1 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
2 .. http://creativecommons.org/licenses/by/4.0
7 VESCollector is installed via cloudify blueprint by DCAE bootstrap process on typical ONAP installation.
8 As the service is containerized, it can be started on stand-alone mode also.
11 To run VES Collector container on standalone mode, following parameters are required
13 ``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.4.5``
16 DMAAPHOST is required for standalone; for normal platform installed instance the publish URL are obtained from Consul. Below parameters are exposed for DCAE platform (cloudify) deployed instance
20 - DMAAPHOST - should contain an address to DMaaP, so that event publishing can work
21 - CBSPOLLTIMER - it should be put in here if we want to automatically fetch configuration from CBS.
22 - CONSUL_PROTOCOL - Consul protocol by default set to **http**, if it is need to change it then that can be set to different value
23 - CONSUL_HOST - used with conjunction with CBSPOLLTIMER, should be a host address (without port! e.g my-ip-or-host) where Consul service lies
24 - CBS_PROTOCOL - Config Binding Service protocol by default set to **http**, if it is need to change it then that can be set to different value
25 - CONFIG_BINDING_SERVICE - used with conjunction with CBSPOLLTIMER, should be a name of CBS as it is registered in Consul
26 - HOSTNAME - used with conjunction with CBSPOLLTIMER, should be a name of VESCollector application as it is registered in CBS catalog
28 These parameters can be configured either by passing command line option during `docker run` call or by specifying environment variables named after command line option name
31 Authentication Support
32 ----------------------
34 VES Collector support following authentication types
36 * *auth.method=noAuth* default option - no security (http)
37 * *auth.method=certOnly* is used to enable mutual TLS authentication (https)
38 * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication
39 * *auth.method=basicAuth* is used to enable basic HTTPs authentication
41 Default ONAP deployed VESCOllector is configured for "noAuth". If VESCollector instance need to be deployed with authentication enabled, follow below setup
44 - Update existing VESCollector deployment to remove nodeport conflict by editing service definition
47 kubectl edit svc -n onap xdcae-ves-collector
49 and remove following entry and save the changes; K8S will update the service definition default VES instance
59 - Execute into Bootstrap POD using kubectl command
61 - Copy blueprint content into DCAE bootstrap POD under /blueprints directory under same file name.
69 # ============LICENSE_START====================================================
70 # =============================================================================
71 # Copyright (c) 2019 AT&T Intellectual Property. All rights reserved.
72 # =============================================================================
73 # Licensed under the Apache License, Version 2.0 (the "License");
74 # you may not use this file except in compliance with the License.
75 # You may obtain a copy of the License at
77 # http://www.apache.org/licenses/LICENSE-2.0
79 # Unless required by applicable law or agreed to in writing, software
80 # distributed under the License is distributed on an "AS IS" BASIS,
81 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
82 # See the License for the specific language governing permissions and
83 # limitations under the License.
84 # ============LICENSE_END======================================================
86 tosca_definitions_version: cloudify_dsl_1_3
89 - "http://www.getcloudify.org/spec/cloudify/3.4/types.yaml"
90 - https://nexus.onap.org/service/local/repositories/raw/content/org.onap.dcaegen2.platform.plugins/R4/k8splugin/1.4.13/k8splugin_types.yaml
93 ves_other_publish_url:
95 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.SEC_OTHER_OUTPUT"
96 ves_heartbeat_publish_url:
98 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.SEC_HEARTBEAT_OUTPUT"
99 ves_fault_publish_url:
101 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.SEC_FAULT_OUTPUT"
102 ves_measurement_publish_url:
104 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_MEASUREMENT_OUTPUT"
105 ves_notification_publish_url:
107 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_NOTIFICATION_OUTPUT"
108 ves_pnfRegistration_publish_url:
110 default: "http://message-router.onap.svc.cluster.local:3904/events/unauthenticated.VES_PNFREG_OUTPUT"
113 default: "nexus3.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.4.5"
116 description: Kubernetes node port on which collector is exposed
120 description: Kubernetes node port on which collector is exposed for https
124 description: number of instances
129 cloudify.interfaces.lifecycle:
133 - concat: ["8443:", { get_input: external_tls_port }]
136 collector.dmaap.streamid: fault=ves-fault|syslog=ves-syslog|heartbeat=ves-heartbeat|measurementsForVfScaling=ves-measurement|measurement=ves-measurement|mobileFlow=ves-mobileflow|other=ves-other|stateChange=ves-statechange|thresholdCrossingAlert=ves-thresholdCrossingAlert|voiceQuality=ves-voicequality|sipSignaling=ves-sipsignaling|notification=ves-notification|pnfRegistration=ves-pnfRegistration
137 collector.keystore.file.location: /opt/app/VESCollector/etc/keystore
138 collector.keystore.passwordfile: /opt/app/VESCollector/etc/passwordfile
139 collector.schema.checkflag: "1"
140 collector.schema.file: "{\"v1\":\"./etc/CommonEventFormat_27.2.json\",\"v2\":\"./etc/CommonEventFormat_27.2.json\",\"v3\":\"./etc/CommonEventFormat_27.2.json\",\"v4\":\"./etc/CommonEventFormat_27.2.json\",\"v5\":\"./etc/CommonEventFormat_28.4.1.json\",\"v7\":\"./etc/CommonEventFormat_30.0.1.json\"}"
141 collector.service.port: "8080"
142 collector.service.secure.port: "8443"
143 event.transform.flag: "0"
144 auth.method: certBasicAuth
145 header.authlist: "sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6"
150 get_input: ves_fault_publish_url
155 get_input: ves_measurement_publish_url
160 get_input: ves_notification_publish_url
165 get_input: ves_pnfRegistration_publish_url
170 get_input: ves_heartbeat_publish_url
175 get_input: ves_other_publish_url
177 collector.dynamic.config.update.frequency: "5"
180 # endpoint: /healthcheck
185 get_input: tag_version
186 replicas: {get_input: replicas}
187 name: 'dcae-ves-collector-tls'
188 dns_name: 'dcae-ves-collector-tls'
190 log_directory: "/opt/app/VESCollector/logs/ecomp"
191 type: dcae.nodes.ContainerizedPlatformComponent
198 cfy blueprints validate /blueprints/k8s-ves-tls.yaml
203 cfy install -b ves-tls -d ves-tls /blueprints/k8s-ves-tls.yaml
205 To undeploy ves-tls, steps are noted below
207 - Uninstall running ves-tls and delete deployment
210 cfy uninstall ves-tls
212 The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below
213 ** An error occurred on the server: 400: Can't delete blueprint ves-tls - There exist deployments for this blueprint; Deployments ids: ves-tls**
215 In this case blueprint can be deleted explicitly using this command.
219 cfy blueprint delete ves-tls
221 Known Issue : When VESCollector is required to be deployed with authentication enabled *auth.method=certOnly* or *auth.method: certBasicAuth* or *auth.method: basicAuth*
222 the blueprint currently disables healthcheck parameters configuration (below). This causes no readiness probe to be deployed in K8S when VES Collector is deployed with authentication enabled.
229 endpoint: /healthcheck
235 The healthcheck support when VESauthentication is enabled needs a different solution to be worked. This will be worked as future enhancement (DCAEGEN2-1594)