1 .. This work is licensed under a Creative Commons Attribution 4.0
2 .. International License. http://creativecommons.org/licenses/by/4.0
3 .. Copyright © 2017-2020 Aarna Networks, Inc.
8 The instructions in this section will enable you to design the vFW Control Loop. The prerequisite for this tutorial is that the
9 vFW_service design/deployment/instantiation should be completed.
14 This section describes the vFW control loop flow and the modules involved. Following is the list of modules
15 that are involved in designing and deploying the vFW CL
17 1) SDC: The first step of the procedure is to distribute the DCAE (TCA microservice) blueprint. That is done through ONAP SDC.
18 2) CLAMP: This is a tool for designing the policy and configuring the TCA threshold. CLAMP, along with DCAE, can also be used
19 to manage the lifecycle of CLs
20 3) DCAE (platform and micro services): Multiple components of the DCAE module get involved in the overall lifecycle of the CL.
21 4) TCA: The CDAP threshold controlling application is a DCAE microservice.
22 5) ONAP Policy engine: The output of DCAE is sent to the Policy engine as an input event. We will use the DROOLS Policy engine.
23 6) APPC : The last hop in the CL, which takes the config action on the vPG on the output of the Policy engine.
25 Distribute DCAE blueprints
26 ==========================
28 In order to distribute the DCAE microservice blueprints we need to create a dummy service. The DCAE blueprint will be added as an artifact
29 to the VF inside the service during service composition time.
31 Follow the below steps to upload the blueprint for the TCA (Threshold Checking Application) DCAE microservice and Distribute the service to the CLAMP
33 The following screenshot of the setup shows where “dcae_service” has been created and is in the composition phase.
36 The service name should not contain any spaces. The DCAE policy fails to fetch the service from PDP if the name has a space.
37 For example ‘dcae1’ will work and ‘dcae 1’ will not.
39 1. Login as DESIGNER (cs0008) and create the service, checkin and certify
43 2. Add any VNF (ex: vfw_pg) that was already created during the SDC design phase
45 In the composition canvas drag and drop a resource of type VF from the abstract section in the Elements section (left hand side panel)
49 3. Download the required DCAE MS blueprint to be attached to the service
51 Use the sample TCA blueprint located here:
52 https://git.onap.org/dcaegen2/platform/blueprints/tree/blueprints/k8s-tcagen2-clampnode.yaml
55 * Check if the version of the plugin used in the blueprint is different from existing, then update the blueprint import to match
56 * To check the version run this: `cfy plugins list | grep k8splugin`
58 4. Now upload the Control Loop Artifact. The procedure to upload the artifact is
60 * Click on the VF, as in the picture above the ‘vsp_pg 0’ is selected
61 * Click on ‘DEPLOYMENT ARTIFACTS’ and then click on “Add Artifact”
65 * Fill the details and in the type select DCAE_INVENTORY_BLUEPRINT, then click on Done as in the picture shown below
69 5. After uploading the DCAE artifact to the SDC Service, attach the policy model to the Service. From the left drop down,
70 select TCA policy under Policies, and click on the Add policy
74 6. Click on Checkin on top right corner then click OK
78 7. Search and select the same service from CATALOG and click on Certify on top right corner
82 8. Click Distribute to distribute the service, then click on Distribution in the left hand side panel and monitor until
83 the distribution is complete. We should see artifacts deployed in CLAMP and Policy engine, as can be seen in the picture below
87 At this point we can open the CLAMP GUI and verify that the DCAE microservice design template is in place
89 DCAE MS design in CLAMP
90 =======================
92 CLAMP is a GUI tool which enables the users to design the policies, distribute them to the DROOLS engine and eventually deploy
93 the DCAE microservices. In this section we are going to design, distribute and deploy the BRMS (DROOLS) and TCA policy.
95 Clamp uses AAF to authenticate the user and get the different permissions. In order to access the CLAMP GUI we will need to add the certificate.
97 1. Add the necessary certificates in the browser
99 The default certificate can be found here: https://gerrit.onap.org/r/gitweb?p=clamp.git;a=blob;f=src/main/resources/clds/aaf/org.onap.clamp.p12;h=268aa1a3ce56e01448f8043cc0b05b5fceb5a47d;hb=HEAD
101 The password is: "China in the Spring"
102 The certificate must be loaded into your favorite browser before trying to load the CLAMP UI.
104 Ex: In case of Firefox browser, below is the procedure on how to add the certificate
106 Open firefox browser and go to Preferences and search for Certificate Manager and Select “View Certificates“ button.
107 This will open the following dialog to import certificate files from Your certificates menu.
109 You need to go in options->Privacy & Security-> Scroll down to Certificates options a View Certificates Button
110 and then Your certificates Tab -> Then Import button
114 2. After the certificate is added, the CLAMP GUI can be accessed at:
115 `https://<host_IP>:30258` (host_IP is the node IP where CLAMP is running)
117 3. Before designing the policy we need to undeploy the default tca policy.
118 To undeploy default policy execute the below commands on control node
122 > kubectl get deployments -n onap | grep "dep-dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' |
123 xargs kubectl delete deployments -n onap
124 > kubectl get svc -n onap | grep "dcae-tca-analytics\|dcaegen2-analytics-tca" | awk '{print $1}' |
125 xargs kubectl delete svc -n onap
126 To Verify there are no dcae-analytics POD, run the below command
127 > kubectl get pods -n onap | grep 'analytics'
129 4. If the service has been distributed correctly, following is how the service design templates
130 listed in the Loop Templates as below
134 Available Policy Models
138 5. Create the loop from the templates distributed by SDC
144 6. Add the Operational Policy
145 Click on Loop Instance drop down and select Modify then click, select the policy model type then click Add
151 7. Click on the MS application box and configure
152 Fill the details in the pop up window and click on the save changes button.
154 A. Click on app and Edit the Policy details, fill the below details
156 * eventName: vFirewallBroadcastPackets
158 * policyVersion: v0.0.1
159 * Select controlLoopSchemaType as VM
160 * policyName: DCAE.Config_tca-hi-lo
161 * Select Pdp Group Info from the drop down as defaultGroup & xacm
165 B. Click on the Add monitoring threshold1 button and fill the below details
168 * closedLoopControlName : name of the CL (ex: LOOP_TEMPLATE_mytest_srv_v1_0_vsp_pg0_k8s-tca)
169 * select the direction from dropdown (ex: LESS)
173 C. Click on the Add monitoring threshold2 button and fill the details same as above then click on Save Changes button
177 8. Click on the Operational policy box and configure
178 Fill the details in the pop window then click on save changes
184 9. Submit the control loop to the policy
185 From Loop Operations drop down select SUBMIT and click
189 10. Deploy the control loop to DCAE
190 From Loop Operations drop down select DEPLOY and click, verify the details and click Deploy
200 A successful deployment will make the service as DEPLOYED
202 11. You can login into the control node and verify whether your new analytics application got deployed using below command
206 > kubectl get pods -n onap | grep analytics
208 dep-dcae-tca-analytics-7fccbf459-xkxlq 2/2 Running 0 6m15s
210 > cfy deployment list | grep CLAMP
212 | CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | CLAMP_615bb47a-ea3e-4a02-8928-0564df900826 | 2020-11-10 19:23:22.286 |
213 2020-11-10 19:23:22.286 | tenant | default_tenant | admin |
216 .. |image16| image:: media/image16.png
217 .. |image15| image:: media/image15.png
218 .. |image5| image:: media/image5.png
219 .. |image13| image:: media/image13.png
220 .. |image1| image:: media/image1.png
221 .. |image12| image:: media/image12.png
222 .. |image14| image:: media/image14.png
223 .. |image19| image:: media/image19.png
224 .. |image6| image:: media/image6.png
225 .. |image7| image:: media/image7.png
226 .. |image10| image:: media/image10.png
227 .. |image4| image:: media/image4.png
228 .. |image20| image:: media/image20.png
229 .. |image9| image:: media/image9.png
230 .. |image3| image:: media/image3.png
231 .. |image17| image:: media/image17.png
232 .. |image11| image:: media/image11.png
233 .. |image24| image:: media/image24.png
234 .. |image22| image:: media/image22.png
235 .. |image18| image:: media/image18.png
236 .. |image23| image:: media/image23.png
237 .. |image2| image:: media/image2.png
238 .. |image8| image:: media/image8.png
239 .. |image21| image:: media/image21.png