1 .. This work is licensed under a Creative Commons Attribution 4.0
2 .. International License. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2017 AT&T Intellectual Property. All rights reserved.
6 Adding a new Openstack Cloud Site to ONAP
7 =========================================
9 The following guide describes how to configure ONAP to be able to instantiate
10 a service in a new cloud site based on Openstack.
12 There are 2 methods for ONAP to communicate with Openstack in order
13 to instantiate a service:
15 * method 1 : ONAP SO => Openstack
16 * method 2 : ONAP SO => ONAP MultiCloud => Openstack
18 In this guideline the following parameters/values will be used
20 * Complex Name: My_Complex
21 * Region Name: ONAPCloudRegionName
22 * Openstack Tenant Region Value: TenantRegion
23 * Cloud Owner: MyCompanyName
24 * Openstack Cloud User: e.g. admin
25 * Openstack Password: needs to be encrypted (see instructions below)
27 Encrypt Openstack Password for SO
28 ---------------------------------
30 The SO Encrypted Password uses a java based encryption utility since the
31 Java encryption library is not easy to integrate with openssl/python that
32 Robot uses in Dublin and upper versions.
35 To generate SO encrypted password you need to have the OOM project cloned and
36 ensure `default-jdk` is installed::
38 apt-get update; apt-get install default-jdk
42 SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key`
43 OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX
45 git clone http://gerrit.onap.org/r/integration
46 cd integration/deployment/heat/onap-rke/scripts
49 java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY"
52 Method 1 : without ONAP MultiCloud
53 ----------------------------------
59 Method 2 : using ONAP MultiCloud
60 --------------------------------
62 STEP 1 : declare Cloud Site in ONAP SO to interact with ONAP multiCloud
63 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
65 The MariaDB database of ONAP SO needs to be modified.
67 In the ONAP SO, the use of ONAP Multicloud for that Cloud Site needs to be
70 ONAP SO will communicate with ONAP MultiCloud that interfaces target cloud
71 environment. Two configuration options are offered:
73 * First option: Declare multicloud URL in identity_services table
75 * Openstack tenant credentials are still managed by SO
76 * Openstack tenant region value is checked against Region_ID value in
79 * Second option (from Dublin version): Target solution managing all Openstack
80 tenant information within AAI
82 * ORCHESTRATOR value is set to `multicloud` in cloud_sites table
83 * All Openstack tenant information are stored in AAI and managed by
86 Connect to ONAP SO pod
87 ^^^^^^^^^^^^^^^^^^^^^^
89 In a Unix Terminal, to get the SO pods id that is providing
94 kubectl -n onap get pod | grep mariadb-galera
96 To connect to that SO pod
97 (in this example, the SO pod id is "onap-mariadb-galera-mariadb-galera-0"):
101 kubectl -n onap exec -ti onap-mariadb-galera-mariadb-galera-0 sh
103 Then modify the data in the MariaDB:
106 A "mso_id" and "mso_pass" are required even if, with multicloud,
107 only credentials managed by ESR will be used.
109 Nevertheless, you need to provide a correct encrypted value for the pass value.
111 "MyCompanyName" is a cloud owner value. WARNING : do not use underscore
114 "ONAPCloudRegionName" is the ONAP region name that can be different from
115 final Openstack tenant region name (TenantRegion in the example).
116 *** know restriction ****
117 Check status of https://jira.onap.org/projects/MULTICLOUD/issues/MULTICLOUD-970
121 mysql --user=so_admin --password=so_Admin123
124 # First option: Without using ORCHESTRATOR VALUE set to multicloud
125 # (use Openstack credentials - username, encrypted password)
126 INSERT INTO identity_services VALUES('MC_KEYSTONE', 'http://msb-iag.onap:80/api/multicloud/v1/MyCompanyName/ONAPCloudRegionName/identity/v2.0', 'admin', '5b6f369745f5f0e1c61da7f0656f3daf93c8030a2ea94b7964c67abdcfb49bdf2fa2266344b4caaca1eba8264d277831', 'service', 'admin', 1, 'KEYSTONE', 'USERNAME_PASSWORD', 'lastUser', '2019-07-05 10:32:00', '2019-07-05 10:32:00','PROJECT_DOMAIN_NAME','USER_DOMAIN_NAME');
127 INSERT INTO cloud_sites VALUES('ONAPCloudRegionName', 'TenantRegion', 'MC_KEYSTONE', 2.5, 'ONAPCloudRegionName', NULL, NULL, NULL, 'MySelf', '2019-07-05 10:32:00', '2019-07-05 10:32:00');
129 # Second option: using ORCHESTRATOR VALUE set to multicloud from Dublin version
130 INSERT INTO cloud_sites(ID, REGION_ID, IDENTITY_SERVICE_ID, CLOUD_VERSION, CLLI, ORCHESTRATOR) values("ONAPCloudRegionName", "ONAPCloudRegionName", "DEFAULT_KEYSTONE", "2.5", "My_Complex", "multicloud");
134 ONAP SO VNF Adapter Rest API endpoint version shall be set to version "v2"
135 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
139 to find the right config map name:
143 kubectl -n onap get configmap | grep so-so-bpmn-infra-app-configmap
146 to edit and change the configmap:
150 kubectl -n onap edit configmap onap-so-so-bpmn-infra-app-configmap
152 in the section "vnf", modify the rest endpoint:
157 endpoint: http://so-openstack-adapter.onap:8087/services/VnfAdapter
159 - endpoint: http://so-openstack-adapter.onap:8087/services/rest/v1/vnfs
160 + endpoint: http://so-openstack-adapter.onap:8087/services/rest/v2/vnfs
163 endpoint: http://so-openstack-adapter.onapg:8087/services/rest/v1/volume-groups
166 Having modified the configmap, it is necessary to delete the pod bpmn-infra in
167 order it takes the modification into account.
169 to find the right pod name:
173 kubectl get po -n onap |grep bpmn-infra
176 You need to find the pod that is similar to the following pod id:
178 "onap-so-so-bpmn-infra-79fdf6f9d5-t8qr4"
185 kubectl -n onap delete po onap-so-so-bpmn-infra-79fdf6f9d5-t8qr4
188 Then, wait for the pod to restart. To check:
192 kubectl -n onap get po | grep so-so
197 STEP 2 : declare the new cloud Site in ONAP AAI
198 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
201 declare a Complex in ONAP AAI
202 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
205 A Cloud Site is located in a Building called "Complex" object
206 in ONAP AAI datamodel.
208 AAI REST API is used to declare the complex object.
210 Here is an example using "curl" tool to send the API request.
212 The new Complex is named "My_Complex" in this example.
218 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/complexes/complex/My_Complex \
219 -H 'Accept: application/json' \
220 -H 'Authorization: Basic QUFJOkFBSQ==' \
221 -H 'Cache-Control: no-cache' \
222 -H 'Content-Type: application/json' \
223 -H 'Real-Time: true' \
224 -H 'X-FromAppId: jimmy-postman' \
225 -H 'X-TransactionId: 9999' \
227 "physical-location-id": "My_Complex",
228 "data-center-code": "example-data-center-code-val-5556",
229 "complex-name": "My_Complex",
230 "identity-url": "example-identity-url-val-56898",
231 "physical-location-type": "example-physical-location-type-val-7608",
232 "street1": "example-street1-val-34205",
233 "street2": "example-street2-val-99210",
235 "state": "example-state-val-59487",
236 "postal-code": "100000",
237 "country": "example-country-val-94173",
238 "region": "example-region-val-13893",
239 "latitude": "39.9042",
240 "longitude": "106.4074",
241 "elevation": "example-elevation-val-30253",
242 "lata": "example-lata-val-46073"
246 Check the Complexes in ONAP AAI:
251 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/complexes \
252 -H 'Accept: application/json' \
253 -H 'Authorization: Basic QUFJOkFBSQ==' \
254 -H 'X-FromAppId: AAI' \
255 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
256 -H 'cache-control: no-cache' -k
261 Declare a Cloud Site in ONAP AAI
262 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
265 To declare a Cloud Site, you need to use the AAI REST API.
267 The new Cloud site is named "ONAPCloudRegionName" in this example.
269 There is also a "Cloud Owner" notion in ONAP AAI datamodel.
271 The new Cloud Owner is named "MyCompanyName" in this example.
273 In Openstack, there is also a "region" notion. You need to get the value of
274 the region that has been set when deploying your Openstack platform.
276 In the following example the Openstack region has the value "TenantRegion"
277 (in the parameter "cloud-extra-info")
279 parameter "complex-name" relate to the Complex you previously declared.
281 parameter "cloud-type" take the value "openstack"
283 parameter "cloud-region-version" is refering to your Openstack version
285 parameter "cloud-extra-info" will contain the Openstack "region".
286 Here, the region ID of the deployed Openstack cloud site will be set.
288 In the following example the Openstack region has the value "TenantRegion".
290 parameter "esr-system-info-list" will contain the list of Openstack platform
291 credentials that will allow ONAP MultiCloud to communicate with the Cloud Site.
297 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName \
298 -H 'Accept: application/json' \
299 -H 'Authorization: Basic QUFJOkFBSQ==' \
300 -H 'Cache-Control: no-cache' \
301 -H 'Content-Type: application/json' \
302 -H 'Postman-Token: 8b9b95ae-91d6-4436-90fa-69cb4d2db99c' \
303 -H 'Real-Time: true' \
304 -H 'X-FromAppId: jimmy-postman' \
305 -H 'X-TransactionId: 9999' \
307 "cloud-owner": "MyCompanyName",
308 "cloud-region-id": "ONAPCloudRegionName",
309 "cloud-type": "openstack",
310 "owner-defined-type": "N/A",
311 "cloud-region-version": "pike",
312 "complex-name": "My_Complex",
313 "cloud-zone": "CloudZone",
314 "sriov-automation": false,
315 "identity-url": "WillBeUpdatedByMultiCloud",
316 "cloud-extra-info":"{\"openstack-region-id\":\"TenantRegion\"}",
317 "esr-system-info-list": {
320 "esr-system-info-id": "<random UUID, e.g. 5c85ce1f-aa78-4ebf-8d6f-4b62773e9bde>",
321 "service-url": "http://<your openstack keystone endpoint, e.g. http://10.12.25.2:5000/v3>",
322 "user-name": "<your openstack user>",
323 "password": "<your openstack password>",
324 "system-type": "VIM",
325 "ssl-insecure": false,
326 "cloud-domain": "Default",
327 "default-tenant": "<your openstack project name>",
328 "system-status": "active"
334 In this example, the cloud-region-version is set to `pike` that is the
335 Openstack pike version.
337 * Multicloud pike plugin is claimed to support Openstack pike
338 * It is possible but not guaranteed to support other Openstack version
339 (e.g. rocky) since no testing has been done by multicloud project on all
340 other Openstack versions.
341 * Whatever the Openstack version is tested against, if the cause of a bug roots
342 in Openstack pike source code, this bug shall be reported.
343 * `starlingx` is another possible version value for Openstack clouds.
345 Associate Cloud site to a Complex in ONAP AAI:
350 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName/relationship-list/relationship \
351 -H 'Accept: application/json' \
352 -H 'Authorization: Basic QUFJOkFBSQ==' \
353 -H 'Content-Type: application/json' \
354 -H 'X-FromAppId: AAI' \
355 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
356 -H 'cache-control: no-cache' \
358 "related-to": "complex",
359 "related-link": "/aai/v16/cloud-infrastructure/complexes/complex/My_Complex",
360 "relationship-data": [
362 "relationship-key": "complex.physical-location-id",
363 "relationship-value": "My_Complex"
369 Check the Cloud Site creation in ONAP AAI:
374 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions \
375 -H 'Accept: application/json' \
376 -H 'Authorization: Basic QUFJOkFBSQ==' \
377 -H 'X-FromAppId: AAI' \
378 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
379 -H 'cache-control: no-cache' -k
383 STEP 3 : Register the Cloud Site in ONAP Multicloud
384 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
389 https://msb.api.discovery.simpledemo.onap.org:30283/api/multicloud/v1/MyCompanyName/ONAPCloudRegionName/registry \
390 -H 'Accept: application/json' \
391 -H 'Cache-Control: no-cache' \
392 -H 'Content-Type: application/json' \
400 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName?depth=all \
401 -H 'Accept: application/json' \
402 -H 'Authorization: Basic QUFJOkFBSQ==' \
403 -H 'Cache-Control: no-cache' \
404 -H 'Content-Type: application/json' \
405 -H 'Real-Time: true' \
406 -H 'X-FromAppId: jimmy-postman' \
407 -H 'X-TransactionId: 9999' -k
409 The registration is successfull if at least, the field `identity-url` is
410 updated with the multicloud http url. In addition, all the cloud information
411 are loaded in AAI (Flavors, images, etc) but only
413 * if ORCHESTRATOR value is set to `multicloud` in cloud_sites database table
414 * and if the Openstack cloud is configured to support only keystone v2 or v3
415 having the version set in the service url. Multicloud pike and starlingx
416 plugins do not support an Openstack cloud that exposes both v2 and v3.
420 openstack endpoint list --service keystone
421 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+
422 | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
423 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+
424 | 53c0016ad22144b2883b3a9487206a4b | RegionOne | keystone | identity | True | public | https://specific_url:5000/v3 |
425 | 85a7a334353a4b028d8005a454b6578f | RegionOne | keystone | identity | True | admin | http://10.x.x.9:35357/v3 |
426 | 8d5274cd66884ec7b0e3edd965a53f69 | RegionOne | keystone | identity | True | internal | http://10.x.x.9:5000/v3 |
427 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+