event
records, syslog records, performance records etc.) to ONAP using the
model, format and mechanisms described in this section.
-
+
Monitoring & Management > Transports and Protocols Supporting Resource Interfaces
---------------------------------------------------------------------------------
@@ -1051,7 +1051,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1059,7 +1059,7 @@ Requirements Added
The xNF **SHOULD** deliver event records that fall into the event domains
supported by VES.
-
+
.. container:: note
@@ -1067,7 +1067,7 @@ Requirements Added
The xNF **MUST** deliver event records to ONAP using the common transport
mechanisms and protocols defined in this document.
-
+
.. container:: note
@@ -1076,7 +1076,7 @@ Requirements Added
The xNF provider **MUST** reach agreement with the Service Provider on
the selected methods for encoding, serialization and data delivery
prior to the on-boarding of the xNF into ONAP SDC Design Studio.
-
+
Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > Bulk Telemetry Transmission
---------------------------------------------------------------------------------------------------------------
@@ -1084,7 +1084,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1093,7 +1093,7 @@ Requirements Added
The XNF **MAY** leverage bulk xNF telemetry transmission mechanism, as
depicted in Figure 4, in instances where other transmission methods are not
practical or advisable.
-
+
Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using Google Protocol Buffers
-------------------------------------------------------------------------------------------------------------------------------
@@ -1101,7 +1101,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1111,7 +1111,7 @@ Requirements Added
depicted in Figure 3 to support real-time performance management (PM) data.
In this model the VES events are streamed as binary-encoded GBPs over via
TCP sockets.
-
+
Monitoring & Management > Transports and Protocols Supporting Resource Interfaces > xNF Telemetry using VES/JSON Model
----------------------------------------------------------------------------------------------------------------------
@@ -1119,7 +1119,7 @@ Monitoring & Management > Transports and Protocols Supporting Resource Interface
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1129,7 +1129,7 @@ Requirements Added
for data delivery unless there are specific performance or operational
concerns agreed upon by the Service Provider that would warrant using an
alternate model.
-
+
ONAP Heat Cinder Volumes
------------------------
@@ -1137,7 +1137,7 @@ ONAP Heat Cinder Volumes
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1152,7 +1152,7 @@ Requirements Added
* A resource that defines the property ``type`` as a Nested YAML file
(i.e., static nesting) and the Nested YAML contains
an ``OS::Cinder::Volume`` resource
-
+
ONAP Heat Heat Template Constructs > Heat Files Support (get_file)
------------------------------------------------------------------
@@ -1160,7 +1160,7 @@ ONAP Heat Heat Template Constructs > Heat Files Support (get_file)
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1172,7 +1172,7 @@ Requirements Changed
* more than once in a VNF's Heat Orchestration Template
* in two or more of a VNF's Heat Orchestration Templates
* in a VNF's Heat Orchestration Templates nested YAML file
-
+
.. container:: note
@@ -1181,7 +1181,7 @@ Requirements Changed
If a VNF's Heat Orchestration Template uses the intrinsic function
``get_file``, the ``get_file`` target **MUST** be referenced in
the Heat Orchestration Template by file name.
-
+
.. container:: note
@@ -1189,7 +1189,7 @@ Requirements Changed
A VNF's Heat Orchestration Template intrinsic function
``get_file`` **MUST NOT** utilize URL-based file retrieval.
-
+
.. container:: note
@@ -1200,7 +1200,7 @@ Requirements Changed
single, flat directory per VNF. A VNF's Heat Orchestration
Template's ``get_file`` target files **MUST** be in the same
directory hierarchy as the VNF's Heat Orchestration Templates.
-
+
ONAP Heat Heat Template Constructs > Nested Heat Templates > Nested Heat Template Requirements
----------------------------------------------------------------------------------------------
@@ -1208,7 +1208,7 @@ ONAP Heat Heat Template Constructs > Nested Heat Templates > Nested Heat Templat
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1217,7 +1217,7 @@ Requirements Added
A VNF's Heat Orchestration Template **MUST** reference a Nested YAML
file by name. The use of ``resource_registry`` in the VNF's Heat
Orchestration Templates Environment File **MUST NOT** be used.
-
+
ONAP Heat Networking > External Networks
----------------------------------------
@@ -1225,7 +1225,7 @@ ONAP Heat Networking > External Networks
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1233,7 +1233,7 @@ Requirements Changed
A VNF **MAY** be connected to zero, one or more than one external
network.
-
+
ONAP Heat Networking > Internal Networks
----------------------------------------
@@ -1241,7 +1241,7 @@ ONAP Heat Networking > Internal Networks
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1251,7 +1251,7 @@ Requirements Changed
for the purpose of reaching VMs in another VNF and/or an
external gateway and/or
external router.
-
+
.. container:: note
@@ -1259,14 +1259,14 @@ Requirements Changed
A VNF's port connected to an internal network **MUST**
use the port for the purpose of reaching VMs in the same VNF.
-
+
.. container:: note
:need:`R-87096`
A VNF **MAY** contain zero, one or more than one internal network.
-
+
ONAP Heat Orchestration Template Format
---------------------------------------
@@ -1274,7 +1274,7 @@ ONAP Heat Orchestration Template Format
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1282,7 +1282,7 @@ Requirements Added
A VNF's Heat Orchestration Template **MUST** be compliant with the
OpenStack Template Guide.
-
+
ONAP Heat Orchestration Template Format > Environment File Format
-----------------------------------------------------------------
@@ -1290,7 +1290,7 @@ ONAP Heat Orchestration Template Format > Environment File Format
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1298,7 +1298,7 @@ Requirements Changed
A VNF's Heat Orchestration template **MUST** have a
corresponding environment file.
-
+
.. container:: note
@@ -1306,7 +1306,7 @@ Requirements Changed
A VNF's Heat Orchestration template's Environment File's
``parameters:`` section **MAY** (or **MAY NOT**) enumerate parameters.
-
+
.. container:: note
@@ -1314,7 +1314,7 @@ Requirements Changed
A VNF's Heat Orchestration template's Environment File **MUST**
contain the ``parameters:`` section.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters
--------------------------------------------------------------------------------------------
@@ -1322,7 +1322,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1331,7 +1331,7 @@ Requirements Changed
A VNF Heat Orchestration's template's parameter **MUST** be used
in a resource with the exception of the parameters for the
``OS::Nova::Server`` resource property ``availability_zone``.
-
+
.. container:: note
@@ -1340,7 +1340,7 @@ Requirements Changed
A VNF Heat Orchestration's template's parameter for the
``OS::Nova::Server`` resource property ``availability_zone``
**MAY NOT** be used in any ``OS::Nova::Server``.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > constraints
----------------------------------------------------------------------------------------------------------
@@ -1348,7 +1348,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1358,7 +1358,7 @@ Requirements Changed
in a non-nested YAML file as type
``number`` **MUST** have a parameter constraint of ``range`` or
``allowed_values`` defined.
-
+
.. container:: note
@@ -1367,7 +1367,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's parameter defined
in a nested YAML file
**MUST NOT** have a parameter constraint defined.
-
+
.. container:: note
@@ -1376,7 +1376,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's parameter defined
in a non-nested YAML file as type
``boolean`` **MAY** have a parameter constraint defined.
-
+
.. container:: note
@@ -1385,7 +1385,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's parameter defined
in a non-nested YAML file as type
``string`` **MAY** have a parameter constraint defined.
-
+
.. container:: note
@@ -1394,7 +1394,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's parameter defined
in a non-nested YAML file as type
``json`` **MAY** have a parameter constraint defined.
-
+
.. container:: note
@@ -1403,7 +1403,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's parameter defined
in a non-nested YAML file as
type ``comma_delimited_list`` **MAY** have a parameter constraint defined.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > default
------------------------------------------------------------------------------------------------------
@@ -1411,7 +1411,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1419,7 +1419,7 @@ Requirements Changed
If a VNF Heat Orchestration Template parameter has a default value,
it **MUST** be enumerated in the environment file.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > parameters > type
---------------------------------------------------------------------------------------------------
@@ -1427,7 +1427,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1441,7 +1441,7 @@ Requirements Changed
* ``json``
* ``comma_delimited_list``
* ``boolean``
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources
-------------------------------------------------------------------------------------------
@@ -1449,7 +1449,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1457,7 +1457,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's Nested YAML files **MAY**
(or **MAY NOT**) contain the section ``resources:``.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > deletion_policy
-------------------------------------------------------------------------------------------------------------
@@ -1465,7 +1465,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1473,7 +1473,7 @@ Requirements Changed
VNF's Heat Orchestration Template's Resource **MAY** declare the
attribute ``deletion_policy:``.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > external_id
---------------------------------------------------------------------------------------------------------
@@ -1481,7 +1481,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1489,7 +1489,7 @@ Requirements Changed
VNF's Heat Orchestration Template's Resource **MAY** declare the
attribute ``external_id:``.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > metadata
------------------------------------------------------------------------------------------------------
@@ -1497,7 +1497,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1505,7 +1505,7 @@ Requirements Added
A VNF's Heat Orchestration Template's Resource **MAY** declare the
attribute ``metadata``.
-
+
ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure > resources > properties
--------------------------------------------------------------------------------------------------------
@@ -1513,7 +1513,7 @@ ONAP Heat Orchestration Template Format > Heat Orchestration Template Structure
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1522,7 +1522,7 @@ Requirements Changed
If a VNF's Heat Orchestration Template resource attribute
``property:`` uses a nested ``get_param``, the nested
``get_param`` **MUST** reference an index.
-
+
ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Base Modules
------------------------------------------------------------------------------------------------------
@@ -1530,7 +1530,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1551,7 +1551,7 @@ Requirements Changed
where ``<text>`` **MUST** contain only alphanumeric characters and
underscores '_' and **MUST NOT** contain the case insensitive word ``base``.
-
+
ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Cinder Volume Modules
---------------------------------------------------------------------------------------------------------------
@@ -1559,7 +1559,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1568,7 +1568,7 @@ Requirements Changed
VNF Heat Orchestration Template's Cinder Volume Module's Environment File
**MUST** be named identical to the VNF Heat Orchestration Template's
Cinder Volume Module with ``.y[a]ml`` replaced with ``.env``.
-
+
.. container:: note
@@ -1577,7 +1577,7 @@ Requirements Changed
A VNF Heat Orchestration Template's Cinder Volume Module **MUST**
be named identical to the base or incremental module it is supporting with
``_volume`` appended.
-
+
ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Incremental Modules
-------------------------------------------------------------------------------------------------------------
@@ -1585,7 +1585,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1594,7 +1594,7 @@ Requirements Changed
VNF Heat Orchestration Template's Incremental Module file name
**MUST** contain only alphanumeric characters and underscores
'_' and **MUST NOT** contain the case insensitive word ``base``.
-
+
ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Filenames > Nested Heat file
----------------------------------------------------------------------------------------------------------
@@ -1602,7 +1602,7 @@ ONAP Heat Orchestration Templates Overview > ONAP Heat Orchestration Template Fi
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1611,7 +1611,7 @@ Requirements Changed
VNF Heat Orchestration Template's Nested YAML file name **MUST** contain
only alphanumeric characters and underscores '_' and
**MUST NOT** contain the case insensitive word ``base``.
-
+
ONAP Heat Orchestration Templates Overview > ONAP VNF Modularity Overview
-------------------------------------------------------------------------
@@ -1619,14 +1619,14 @@ ONAP Heat Orchestration Templates Overview > ONAP VNF Modularity Overview
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-38474`
A VNF's Base Module **MUST** have a corresponding Environment File.
-
+
.. container:: note
@@ -1634,14 +1634,14 @@ Requirements Changed
At orchestration time, the VNF's Base Module **MUST**
be deployed first, prior to any incremental modules.
-
+
.. container:: note
:need:`R-53433`
A VNF's Cinder Volume Module **MUST** have a corresponding environment file
-
+
.. container:: note
@@ -1649,7 +1649,7 @@ Requirements Changed
A VNF's Cinder Volume Module, when it exists, **MUST** be 1:1
with a Base module or Incremental module.
-
+
.. container:: note
@@ -1662,21 +1662,21 @@ Requirements Changed
an Incremental Module), or
3.) a Cinder Volume Module Heat Orchestration Template (referred to as
Cinder Volume Module).
-
+
.. container:: note
:need:`R-81725`
A VNF's Incremental Module **MUST** have a corresponding Environment File
-
+
.. container:: note
:need:`R-37028`
A VNF **MUST** be composed of one Base Module
-
+
ONAP Heat Orchestration Templates Overview > Output Parameters > ONAP Volume Module Output Parameters
-----------------------------------------------------------------------------------------------------
@@ -1684,7 +1684,7 @@ ONAP Heat Orchestration Templates Overview > Output Parameters > ONAP Volume Mod
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1695,7 +1695,7 @@ Requirements Changed
in the corresponding Base Module or Incremental Module unless the Output
Parameter is of the type ``comma_delimited_list``, then the corresponding
input parameter **MUST** be declared as type ``json``.
-
+
.. container:: note
@@ -1706,7 +1706,7 @@ Requirements Changed
**MUST** include the
UUID(s) of the Cinder Volumes created in template,
while others **MAY** be included.
-
+
ONAP Heat VNF Modularity
------------------------
@@ -1714,7 +1714,7 @@ ONAP Heat VNF Modularity
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1736,7 +1736,7 @@ Requirements Changed
ECOMP will capture the output parameter name and value in the base module
and provide the value to the corresponding parameter(s) in the
incremental module(s).
-
+
ONAP Output Parameter Names > Predefined Output Parameters > OAM Management IP Addresses
----------------------------------------------------------------------------------------
@@ -1744,7 +1744,7 @@ ONAP Output Parameter Names > Predefined Output Parameters > OAM Management IP A
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1765,7 +1765,7 @@ Requirements Changed
value: {get_param: {vm-type}_{network-role}_ip_{index} }
oam_management_v6_address:
value: {get_param: {vm-type}_{network-role}_v6_ip_{index} }
-
+
.. container:: note
@@ -1776,7 +1776,7 @@ Requirements Changed
then the parameter **MUST** be obtained by the
resource ``OS::Neutron::Port``
attribute ``ip_address``.
-
+
.. container:: note
@@ -1787,7 +1787,7 @@ Requirements Changed
database, an output parameter **MUST** be declared in only one of the
VNF's Heat Orchestration Templates and the parameter **MUST** be named
``oam_management_v6_address``.
-
+
ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Capability Types
----------------------------------------------------------------------
@@ -1795,7 +1795,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Capability Types
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1827,7 +1827,7 @@ Requirements Added
**tosca.capabilities.nfv.VirtualCompute** and
**tosca.capabilities.nfv.VirtualStorage** includes flavours of VDU
-
+
ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Data Types
----------------------------------------------------------------
@@ -1835,7 +1835,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Data Types
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1845,7 +1845,7 @@ Requirements Added
on TOSCA/YAML constructs specified in draft GS NFV-SOL 001. The node
data definitions/attributes used in VNFD **MUST** comply with the below
table.
-
+
.. container:: note
@@ -1855,7 +1855,7 @@ Requirements Added
and is based on TOSCA constructs specified in draft GS NFV-SOL 001.
The LCM configuration data elements used in VNFD **MUST** comply
with the below table.
-
+
ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > General
-------------------------------------------------------------
@@ -1863,7 +1863,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > General
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1872,7 +1872,7 @@ Requirements Added
The following table defines the major TOSCA Types specified in
ETSI NFV-SOL001 standard draft. The VNFD provided by a VNF vendor
**MUST** comply with the below definitions:
-
+
.. container:: note
@@ -1881,7 +1881,7 @@ Requirements Added
The VNFD **MAY** include TOSCA/YAML definitions that are not part of
NFV Profile. If provided, these definitions MUST comply with TOSCA
Simple Profile in YAML v.1.2.
-
+
.. container:: note
@@ -1895,7 +1895,7 @@ Requirements Added
summarizes the TOSCA definitions agreed to be part of current version
of NFV profile and that VNFD MUST comply with in ONAP Release 2+
Requirements.
-
+
.. container:: note
@@ -1930,7 +1930,7 @@ Requirements Added
supported per deployment flavour, and their input parameters;
Note, thatthe actual LCM implementation resides in a different layer,
namely referring to additional template artifacts.
-
+
.. container:: note
@@ -1939,7 +1939,7 @@ Requirements Added
The VNFD **MUST** comply with ETSI GS NFV-SOL001 document endorsing
the above mentioned NFV Profile and maintaining the gaps with the
requirements specified in ETSI GS NFV-IFA011 standard.
-
+
ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Interface Types
---------------------------------------------------------------------
@@ -1947,7 +1947,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Interface Types
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1957,7 +1957,7 @@ Requirements Added
interface types. An on-boarding entity (ONAP SDC) **MUST** support them.
**tosca.interfaces.nfv.vnf.lifecycle.Nfv** supports LCM operations
-
+
ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Relationship Types
------------------------------------------------------------------------
@@ -1965,7 +1965,7 @@ ONAP TOSCA VNFD Requirements > TOSCA VNF Descriptor > Relationship Types
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -1983,7 +1983,7 @@ Requirements Added
This relationship type represents an association relationship between
the VduCpd's and VirtualLinkDesc node types.
-
+
ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Contents
----------------------------------------------------------------------
@@ -1991,7 +1991,7 @@ ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Contents
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2006,7 +2006,7 @@ Requirements Added
identification data must include: an identifier for the VNF, the name
of the VNF as was given by the VNF provider, VNF description, VNF
provider, and version.
-
+
.. container:: note
@@ -2016,7 +2016,7 @@ Requirements Added
ETSI GS NFV-SOL004 including Manifest file, VNFD (or Main TOSCA/YAML
based Service Template) and other optional artifacts. CSAR Manifest
file as per SOL004 - for example ROOT\\ **MainServiceTemplate.mf**
-
+
.. container:: note
@@ -2024,7 +2024,7 @@ Requirements Added
The VNF provider **MUST** provide their testing scripts to support
testing as specified in ETSI NFV-SOL004 - Testing directory in CSAR
-
+
.. container:: note
@@ -2040,7 +2040,7 @@ Requirements Added
Note: Currently, ONAP doesn't have the capability of Image management,
we upload the image into VIM/VNFM manually.
-
+
.. container:: note
@@ -2050,7 +2050,7 @@ Requirements Added
their VNF(s) incorporate. CSAR License directory as per ETSI SOL004.
for example ROOT\\Licenses\\ **License_term.txt**
-
+
ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Structure and Format
----------------------------------------------------------------------------------
@@ -2058,7 +2058,7 @@ ONAP TOSCA VNFD Requirements > VNF CSAR Package > VNF Package Structure and Form
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2066,7 +2066,7 @@ Requirements Added
The VNF package **MUST** be arranged as a CSAR archive as specified in
TOSCA Simple Profile in YAML 1.2.
-
+
.. container:: note
@@ -2079,7 +2079,7 @@ Requirements Added
**Note:** SDC supports only the CSAR Option 1 in Casablanca. The Option 2
will be considered in future ONAP releases,
-
+
PNF Plug and Play > PNF Plug and Play
-------------------------------------
@@ -2087,7 +2087,7 @@ PNF Plug and Play > PNF Plug and Play
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2102,7 +2102,7 @@ Requirements Added
Note: The configuration management and provisioning software are specific
to a vendor architecture.
-
+
.. container:: note
@@ -2114,7 +2114,7 @@ Requirements Added
Note: these VES Events are emitted from the PNF to support PNF Plug and
Play, High Volume Measurements, and Fault events respectively.
-
+
.. container:: note
@@ -2130,7 +2130,7 @@ Requirements Added
to ascertain which ones are supported up to an including all of the ones
that have been defined. Note: It is expected that there will be a growing
list of supported configuration parameters in future releases of ONAP.
-
+
.. container:: note
@@ -2142,7 +2142,7 @@ Requirements Added
Note: this exchange may be either Ansible, Chef, or NetConf depending on
the PNF. Note: The PNF Controller may be VF-C, APP-C or SDN-C based on the
PNF and PNF domain. Note: for R3 (Casablanca) only Ansible is supported.
-
+
.. container:: note
@@ -2160,7 +2160,7 @@ Requirements Added
special setup to allow an external PNF to contact the ONAP installation.
For example, in the AT&T network, a maintenance tunnel is used to access
ONAP.
-
+
.. container:: note
@@ -2176,7 +2176,7 @@ Requirements Added
have a means to log an error and notify a user when a fault condition
occurs in trying to contact ONAP, authenticate or send a pnfRegistration
event.
-
+
.. container:: note
@@ -2185,7 +2185,7 @@ Requirements Added
(Error Case) - If an error is encountered by the PNF during a
Service Configuration exchange with ONAP, the PNF **MAY** log the
error and notify an operator.
-
+
.. container:: note
@@ -2194,7 +2194,7 @@ Requirements Added
The PNF Vendor **MAY** provide software version(s) to be supported by PNF
for SDC Design Studio PNF Model. This is set in the PNF Model property
software_versions.
-
+
.. container:: note
@@ -2203,7 +2203,7 @@ Requirements Added
The PNF **MAY** support a HTTP connection to the DCAE VES Event Listener.
Note: HTTP is allowed but not recommended.
-
+
.. container:: note
@@ -2220,14 +2220,14 @@ Requirements Added
complete installation & commissioning. The management of the VES event
exchange is also a requirement on the PNF to be developed by the PNF
vendor.
-
+
.. container:: note
:need:`R-686466`
The PNF **MUST** support sending a pnfRegistration VES event.
-
+
.. container:: note
@@ -2235,7 +2235,7 @@ Requirements Added
When the PNF receives a Service configuration from ONAP, the PNF **MUST**
cease sending the pnfRegistration VES Event.
-
+
.. container:: note
@@ -2243,7 +2243,7 @@ Requirements Added
The PNF **MUST** support a HTTPS connection to the DCAE VES Event
Listener.
-
+
.. container:: note
@@ -2257,7 +2257,7 @@ Requirements Added
Note: It is up to the specific vendor to design the software management
functions.
-
+
.. container:: note
@@ -2274,7 +2274,7 @@ Requirements Added
Note: The ONAP IP address could be provisioned or resolved through
FQDN & DNS.
-
+
.. container:: note
@@ -2287,7 +2287,7 @@ Requirements Added
Note: HTTP Basic Authentication has 4 steps: Request, Authenticate,
Authorization with Username/Password Credentials, and Authentication Status
as per RFC7617 and RFC 2617.
-
+
.. container:: note
@@ -2312,14 +2312,14 @@ Requirements Added
(3) HTTP with Username & Password & TLS with server-side
certificate authentication.
-
+
.. container:: note
:need:`R-980039`
The PNF **MUST** send the pnfRegistration VES event periodically.
-
+
.. container:: note
@@ -2330,7 +2330,7 @@ Requirements Added
Note: The PNF uses the service configuration request as a semaphore to
stop sending the pnfRegistration sent. See the requirement PNP-5360
requirement.
-
+
Resource IDs
------------
@@ -2338,7 +2338,7 @@ Resource IDs
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2347,7 +2347,7 @@ Requirements Changed
When a VNF's Heat Orchestration Template's resource is associated with a
single internal network, the Resource ID **MUST** contain the text
``int_{network-role}``.
-
+
.. container:: note
@@ -2358,7 +2358,7 @@ Requirements Changed
external network, the Resource ID **MUST** not contain the ``{vm-type}``
and/or ``{network-role}``/``int_{network-role}``. It also should contain the
term ``shared`` and/or contain text that identifies the VNF.
-
+
.. container:: note
@@ -2380,7 +2380,7 @@ Requirements Changed
- note that an ``{index}`` value **MAY** separate the ``{vm-type}`` and the
``{network-role}`` and when this occurs underscores **MUST** separate the
three values. (e.g., ``{vm-type}_{index}_{network-role}``).
-
+
.. container:: note
@@ -2400,7 +2400,7 @@ Requirements Changed
``{vm-type}`` and the ``int_{network-role}`` and when this occurs
underscores **MUST** separate the three values.
(e.g., ``{vm-type}_{index}_int_{network-role}``).
-
+
Resource IDs > Contrail Heat Resources Resource ID Naming Convention > OS::ContrailV2::VirtualNetwork
-----------------------------------------------------------------------------------------------------
@@ -2408,7 +2408,7 @@ Resource IDs > Contrail Heat Resources Resource ID Naming Convention > OS::Contr
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2430,7 +2430,7 @@ Requirements Changed
Heat Orchestration Template.
Note that option 1 is preferred.
-
+
Resource IDs > OpenStack Heat Resources Resource ID Naming Convention > OS::Neutron::Net
----------------------------------------------------------------------------------------
@@ -2438,7 +2438,7 @@ Resource IDs > OpenStack Heat Resources Resource ID Naming Convention > OS::Neut
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2453,7 +2453,7 @@ Requirements Changed
There is no ``{index}`` after ``{network-role}`` because ``{network-role}``
**MUST** be unique in the scope of the VNF's
Heat Orchestration Template.
-
+
Resource: OS::Neutron::Port - Parameters > Introduction > Items to Note
-----------------------------------------------------------------------
@@ -2461,7 +2461,7 @@ Resource: OS::Neutron::Port - Parameters > Introduction > Items to Note
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2474,7 +2474,7 @@ Requirements Changed
* property ``fixed_ips`` map property ``ip_address`` **MUST** be used
* property ``fixed_ips`` map property ``subnet``
**MUST NOT** be used
-
+
.. container:: note
@@ -2487,7 +2487,7 @@ Requirements Changed
* property ``fixed_ips`` map property ``ip_address`` **MUST NOT** be used
* property ``fixed_ips`` map property ``subnet``
**MAY** be used
-
+
.. container:: note
@@ -2501,7 +2501,7 @@ Requirements Changed
* property ``fixed_ips`` map property ``ip_address`` **MUST** be used
* property ``fixed_ips`` map property ``subnet``
**MUST NOT** be used
-
+
Resource: OS::Neutron::Port - Parameters > Property: allowed_address_pairs, Map Property: ip_address > VIP Assignment, External Networks, Supported by Automation
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
@@ -2509,7 +2509,7 @@ Resource: OS::Neutron::Port - Parameters > Property: allowed_address_pairs, Map
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2535,7 +2535,7 @@ Requirements Changed
network
And the parameter **MUST** be declared as type ``string``.
-
+
.. container:: note
@@ -2561,7 +2561,7 @@ Requirements Changed
network
And the parameter **MUST** be declared as type ``string``.
-
+
Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: ip_address
----------------------------------------------------------------------------------------
@@ -2569,7 +2569,7 @@ Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: ip
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2581,7 +2581,7 @@ Requirements Changed
``{vm-type}_int_{network-role}_ip_{index}``
**MUST** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2593,7 +2593,7 @@ Requirements Changed
``{vm-type}_{network-role}_ip_{index}``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2617,7 +2617,7 @@ Requirements Changed
``OS::Nova::Server``
* ``{network-role}`` is the {network-role} of the internal
network
-
+
.. container:: note
@@ -2642,7 +2642,7 @@ Requirements Changed
* ``{network-role}`` is the {network-role} of the internal
network
* the value for ``{index`` must start at zero (0) and increment by one
-
+
.. container:: note
@@ -2654,7 +2654,7 @@ Requirements Changed
``{vm-type}_int_{network-role}_int_ips``
**MUST** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2678,7 +2678,7 @@ Requirements Changed
OS::Nova::Server
* ``{network-role}`` is the {network-role} of the external
network
-
+
.. container:: note
@@ -2690,7 +2690,7 @@ Requirements Changed
``{vm-type}_{network-role}_v6_ip_{index}``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2702,7 +2702,7 @@ Requirements Changed
``{vm-type}_int_{network-role}_v6_ips``
**MUST** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2722,7 +2722,7 @@ Requirements Changed
**MUST** be enumerated in the Heat Orchestration
Template's Environment File and IP addresses **MUST** be
assigned.
-
+
.. container:: note
@@ -2746,7 +2746,7 @@ Requirements Changed
* ``{network-role}`` is the {network-role} of the external
network
* the value for ``{index}`` must start at zero (0) and increment by one
-
+
.. container:: note
@@ -2770,7 +2770,7 @@ Requirements Changed
``OS::Nova::Server``
* ``{network-role}`` is the {network-role} of the internal
network
-
+
.. container:: note
@@ -2794,7 +2794,7 @@ Requirements Changed
* ``{network-role}`` is the {network-role} of the external
network
* the value for ``{index}`` must start at zero (0) and increment by one
-
+
.. container:: note
@@ -2814,7 +2814,7 @@ Requirements Changed
**MUST NOT** be enumerated in the Heat Orchestration
Template's Environment File. ONAP provides the IP address
assignments at orchestration time.
-
+
.. container:: note
@@ -2838,7 +2838,7 @@ Requirements Changed
``OS::Nova::Server``
* ``{network-role}`` is the {network-role} of the external
network
-
+
.. container:: note
@@ -2850,7 +2850,7 @@ Requirements Changed
``{vm-type}_int_{network-role}_v6_ip_{index}``
**MUST** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2875,7 +2875,7 @@ Requirements Changed
* ``{network-role}`` is the {network-role} of the internal
network
* the value for ``{index}`` must start at zero (0) and increment by one
-
+
Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: subnet
------------------------------------------------------------------------------------
@@ -2883,7 +2883,7 @@ Resource: OS::Neutron::Port - Parameters > Property: fixed_ips, Map Property: su
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -2910,7 +2910,7 @@ Requirements Changed
Note that the parameter **MUST** be defined as an ``output`` parameter in
the base module.
-
+
.. container:: note
@@ -2931,7 +2931,7 @@ Requirements Changed
where
* ``{network-role}`` is the network role of the network.
-
+
.. container:: note
@@ -2943,7 +2943,7 @@ Requirements Changed
``int_{network-role}_v6_subnet_id``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -2966,7 +2966,7 @@ Requirements Changed
Note that the parameter **MUST** be defined as an ``output`` parameter in
the base module.
-
+
.. container:: note
@@ -2987,7 +2987,7 @@ Requirements Changed
where
* ``{network-role}`` is the network role of the network.
-
+
.. container:: note
@@ -2999,7 +2999,7 @@ Requirements Changed
``{network-role}_subnet_id``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -3011,7 +3011,7 @@ Requirements Changed
``{network-role}_v6_subnet_id``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
.. container:: note
@@ -3021,7 +3021,7 @@ Requirements Changed
resource ``OS::Neutron::Port`` property ``fixed_ips``
map property ``subnet`` parameter
**MUST** be declared type ``string``.
-
+
.. container:: note
@@ -3033,7 +3033,7 @@ Requirements Changed
``int_{network-role}_subnet_id``
**MUST NOT** be enumerated in the
VNF's Heat Orchestration Template's Environment File.
-
+
Resource: OS::Neutron::Port - Parameters > Property: network
------------------------------------------------------------
@@ -3041,7 +3041,7 @@ Resource: OS::Neutron::Port - Parameters > Property: network
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3051,7 +3051,7 @@ Requirements Changed
property ``network``
parameter **MUST NOT** be enumerated in the Heat Orchestration
Template's Environment File.
-
+
.. container:: note
@@ -3069,7 +3069,7 @@ Requirements Changed
where ``{network-role}`` is the network-role of the external network
and a ``get_param`` **MUST** be used as the intrinsic function.
-
+
.. container:: note
@@ -3084,7 +3084,7 @@ Requirements Changed
of the internal network by using the intrinsic function
``get_resource``
and referencing the Resource ID of the internal network.
-
+
.. container:: note
@@ -3104,7 +3104,7 @@ Requirements Changed
where ``{network-role}`` is the network-role of the internal network and
a ``get_param`` **MUST** be used as the intrinsic function.
-
+
Resource: OS::Nova::Server - Parameters
---------------------------------------
@@ -3112,7 +3112,7 @@ Resource: OS::Nova::Server - Parameters
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3129,7 +3129,7 @@ Requirements Added
**MUST** contain the identical ``{vm-type}``
and **MUST** follow the naming conventions defined
in R-58670, R-45188, R-54171, R-87817, and R-29751.
-
+
Resource: OS::Nova::Server - Parameters > Property: Name
--------------------------------------------------------
@@ -3137,7 +3137,7 @@ Resource: OS::Nova::Server - Parameters > Property: Name
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3145,11 +3145,11 @@ Requirements Added
The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
property ``name`` value **MUST** be be obtained via a ``get_param``.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3159,7 +3159,7 @@ Requirements Changed
property ``name`` parameter is defined as a ``string``, a parameter
**MUST** be delcared for
each ``OS::Nova::Server`` resource associated with the ``{vm-type}``.
-
+
.. container:: note
@@ -3171,7 +3171,7 @@ Requirements Changed
``{vm-type}_name_{index}``, where ``{index}`` is a numeric
value that starts at
zero and increments by one.
-
+
.. container:: note
@@ -3181,7 +3181,7 @@ Requirements Changed
property
``name`` parameter **MUST** be declared as either type ``string``
or type ``comma_delimited_list``.
-
+
Resource: OS::Nova::Server - Parameters > Property: Name > Contrail Issue with Values for OS::Nova::Server Property Name
------------------------------------------------------------------------------------------------------------------------
@@ -3189,7 +3189,7 @@ Resource: OS::Nova::Server - Parameters > Property: Name > Contrail Issue with V
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3202,7 +3202,7 @@ Requirements Changed
However, if special characters must be used, the only special characters
supported are: --- \" ! $ ' (\ \ ) = ~ ^ | @ ` { } [ ] > , . _
-
+
Resource: OS::Nova::Server - Parameters > Property: availability_zone
---------------------------------------------------------------------
@@ -3210,7 +3210,7 @@ Resource: OS::Nova::Server - Parameters > Property: availability_zone
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3220,7 +3220,7 @@ Requirements Changed
Resource **MAY** define a parameter for the property
``availability_zone`` that is not utilized in any ``OS::Nova::Server``
resources in the Heat Orchestration Template.
-
+
.. container:: note
@@ -3232,7 +3232,7 @@ Requirements Changed
``availability_zone_{index}`` where the ``{index}``
**MUST** start at zero and
increment by one.
-
+
Resource: OS::Nova::Server - Parameters > Property: flavor
----------------------------------------------------------
@@ -3240,7 +3240,7 @@ Resource: OS::Nova::Server - Parameters > Property: flavor
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3248,7 +3248,7 @@ Requirements Added
The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
property ``flavor`` value **MUST** be be obtained via a ``get_param``.
-
+
Resource: OS::Nova::Server - Parameters > Property: image
---------------------------------------------------------
@@ -3256,7 +3256,7 @@ Resource: OS::Nova::Server - Parameters > Property: image
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3264,7 +3264,7 @@ Requirements Added
The VNF's Heat Orchestration Template's Resource ``OS::Nova::Server``
property ``image`` value **MUST** be be obtained via a ``get_param``.
-
+
Resource: OS::Nova::Server Metadata Parameters > environment_context
--------------------------------------------------------------------
@@ -3272,7 +3272,7 @@ Resource: OS::Nova::Server Metadata Parameters > environment_context
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3282,7 +3282,7 @@ Requirements Changed
property
``metadata`` key/value pair ``environment_context`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3292,7 +3292,7 @@ Requirements Changed
property ``metadata``key/value pair ``environment_context``
parameter ``environment_context`` **MUST NOT**
have parameter constraints defined.
-
+
.. container:: note
@@ -3302,7 +3302,7 @@ Requirements Changed
property ``metadata`` key/value pair ``environment_context``
parameter **MUST** be declared as ``environment_context`` and the
parameter type **MUST** be defined as type: ``string``.
-
+
Resource: OS::Nova::Server Metadata Parameters > vf_module_id
-------------------------------------------------------------
@@ -3310,7 +3310,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_id
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3321,7 +3321,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_id`` is passed into a
Nested YAML
file, the key/value pair name ``vf_module_id`` **MUST NOT** change.
-
+
.. container:: note
@@ -3331,7 +3331,7 @@ Requirements Changed
property ``metadata`` **MUST**
contain the key/value pair ``vf_module_id``
and the value MUST be obtained via a ``get_param``.
-
+
.. container:: note
@@ -3341,7 +3341,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_id`` parameter **MUST**
be declared as ``vf_module_id`` and the parameter **MUST**
be defined as type: ``string``.
-
+
.. container:: note
@@ -3351,7 +3351,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id``
**MUST NOT**
have parameter constraints defined.
-
+
.. container:: note
@@ -3361,7 +3361,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_id`` parameter ``vf_module_id``
**MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
Resource: OS::Nova::Server Metadata Parameters > vf_module_index
----------------------------------------------------------------
@@ -3369,7 +3369,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_index
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3380,7 +3380,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_index`` parameter
``vf_module_index`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3389,7 +3389,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
property ``metadata`` key/value pair ``vf_module_index`` **MUST NOT**
have parameter constraints defined.
-
+
.. container:: note
@@ -3399,7 +3399,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vf_module_index`` is passed into a
Nested YAML file, the key/value pair
``vf_module_index`` **MUST NOT** change.
-
+
.. container:: note
@@ -3409,7 +3409,7 @@ Requirements Changed
resource property ``metadata`` **MAY**
contain the key/value pair ``vf_module_index``
and the value **MUST** be obtained via a ``get_param``.
-
+
.. container:: note
@@ -3420,7 +3420,7 @@ Requirements Changed
be used in a ``OS::Cinder::Volume`` resource and **MUST NOT** be
used in VNF's Volume template;
it is not supported.
-
+
.. container:: note
@@ -3431,7 +3431,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_index`` parameter **MUST**
be declared as ``vf_module_index`` and the parameter **MUST** be
defined as type: ``number``.
-
+
Resource: OS::Nova::Server Metadata Parameters > vf_module_name
---------------------------------------------------------------
@@ -3439,7 +3439,7 @@ Resource: OS::Nova::Server Metadata Parameters > vf_module_name
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3449,7 +3449,7 @@ Requirements Changed
property ``metadata`` **SHOULD**
contain the key/value pair ``vf_module_name`` and the value **MUST**
be obtained via a ``get_param``.
-
+
.. container:: note
@@ -3459,7 +3459,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vf_module_name`` is passed into a
Nested YAML
file, the key/value pair name ``vf_module_name`` **MUST NOT** change.
-
+
.. container:: note
@@ -3469,7 +3469,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vf_module_name``
parameter ``vf_module_name`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3479,7 +3479,7 @@ Requirements Changed
property
``metadata`` key/value pair ``vf_module_name`` parameter ``vf_module_name``
**MUST NOT** have parameter constraints defined.
-
+
.. container:: note
@@ -3490,7 +3490,7 @@ Requirements Changed
``metadata`` key/value pair ``vf_module_name`` parameter **MUST** be
declared as ``vf_module_name`` and the parameter **MUST**
be defined as type: ``string``.
-
+
Resource: OS::Nova::Server Metadata Parameters > vm_role
--------------------------------------------------------
@@ -3498,7 +3498,7 @@ Resource: OS::Nova::Server Metadata Parameters > vm_role
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3507,7 +3507,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
property ``metadata`` key/value pair ``vm_role`` parameter ``vm_role``
**MUST NOT** have parameter constraints defined.
-
+
.. container:: note
@@ -3517,7 +3517,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vm_role`` is passed into a Nested
YAML
file, the key/value pair name ``vm_role`` **MUST NOT** change.
-
+
.. container:: note
@@ -3526,7 +3526,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource
property ``metadata`` key/value pair ``vm_role`` value **MUST**
only contain alphanumeric characters and underscores (i.e., '_').
-
+
.. container:: note
@@ -3537,7 +3537,7 @@ Requirements Changed
``metadata`` key/value pair ``vm_role`` value is obtained via
``get_param``, the parameter **MUST** be declared as ``vm_role``
and the parameter **MUST** be defined as type: ``string``.
-
+
.. container:: note
@@ -3550,7 +3550,7 @@ Requirements Changed
- ``get_param``
- hard coded in the key/value pair ``vm_role``.
-
+
Resource: OS::Nova::Server Metadata Parameters > vnf_id
-------------------------------------------------------
@@ -3558,7 +3558,7 @@ Resource: OS::Nova::Server Metadata Parameters > vnf_id
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3568,7 +3568,7 @@ Requirements Changed
property
``metadata`` key/value pair ``vnf_id`` is passed into a Nested YAML
file, the key/value pair name ``vnf_id`` **MUST NOT** change.
-
+
.. container:: note
@@ -3578,7 +3578,7 @@ Requirements Changed
resource property
``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3589,7 +3589,7 @@ Requirements Changed
``metadata`` key/value pair ``vnf_id`` parameter
**MUST** be declared as ``vnf_id`` and the parameter **MUST**
be defined as type: ``string``.
-
+
.. container:: note
@@ -3599,7 +3599,7 @@ Requirements Changed
resource property ``metadata`` **MUST**
contain the key/value pair ``vnf_id``
and the value **MUST** be obtained via a ``get_param``.
-
+
.. container:: note
@@ -3609,7 +3609,7 @@ Requirements Changed
resource property
``metadata`` key/value pair ``vnf_id`` parameter ``vnf_id`` **MUST NOT**
have parameter constraints defined.
-
+
Resource: OS::Nova::Server Metadata Parameters > vnf_name
---------------------------------------------------------
@@ -3617,7 +3617,7 @@ Resource: OS::Nova::Server Metadata Parameters > vnf_name
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3627,7 +3627,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vnf_name`` parameter
``vnf_name`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3636,7 +3636,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's ``OS::Nova::Server`` resource property
``metadata`` **MUST** contain the key/value pair ``vnf_name`` and the
value **MUST** be obtained via a ``get_param``.
-
+
.. container:: note
@@ -3646,7 +3646,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vnf_name``
parameter ``vnf_name`` **MUST NOT**
have parameter constraints defined.
-
+
.. container:: note
@@ -3656,7 +3656,7 @@ Requirements Changed
property ``metadata`` key/value pair ``vnf_name`` parameter **MUST**
be declared as ``vnf_name`` and the parameter **MUST** be defined as
type: ``string``.
-
+
.. container:: note
@@ -3666,7 +3666,7 @@ Requirements Changed
property
``metadata`` key/value pair ``vnf_name`` is passed into a Nested YAML
file, the key/value pair name ``vnf_name`` **MUST NOT** change.
-
+
Resource: OS::Nova::Server Metadata Parameters > workload_context
-----------------------------------------------------------------
@@ -3674,7 +3674,7 @@ Resource: OS::Nova::Server Metadata Parameters > workload_context
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3685,7 +3685,7 @@ Requirements Changed
parameter **MUST**
be declared as ``workload_context`` and the parameter **MUST**
be defined as type: ``string``.
-
+
.. container:: note
@@ -3695,7 +3695,7 @@ Requirements Changed
property ``metadata`` key/value pair ``workload_context``
parameter ``workload_context`` **MUST NOT**
be enumerated in the Heat Orchestration Template's environment file.
-
+
.. container:: note
@@ -3705,7 +3705,7 @@ Requirements Changed
property ``metadata`` key/value pair ``workload_context``
parameter ``workload_context`` **MUST NOT**
have parameter constraints defined.
-
+
.. container:: note
@@ -3715,7 +3715,7 @@ Requirements Changed
property ``metadata`` key/value pair ``workload_context``
is passed into a Nested YAML
file, the key/value pair name ``workload_context`` **MUST NOT** change.
-
+
VNF On-boarding and package management > Resource Description
-------------------------------------------------------------
@@ -3723,7 +3723,7 @@ VNF On-boarding and package management > Resource Description
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3731,7 +3731,7 @@ Requirements Added
The VNF package MUST provide :doc:`VES Event Registration <../../../../vnfsdk/module.git/files/VESEventRegistration_3_0>`
for all VES events provided by that xNF.
-
+
.. container:: note
@@ -3739,7 +3739,7 @@ Requirements Added
The VNF documentation **MUST** contain a list of the files within the VNF
package that are static during the VNF's runtime.
-
+
VNF On-boarding and package management > Testing
------------------------------------------------
@@ -3747,7 +3747,7 @@ VNF On-boarding and package management > Testing
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3755,7 +3755,7 @@ Requirements Changed
The xNF Package **MUST** include documentation describing
the tests that were conducted by the xNF provider and the test results.
-
+
VNF Resiliency > Virtual Function - Container Recovery Requirements
-------------------------------------------------------------------
@@ -3763,21 +3763,21 @@ VNF Resiliency > Virtual Function - Container Recovery Requirements
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-46851`
The VNF **MUST** support ONAP Controller's Evacuate command.
-
+
.. container:: note
:need:`R-48761`
The VNF **MUST** support ONAP Controller's Snapshot command.
-
+
VNF Security > VNF API Security Requirements
--------------------------------------------
@@ -3785,7 +3785,7 @@ VNF Security > VNF API Security Requirements
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3795,7 +3795,7 @@ Requirements Changed
on APIs: Validate that any input file has a correct and valid
Multipurpose Internet Mail Extensions (MIME) type. Input files
should be tested for spoofed MIME types.
-
+
.. container:: note
@@ -3807,7 +3807,7 @@ Requirements Changed
SQL expressions, may cause the system to execute undesirable and
unauthorized transactions against the database or allow other
inappropriate access to the internal network (injection attacks).
-
+
.. container:: note
@@ -3815,11 +3815,11 @@ Requirements Changed
The VNF **SHOULD** integrate with the Operator's authentication and
authorization services (e.g., IDAM).
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3827,7 +3827,7 @@ Requirements Removed
The VNF **MUST** implement all monitoring and logging as
described in the Security Analytics section.
-
+
.. container:: note
@@ -3835,7 +3835,7 @@ Requirements Removed
The VNF **MUST** restrict changing the criticality level of
a system security alarm to administrator(s).
-
+
.. container:: note
@@ -3845,7 +3845,7 @@ Requirements Removed
anomalous access patterns that may represent fraudulent access or
other types of attacks, or integrate with tools that implement anomaly
and abuse detection.
-
+
.. container:: note
@@ -3855,14 +3855,14 @@ Requirements Removed
ensure that the date is within the validity period of the certificate,
check the Certificate Revocation List (CRL), and recognize the identity
represented by the certificate where PKI-based authentication is used.
-
+
.. container:: note
R-23772
The VNF **MUST** validate input at all layers implementing VNF APIs.
-
+
.. container:: note
@@ -3871,7 +3871,7 @@ Requirements Removed
The VNF **MUST** use certificates issued from publicly
recognized Certificate Authorities (CA) for the authentication process
where PKI-based authentication is used.
-
+
.. container:: note
@@ -3879,7 +3879,7 @@ Requirements Removed
The VNF **MUST** provide a mechanism to restrict access based
on the attributes of the VNF and the attributes of the subject.
-
+
.. container:: note
@@ -3887,7 +3887,7 @@ Requirements Removed
The VNF **MUST** support requests for information from law
enforcement and government agencies.
-
+
.. container:: note
@@ -3895,7 +3895,7 @@ Requirements Removed
The VNF **MUST** comply with NIST standards and industry
best practices for all implementations of cryptography.
-
+
VNF Security > VNF Cryptography Requirements
--------------------------------------------
@@ -3903,7 +3903,7 @@ VNF Security > VNF Cryptography Requirements
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3912,7 +3912,7 @@ Requirements Changed
The VNF **SHOULD** support an automated certificate management protocol
such as CMPv2, Simple Certificate Enrollment Protocol (SCEP) or
Automated Certificate Management Environment (ACME).
-
+
.. container:: note
@@ -3920,7 +3920,7 @@ Requirements Changed
The VNF **SHOULD** provide the capability to integrate with an
external encryption service.
-
+
.. container:: note
@@ -3933,7 +3933,7 @@ Requirements Changed
Note: The VNF provider cannot require the use of self-signed certificates
in an Operator's run time environment.
-
+
.. container:: note
@@ -3941,7 +3941,7 @@ Requirements Changed
The VNF **MUST** support HTTP/S using TLS v1.2 or higher
with strong cryptographic ciphers.
-
+
VNF Security > VNF Data Protection Requirements
-----------------------------------------------
@@ -3949,7 +3949,7 @@ VNF Security > VNF Data Protection Requirements
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -3957,7 +3957,7 @@ Requirements Changed
The VNF **MUST** provide the capability of using X.509 certificates
issued by an external Certificate Authority.
-
+
.. container:: note
@@ -3965,7 +3965,7 @@ Requirements Changed
The VNF **MUST** provide the capability to restrict read
and write access to data handled by the VNF.
-
+
.. container:: note
@@ -3973,7 +3973,7 @@ Requirements Changed
The VNF **MUST** be capable of protecting the confidentiality and integrity
of data at rest and in transit from unauthorized access and modification.
-
+
.. container:: note
@@ -3983,7 +3983,7 @@ Requirements Changed
non-volatile memory.Non-volative memory is storage that is
capable of retaining data without electrical power, e.g.
Complementary metal-oxide-semiconductor (CMOS) or hard drives.
-
+
.. container:: note
@@ -3992,7 +3992,7 @@ Requirements Changed
The VNF **MUST** use NIST and industry standard cryptographic
algorithms and standard modes of operations when implementing
cryptography.
-
+
.. container:: note
@@ -4000,7 +4000,7 @@ Requirements Changed
The VNF **MUST** support digital certificates that comply with X.509
standards.
-
+
.. container:: note
@@ -4011,7 +4011,7 @@ Requirements Changed
IPSec, X.509 digital certificates for cryptographic implementations.
These implementations must be purchased from reputable vendors or obtained
from reputable open source communities and must not be developed in-house.
-
+
.. container:: note
@@ -4019,7 +4019,7 @@ Requirements Changed
The VNF **MUST** provide the ability to migrate to newer
versions of cryptographic algorithms and protocols with minimal impact.
-
+
.. container:: note
@@ -4030,11 +4030,11 @@ Requirements Changed
Acceptable algorithms can be found in the NIST FIPS publications
(https://csrc.nist.gov/publications/fips) and in the
NIST Special Publications (https://csrc.nist.gov/publications/sp).
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4043,7 +4043,7 @@ Requirements Removed
The VNF **SHOULD** use commercial algorithms only when there
are no applicable governmental standards for specific cryptographic
functions, e.g., public key cryptography, message digests.
-
+
.. container:: note
@@ -4051,7 +4051,7 @@ Requirements Removed
The VNF **MUST** provide the capability to restrict access
to data to specific users.
-
+
VNF Security > VNF General Security Requirements
------------------------------------------------
@@ -4059,7 +4059,7 @@ VNF Security > VNF General Security Requirements
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4068,14 +4068,14 @@ Requirements Added
Login access (e.g., shell access) to the operating system layer, whether
interactive or as part of an automated process, **MUST** be through an
encrypted protocol such as SSH or TLS.
-
+
.. container:: note
:need:`R-240760`
The VNF **MUST NOT** contain any backdoors.
-
+
.. container:: note
@@ -4083,14 +4083,14 @@ Requirements Added
If SNMP is utilized, the VNF **MUST** support at least SNMPv3 with
message authentication.
-
+
.. container:: note
:need:`R-258686`
The VNF application processes **MUST NOT** run as root.
-
+
.. container:: note
@@ -4100,7 +4100,7 @@ Requirements Added
display the last valid login date and time and the number of unsuccessful
attempts since then made with that user's ID. This requirement is only
applicable when the user account is defined locally in the VNF.
-
+
.. container:: note
@@ -4109,14 +4109,14 @@ Requirements Added
The VNF **MUST** log any security event required by the VNF Requirements to
Syslog using LOG_AUTHPRIV for any event that would contain sensitive
information and LOG_AUTH for all other relevant events.
-
+
.. container:: note
:need:`R-756950`
The VNF **MUST** be operable without the use of Network File System (NFS).
-
+
.. container:: note
@@ -4126,7 +4126,7 @@ Requirements Added
package, that specifies the targetted parameters, e.g. a limited set of
ports, over which the VNF will communicate (including internal, external
and management communication).
-
+
.. container:: note
@@ -4138,11 +4138,11 @@ Requirements Added
security techniques that include the use of file and directory permissions.
Ideally, credentials SHOULD rely on a HW Root of Trust, such as a
TPM or HSM.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4150,7 +4150,7 @@ Requirements Changed
The VNF **MUST** support encrypted access protocols, e.g., TLS,
SSH, SFTP.
-
+
.. container:: note
@@ -4158,7 +4158,7 @@ Requirements Changed
The VNF **SHOULD** provide the capability for the Operator to run security
vulnerability scans of the operating system and all application layers.
-
+
.. container:: note
@@ -4167,7 +4167,7 @@ Requirements Changed
The VNF **MUST** provide a mechanism (e.g., access control list) to
permit and/or restrict access to services on the VNF by source,
destination, protocol, and/or port.
-
+
.. container:: note
@@ -4176,7 +4176,7 @@ Requirements Changed
The VNF **SHOULD** support network segregation, i.e., separation of OA&M
traffic from signaling and payload traffic, using technologies such as
VPN and VLAN.
-
+
.. container:: note
@@ -4185,7 +4185,7 @@ Requirements Changed
The VNF **MUST** allow the Operator to disable or remove any security
testing tools or programs included in the VNF, e.g., password cracker,
port scanner.
-
+
.. container:: note
@@ -4193,7 +4193,7 @@ Requirements Changed
The VNF **MUST** support the ability to prohibit remote access to the VNF
via a host based security mechanism.
-
+
.. container:: note
@@ -4205,7 +4205,7 @@ Requirements Changed
allow the Operator to harden the VNF. Actions taken to harden a system
include disabling all unnecessary services, and changing default values
such as default credentials and community strings.
-
+
.. container:: note
@@ -4215,7 +4215,7 @@ Requirements Changed
ability to present a warning notice that is set by the Operator. A warning
notice is a formal statement of resource intent presented to everyone
who accesses the system.
-
+
.. container:: note
@@ -4223,7 +4223,7 @@ Requirements Changed
The VNF **MUST** provide functionality that enables the Operator to comply
with requests for information from law enforcement and government agencies.
-
+
.. container:: note
@@ -4231,7 +4231,7 @@ Requirements Changed
The VNF **MUST** implement and enforce the principle of least privilege
on all protected interfaces.
-
+
.. container:: note
@@ -4239,7 +4239,7 @@ Requirements Changed
The VNF **SHOULD** support the use of virtual trusted platform
module.
-
+
.. container:: note
@@ -4249,7 +4249,7 @@ Requirements Changed
in the VNF as soon as possible. Patching shall be controlled via change
control process with vulnerabilities disclosed along with
mitigation recommendations.
-
+
.. container:: note
@@ -4258,11 +4258,11 @@ Requirements Changed
The VNF **SHOULD** provide a mechanism that enables the operators to
perform automated system configuration auditing at configurable time
intervals.
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4270,7 +4270,7 @@ Requirements Removed
The VNF **SHOULD** support the ability to work with aliases
(e.g., gateways, proxies) to protect and encapsulate resources.
-
+
.. container:: note
@@ -4279,7 +4279,7 @@ Requirements Removed
The VNF **SHOULD** interoperate with various access control
mechanisms for the Network Cloud execution environment (e.g.,
Hypervisors, containers).
-
+
.. container:: note
@@ -4287,7 +4287,7 @@ Requirements Removed
The VNF **MUST**, if not using the NCSP's IDAM API, comply
with the NCSP's credential management policy.
-
+
.. container:: note
@@ -4297,7 +4297,7 @@ Requirements Removed
with "password changes (includes default passwords)" policy. Products
will support password aging, syntax and other credential management
practices on a configurable basis.
-
+
.. container:: note
@@ -4306,7 +4306,7 @@ Requirements Removed
The VNF **MUST**, if not using the NCSP's IDAM API, support
use of common third party authentication and authorization tools such
as TACACS+, RADIUS.
-
+
.. container:: note
@@ -4316,7 +4316,7 @@ Requirements Removed
the requirements if not using the NCSP's IDAM API, for identification,
authentication and access control of OA&M and other system level
functions.
-
+
.. container:: note
@@ -4327,7 +4327,7 @@ Requirements Removed
ACLs, stateful firewalls and application layer gateways depending on
manner of deployment. The application is expected to function (and in
some cases, interwork) with these security tools.
-
+
.. container:: note
@@ -4337,7 +4337,7 @@ Requirements Removed
the ability to support Multi-Factor Authentication (e.g., 1st factor =
Software token on device (RSA SecureID); 2nd factor = User Name+Password,
etc.) for the users.
-
+
.. container:: note
@@ -4346,7 +4346,7 @@ Requirements Removed
The VNF **MUST** distribute all production code from NCSP
internal sources only. No production code, libraries, OS images, etc.
shall be distributed from publically accessible depots.
-
+
.. container:: note
@@ -4354,7 +4354,7 @@ Requirements Removed
The VNF **MUST**, if not using the NCSP's IDAM API, support
logging via ONAP for a historical view of "who did what and when."
-
+
.. container:: note
@@ -4365,7 +4365,7 @@ Requirements Removed
needs to have appropriate connectors to the Identity, Authentication
and Authorization systems that enables access at OS, Database and
Application levels as appropriate.
-
+
.. container:: note
@@ -4379,7 +4379,7 @@ Requirements Removed
subscriber identifiable data should be encrypted at rest. Other
data protection requirements exist and should be well understood
by the developer.
-
+
VNF Security > VNF Identity and Access Management Requirements
--------------------------------------------------------------
@@ -4387,7 +4387,7 @@ VNF Security > VNF Identity and Access Management Requirements
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4395,7 +4395,7 @@ Requirements Added
The VNF **MUST** provide a means for the user to explicitly logout, thus
ending that session for that authenticated user.
-
+
.. container:: note
@@ -4404,7 +4404,7 @@ Requirements Added
The VNF **MUST**, if not integrated with the Operator's Identity and Access
Management system, or enforce a configurable "terminate idle sessions"
policy by terminating the session after a configurable period of inactivity.
-
+
.. container:: note
@@ -4412,7 +4412,7 @@ Requirements Added
The VNF **MUST NOT** display "Welcome" notices or messages that could
be misinterpreted as extending an invitation to unauthorized users.
-
+
.. container:: note
@@ -4420,7 +4420,7 @@ Requirements Added
A failed authentication attempt **MUST NOT** identify the reason for the
failure to the user, only that the authentication failed.
-
+
.. container:: note
@@ -4430,7 +4430,7 @@ Requirements Added
manage, and automatically provision user accounts using an Operator
approved identity lifecycle management tool using a standard protocol,
e.g., NETCONF API.
-
+
.. container:: note
@@ -4438,7 +4438,7 @@ Requirements Added
The VNF MUST not store authentication credentials to itself in clear
text or any reversible form and must use salting.
-
+
.. container:: note
@@ -4446,11 +4446,11 @@ Requirements Added
The VNF **MUST** support account names that contain at least A-Z, a-z,
0-9 character sets and be at least 6 characters in length.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4459,7 +4459,7 @@ Requirements Changed
The VNF **MUST**, if not integrated with the Operator's identity and
access management system, authenticate all access to protected GUIs, CLIs,
and APIs.
-
+
.. container:: note
@@ -4467,7 +4467,7 @@ Requirements Changed
The VNF **MUST** provide access controls that allow the Operator
to restrict access to VNF functions and data to authorized entities.
-
+
.. container:: note
@@ -4476,7 +4476,7 @@ Requirements Changed
The VNF **MUST** integrate with standard identity and access management
protocols such as LDAP, TACACS+, Windows Integrated Authentication
(Kerberos), SAML federation, or OAuth 2.0.
-
+
.. container:: note
@@ -4487,7 +4487,7 @@ Requirements Changed
When a VNF is added to the network, nothing should be able to use
it until the super user configures the VNF to allow other users
(human and application) have access.
-
+
.. container:: note
@@ -4496,7 +4496,7 @@ Requirements Changed
The VNF **MUST NOT** allow the assumption of the permissions of another
account to mask individual accountability. For example, use SUDO when a
user requires elevated permissions such as root or admin.
-
+
.. container:: note
@@ -4504,7 +4504,7 @@ Requirements Changed
The VNF **MUST**, if not integrated with the Operator's Identity and
Access Management system, support configurable password expiration.
-
+
.. container:: note
@@ -4513,7 +4513,7 @@ Requirements Changed
Each architectural layer of the VNF (eg. operating system, network,
application) **MUST** support access restriction independently of all
other layers so that Segregation of Duties can be implemented.
-
+
.. container:: note
@@ -4523,7 +4523,7 @@ Requirements Changed
and Access Management system, support the ability to disable the
userID after a configurable number of consecutive unsuccessful
authentication attempts using the same userID.
-
+
.. container:: note
@@ -4541,7 +4541,7 @@ Requirements Changed
characters that may have command functions, and (6) new passwords must
not contain sequences of three or more characters from the previous
password.
-
+
.. container:: note
@@ -4549,7 +4549,7 @@ Requirements Changed
The VNF **SHOULD** support OAuth 2.0 authorization using an external
Authorization Server.
-
+
.. container:: note
@@ -4558,7 +4558,7 @@ Requirements Changed
The VNF **MUST**, if not integrated with the Operator's Identity and
Access Management system, support Role-Based Access Control to enforce
least privilege.
-
+
.. container:: note
@@ -4567,7 +4567,7 @@ Requirements Changed
The VNF **MUST**, if not integrated with the Operator's Identity and
Access Management system, support the creation of multiple IDs so that
individual accountability can be supported.
-
+
.. container:: note
@@ -4578,7 +4578,7 @@ Requirements Changed
VNF for use by human users. Strong authentication uses at least two of the
three different types of authentication factors in order to prove the
claimed identity of a user.
-
+
.. container:: note
@@ -4588,18 +4588,18 @@ Requirements Changed
the assigned permissions associated with an ID in order to support
Least Privilege (no more privilege than required to perform job
functions).
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
R-05470
The VNF **MUST** host connectors for access to the database layer.
-
+
.. container:: note
@@ -4607,7 +4607,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Session Hijacking.
-
+
.. container:: note
@@ -4615,7 +4615,7 @@ Requirements Removed
The VNF **MUST NOT** include authentication credentials
in security audit logs, even if encrypted.
-
+
.. container:: note
@@ -4623,7 +4623,7 @@ Requirements Removed
The VNF **MUST** provide Context awareness data (device,
location, time, etc.) and be able to integrate with threat detection system.
-
+
.. container:: note
@@ -4631,7 +4631,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Password Attacks.
-
+
.. container:: note
@@ -4639,7 +4639,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for XSS / CSRF.
-
+
.. container:: note
@@ -4648,7 +4648,7 @@ Requirements Removed
The VNF **MUST** subject VNF provider access to privilege
reconciliation tools to prevent access creep and ensure correct
enforcement of access policies.
-
+
.. container:: note
@@ -4656,14 +4656,14 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Man in the Middle (MITM).
-
+
.. container:: note
R-45496
The VNF **MUST** host connectors for access to the OS (Operating System) layer.
-
+
.. container:: note
@@ -4674,7 +4674,7 @@ Requirements Removed
owner of the VNF before provisioning authorization through Role Based
Access Control (RBAC), Attribute Based Access Control (ABAC), or other
policy based mechanism.
-
+
.. container:: note
@@ -4682,7 +4682,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Replay.
-
+
.. container:: note
@@ -4690,7 +4690,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Eavesdropping.
-
+
.. container:: note
@@ -4698,7 +4698,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Malware (Key Logger).
-
+
.. container:: note
@@ -4706,7 +4706,7 @@ Requirements Removed
The VNF **MUST** provide minimum privileges for initial
and default settings for new user accounts.
-
+
.. container:: note
@@ -4714,7 +4714,7 @@ Requirements Removed
The VNF **MUST** provide or support the Identity and Access
Management (IDAM) based threat detection data for Phishing / SMishing.
-
+
.. container:: note
@@ -4725,7 +4725,7 @@ Requirements Removed
authorized personnel only, e.g., least privilege. These controls
could include the use of system configuration or access control
software.
-
+
.. container:: note
@@ -4734,7 +4734,7 @@ Requirements Removed
The VNF **MUST** conform to approved request, workflow
authorization, and authorization provisioning requirements when
creating privileged users.
-
+
.. container:: note
@@ -4743,7 +4743,7 @@ Requirements Removed
The VNF **MUST** authenticate system to system access and
do not conceal a VNF provider user's individual accountability for
transactions.
-
+
.. container:: note
@@ -4753,14 +4753,14 @@ Requirements Removed
utilities capable of capturing or logging data that was not created
by them or sent specifically to them in production, without
authorization of the VNF system owner.
-
+
.. container:: note
R-95105
The VNF **MUST** host connectors for access to the application layer.
-
+
VNF Security > VNF Security Analytics Requirements
--------------------------------------------------
@@ -4768,14 +4768,14 @@ VNF Security > VNF Security Analytics Requirements
Requirements Added
~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
:need:`R-303569`
The VNF **MUST** log the Source IP address in the security audit logs.
-
+
.. container:: note
@@ -4783,7 +4783,7 @@ Requirements Added
The VNF **SHOULD** provide the capability of maintaining the integrity of
its static files using a cryptographic method.
-
+
.. container:: note
@@ -4794,7 +4794,7 @@ Requirements Added
reporting in log files. It is recommended that Coordinated Universal Time
(UTC) be used where possible, so as to eliminate ambiguity owing to daylight
savings time.
-
+
.. container:: note
@@ -4803,7 +4803,7 @@ Requirements Added
The VNF **MUST** have the capability to securely transmit the security logs
and security events to a remote system before they are purged from the
system.
-
+
.. container:: note
@@ -4811,11 +4811,11 @@ Requirements Added
The VNF **MUST** log automated remote activities performed with
elevated privileges.
-
+
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -4823,7 +4823,7 @@ Requirements Changed
The VNF **MUST** log success and unsuccessful creation, removal, or
change to the inherent privilege level of users.
-
+
.. container:: note
@@ -4832,7 +4832,7 @@ Requirements Changed
The VNF **MUST** support detection of malformed packets due to software
misconfiguration or software vulnerability, and generate an error to the
syslog console facility.
-
+
.. container:: note
@@ -4840,7 +4840,7 @@ Requirements Changed
The VNF **MUST** be implemented so that it is not vulnerable to OWASP
Top 10 web application security risks.
-
+
.. container:: note
@@ -4850,7 +4850,7 @@ Requirements Changed
attempts, e.g., authentication associated with a transaction,
authentication to create a session, authentication to assume elevated
privilege.
-
+
.. container:: note
@@ -4858,7 +4858,7 @@ Requirements Changed
The VNF **SHOULD** operate with anti-virus software which produces alarms
every time a virus is detected.
-
+
.. container:: note
@@ -4866,7 +4866,7 @@ Requirements Changed
The VNF **MUST** log connections to the network listeners of the
resource.
-
+
.. container:: note
@@ -4875,7 +4875,7 @@ Requirements Changed
The VNF **MUST** activate security alarms automatically when
it detects the successful modification of a critical system or
application file.
-
+
.. container:: note
@@ -4884,7 +4884,7 @@ Requirements Changed
The VNF **MUST** activate security alarms automatically when
a configurable number of consecutive unsuccessful login attempts
is reached.
-
+
.. container:: note
@@ -4892,7 +4892,7 @@ Requirements Changed
The VNF **MUST** restrict changing the criticality level of a
system security alarm to users with administrative privileges.
-
+
.. container:: note
@@ -4900,7 +4900,7 @@ Requirements Changed
The VNF **MUST** detect when its security audit log storage
medium is approaching capacity (configurable) and issue an alarm.
-
+
.. container:: note
@@ -4908,7 +4908,7 @@ Requirements Changed
The VNF **MUST** log successful and unsuccessful access to VNF
resources, including data.
-
+
.. container:: note
@@ -4916,7 +4916,7 @@ Requirements Changed
The VNF **MUST** generate security audit logs that can be sent
to Security Analytics Tools for analysis.
-
+
.. container:: note
@@ -4925,7 +4925,7 @@ Requirements Changed
The VNF **MUST** activate security alarms automatically when
it detects an unsuccessful attempt to gain permissions
or assume the identity of another user.
-
+
.. container:: note
@@ -4933,18 +4933,18 @@ Requirements Changed
The VNF **MUST** support the storage of security audit logs for a
configurable period of time.
-
+
Requirements Removed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
R-08598
The VNF **MUST** log successful and unsuccessful changes to a privilege level.
-
+
.. container:: note
@@ -4952,7 +4952,7 @@ Requirements Removed
The VNF **MUST** provide audit logs that include user ID, dates,
times for log-on and log-off, and terminal location at minimum.
-
+
.. container:: note
@@ -4961,14 +4961,14 @@ Requirements Removed
The VNF **MUST** support alternative monitoring capabilities
when VNFs do not expose data or control traffic or use proprietary and
optimized protocols for inter VNF communication.
-
+
.. container:: note
R-25094
The VNF **MUST** perform data capture for security functions.
-
+
.. container:: note
@@ -4976,7 +4976,7 @@ Requirements Removed
The VNF **MUST** support integrated DPI/monitoring functionality
as part of VNFs (e.g., PGW, MME).
-
+
.. container:: note
@@ -4985,7 +4985,7 @@ Requirements Removed
The VNF **MUST** implement "Closed Loop" automatic implementation
(without human intervention) for Known Threats with detection rate in low
false positives.
-
+
.. container:: note
@@ -4993,7 +4993,7 @@ Requirements Removed
The VNF **MUST** provide the capability of generating security
audit logs by interacting with the operating system (OS) as appropriate.
-
+
.. container:: note
@@ -5001,7 +5001,7 @@ Requirements Removed
The VNF **MUST** support event logging, formats, and delivery
tools to provide the required degree of event data to ONAP.
-
+
{network-role}
--------------
@@ -5009,7 +5009,7 @@ Requirements Removed
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -5019,7 +5019,7 @@ Requirements Changed
only alphanumeric characters and/or underscores '_' and
**MUST NOT** contain any of the following strings:
``_int`` or ``int_`` or ``_int_``.
-
+
.. container:: note
@@ -5029,7 +5029,7 @@ Requirements Changed
is associated with an internal network **MUST** include
``int_{network-role}`` as part of the parameter name,
where ``int_`` is a hard coded string.
-
+
.. container:: note
@@ -5038,7 +5038,7 @@ Requirements Changed
A VNF's Heat Orchestration Template's Resource ID that is associated
with an internal network **MUST** include ``int_{network-role}`` as part
of the Resource ID, where ``int_`` is a hard coded string.
-
+
{vm-type}
---------
@@ -5046,7 +5046,7 @@ Requirements Changed
Requirements Changed
~~~~~~~~~~~~~~~~~~~~
-
+
.. container:: note
@@ -5065,7 +5065,7 @@ Requirements Changed
``vf_module_name``, ``vm_role``,
``vf_module_index``, ``environment_context``, ``workload_context``)
**MUST NOT** be prefixed with a common ``{vm-type}`` identifier.
-
+
.. container:: note
@@ -5075,7 +5075,7 @@ Requirements Changed
alphanumeric characters and/or underscores '_' and **MUST NOT**
contain any of the following strings:
``_int`` or ``int_`` or ``_int_``.
-
+
.. container:: note
@@ -5101,4 +5101,4 @@ Requirements Changed
- Each VM in the "class" **MUST** have the the identical number of
ports connecting to the identical networks and requiring the identical
IP address configuration.
-
+