-**Step 2.** Customize the onap/values.yaml file to suit your deployment. You
-may want to selectively enable or disable ONAP components by changing the
-`enabled: true/false` flags as shown below:
-
-.. code-block:: yaml
-
- #################################################################
- # Global configuration overrides.
- #
- # These overrides will affect all helm charts (ie. applications)
- # that are listed below and are 'enabled'.
- #################################################################
- global:
- # Change to an unused port prefix range to prevent port conflicts
- # with other instances running within the same k8s cluster
- nodePortPrefix: 302
-
- # image repositories
- repository: nexus3.onap.org:10001
- repositorySecret: eyJuZXh1czMub25hcC5vcmc6MTAwMDEiOnsidXNlcm5hbWUiOiJkb2NrZXIiLCJwYXNzd29yZCI6ImRvY2tlciIsImVtYWlsIjoiQCIsImF1dGgiOiJaRzlqYTJWeU9tUnZZMnRsY2c9PSJ9fQ==
- # readiness check
- readinessRepository: oomk8s
- # logging agent
- loggingRepository: docker.elastic.co
-
- # image pull policy
- pullPolicy: Always
-
- # default mount path root directory referenced
- # by persistent volumes and log files
- persistence:
- mountPath: /dockerdata-nfs
-
- # flag to enable debugging - application support required
- debugEnabled: false
-
- #################################################################
- # Enable/disable and configure helm charts (ie. applications)
- # to customize the ONAP deployment.
- #################################################################
- aaf:
- enabled: true
- aai:
- enabled: true
- appc:
- enabled: true
- clamp:
- enabled: true
- cli:
- enabled: true
- consul: # Consul Health Check Monitoring
- enabled: true
- dcaegen2:
- enabled: true
- esr:
- enabled: true
- log:
- enabled: true
- message-router:
- enabled: true
- mock:
- enabled: true
- msb:
- enabled: true
- multicloud:
- enabled: true
- policy:
- enabled: true
- portal:
- enabled: true
- robot: # Robot Health Check
- enabled: true
- sdc:
- enabled: true
- sdnc:
- enabled: true
- so: # Service Orchestrator
- enabled: true
-
- replicaCount: 1
-
- liveness:
- # necessary to disable liveness probe when setting breakpoints
- # in debugger so K8s doesn't restart unresponsive container
- enabled: true
-
- # so server configuration
- config:
- # message router configuration
- dmaapTopic: "AUTO"
- # openstack configuration
- openStackUserName: "vnf_user"
- openStackRegion: "RegionOne"
- openStackKeyStoneUrl: "http://1.2.3.4:5000"
- openStackServiceTenantName: "service"
- openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e"
-
- # configure embedded mariadb
- mariadb:
- config:
- mariadbRootPassword: password
- uui:
- enabled: true
- vfc:
- enabled: true
- vid:
- enabled: true
- vnfsdk:
- enabled: true
-
-**Step 3.** To setup a local Helm server to server up the ONAP charts::
+ > sudo cp -R ~/oom/kubernetes/helm/plugins/ ~/.helm
+
+
+**Step 3.** Customize the helm charts like oom/kubernetes/onap/values.yaml or an override
+file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deployment with items like the
+OpenStack tenant information.
+
+.. note::
+ Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in
+ the oom/kubernetes/onap/resources/overrides/ directory.
+
+
+ a. You may want to selectively enable or disable ONAP components by changing
+ the `enabled: true/false` flags.
+
+
+ b. Encyrpt the OpenStack password using the shell tool for robot and put it in
+ the robot helm charts or robot section of openstack.yaml
+
+
+ c. Encrypt the OpenStack password using the java based script for SO helm charts
+ or SO section of openstack.yaml.
+
+
+ d. Update the OpenStack parameters that will be used by robot, SO and APPC helm
+ charts or use an override file to replace them.
+
+
+
+
+a. Enabling/Disabling Components:
+Here is an example of the nominal entries that need to be provided.
+We have different values file available for different contexts.
+
+.. literalinclude:: onap-values.yaml
+ :language: yaml
+
+
+b. Generating ROBOT Encrypted Password:
+The ROBOT encrypted Password uses the same encryption.key as SO but an
+openssl algorithm that works with the python based Robot Framework.
+
+.. note::
+ To generate ROBOT openStackEncryptedPasswordHere :
+
+ ``cd so/resources/config/mso/``
+
+ ``/oom/kubernetes/so/resources/config/mso# echo -n "<openstack tenant password>" | openssl aes-128-ecb -e -K `cat encryption.key` -nosalt | xxd -c 256 -p``
+
+c. Generating SO Encrypted Password:
+The SO Encrypted Password uses a java based encryption utility since the
+Java encryption library is not easy to integrate with openssl/python that
+ROBOT uses in Dublin.
+
+.. note::
+ To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword:
+
+ SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key`
+
+ OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX
+
+ git clone http://gerrit.onap.org/r/integration
+
+ cd integration/deployment/heat/onap-rke/scripts
+
+
+ javac Crypto.java
+
+ [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ]
+
+ java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY"
+
+
+d. Update the OpenStack parameters:
+
+There are assumptions in the demonstration VNF heat templates about the networking
+available in the environment. To get the most value out of these templates and the
+automation that can help confirm the setup is correct, please observe the following
+constraints.
+
+openStackPublicNetId:
+
+This network should allow heat templates to add interfaces.
+This need not be an external network, floating IPs can be assigned to the ports on
+the VMs that are created by the heat template but its important that neutron allow
+ports to be created on them.
+
+openStackPrivateNetCidr: "10.0.0.0/16"
+
+This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity.
+The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the
+demonstration ip addressing plan embodied in the preload template prevent conflicts when
+instantiating the various VNFs. If you need to change this, you will need to modify the preload
+data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data
+in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect
+to create.
+
+openStackOamNetworkCidrPrefix: "10.0"
+
+This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the
+robot scripts for demonstration. A production deployment need not worry about this
+setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix.
+
+
+Example Keystone v2.0
+.. literalinclude:: example-integration-override.yaml
+ :language: yaml
+
+Example Keystone v3 (required for Rocky and later releases)
+.. literalinclude:: example-integration-override-v3.yaml
+ :language: yaml
+
+
+
+**Step 4.** To setup a local Helm server to server up the ONAP charts::