From: Brian Freeman Date: Fri, 12 Jul 2019 02:52:46 +0000 (-0500) Subject: Update for Keystone v3 X-Git-Tag: 5.0.1-ONAP~207^2 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=acf8cd8ecb9a69399b2cece93bce54c3cff00052;p=oom.git Update for Keystone v3 Updates for new variables to init cloud in SO Issue-ID: OOM-1982 Change-Id: Icf4f6bafb1884bc3758fabe4072733526c79cc42 Signed-off-by: Brian Freeman --- diff --git a/docs/example-integration-override-v3.yaml b/docs/example-integration-override-v3.yaml new file mode 100644 index 0000000000..659389a920 --- /dev/null +++ b/docs/example-integration-override-v3.yaml @@ -0,0 +1,64 @@ +global: + repository: 10.12.5.2:5000 + pullPolicy: IfNotPresent +################################################################# +# This override file configures openstack parameters for ONAP +################################################################# +robot: + enabled: true + flavor: large + appcUsername: "appc@appc.onap.org" + appcPassword: "demo123456!" + # KEYSTONE Version 3 Required for Rocky and beyond + openStackKeystoneAPIVersion: "v3" + # OS_AUTH_URL without the /v3 from the openstack .RC file + openStackKeyStoneUrl: "http://10.12.25.2:5000" + # OS_PROJECT_ID from the openstack .RC file + openStackTenantId: "09d8566ea45e43aa974cf447ed591d77" + # OS_USERNAME from the openstack .RC file + openStackUserName: "OS_USERNAME_HERE" + # OS_PROJECT_DOMAIN_ID from the openstack .RC file + # in some environments it is a string but in other environmens it may be a numeric + openStackDomainId: "default" + # OS_USER_DOMAIN_NAME from the openstack .RC file + openStackUserDomain: "Default" + openStackProjectName: "OPENSTACK_PROJECT_NAME_HERE" + ubuntu14Image: "ubuntu-14-04-cloud-amd64" + ubuntu16Image: "ubuntu-16-04-cloud-amd64" + openStackPublicNetId: "971040b2-7059-49dc-b220-4fab50cb2ad4" + openStackPrivateNetId: "83c84b68-80be-4990-8d7f-0220e3c6e5c8" + openStackPrivateSubnetId: "e571c1d1-8ac0-4744-9b40-c3218d0a53a0" + openStackPrivateNetCidr: "10.0.0.0/16" + openStackOamNetworkCidrPrefix: "10.0" + openStackSecurityGroup: "bbe028dc-b64f-4f11-a10f-5c6d8d26dc89" + dcaeCollectorIp: "10.12.6.109" + vnfPubKey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKXDgoo3+WOqcUG8/5uUbk81+yczgwC4Y8ywTmuQqbNxlY1oQ0YxdMUqUnhitSXs5S/yRuAVOYHwGg2mCs20oAINrP+mxBI544AMIb9itPjCtgqtE2EWo6MmnFGbHB4Sx3XioE7F4VPsh7japsIwzOjbrQe+Mua1TGQ5d4nfEOQaaglXLLPFfuc7WbhbJbK6Q7rHqZfRcOwAMXgDoBqlyqKeiKwnumddo2RyNT8ljYmvB6buz7KnMinzo7qB0uktVT05FH9Rg0CTWH5norlG5qXgP2aukL0gk1ph8iAt7uYLf1ktp+LJI2gaF6L0/qli9EmVCSLr1uJ38Q8CBflhkh" + demoArtifactsVersion: "1.4.0" + demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" + scriptVersion: "1.4.0" + rancherIpAddress: "10.12.6.160" + config: + # use the python utility to encrypt the OS_PASSWORD for the OS_USERNAME + openStackEncryptedPasswordHere: "XXXXXXXXXXXXXXXXXXXXXXXX_OPENSTACK_PYTHON_PASSWORD_HERE_XXXXXXXXXXXXXXXX" + openStackSoEncryptedPassword: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY" +so: + enabled: true + so-catalog-db-adapter: + config: + openStackUserName: "OS_USERNAME_HERE" + # OS_AUTH_URL (keep the /v3) from the openstack .RC file + openStackKeyStoneUrl: "http://10.12.25.2:5000/v3" + # use the SO Java utility to encrypt the OS_PASSWORD for the OS_USERNAME + openStackEncryptedPasswordHere: "YYYYYYYYYYYYYYYYYYYYYYYY_OPENSTACK_JAVA_PASSWORD_HERE_YYYYYYYYYYYYYYYY" +appc: + enabled: true + replicaCount: 3 + config: + enableClustering: true + openStackType: "OpenStackProvider" + openStackName: "OpenStack" + openStackKeyStoneUrl: "http://10.12.25.2:5000/v3" + openStackServiceTenantName: "OPENSTACK_PROJECT_NAME_HERE" + openStackDomain: "OPEN_STACK_DOMAIN_NAME_HERE" + openStackUserName: "OS_USER_NAME_HERE" + openStackEncryptedPassword: "OPENSTACK_CLEAR_TEXT_PASSWORD_HERE" diff --git a/docs/oom_quickstart_guide.rst b/docs/oom_quickstart_guide.rst index a641fabf60..bd5e3eeee6 100644 --- a/docs/oom_quickstart_guide.rst +++ b/docs/oom_quickstart_guide.rst @@ -30,7 +30,7 @@ file like onap-all.yaml, onap-vfw.yaml or openstack.yaml file to suit your deplo OpenStack tenant information. .. note:: - Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in + Standard and example override files (e.g. onap-all.yaml, openstack.yaml) can be found in the oom/kubernetes/onap/resources/overrides/ directory. @@ -77,23 +77,65 @@ Java encryption library is not easy to integrate with openssl/python that ROBOT uses in Dublin. .. note:: - To generate SO openStackEncryptedPasswordHere : + To generate SO openStackEncryptedPasswordHere and openStackSoEncryptedPassword: + + SO_ENCRYPTION_KEY=`cat ~/oom/kubernetes/so/resources/config/mso/encryption.key` - SO_ENCRYPTION_KEY=`cat ~/oom/kubenertes/so/resources/config/mso/encrypt.key` OS_PASSWORD=XXXX_OS_CLEARTESTPASSWORD_XXXX git clone http://gerrit.onap.org/r/integration cd integration/deployment/heat/onap-rke/scripts + + javac Crypto.java + + [ if javac is not installed 'apt-get update ; apt-get install default-jdk' ] + java Crypto "$OS_PASSWORD" "$SO_ENCRYPTION_KEY" d. Update the OpenStack parameters: +There are assumptions in the demonstration VNF heat templates about the networking +available in the environment. To get the most value out of these templates and the +automation that can help confirm the setup is correct, please observe the following +constraints. + +openStackPublicNetId: + +This network should allow heat templates to add interfaces. +This need not be an external network, floating IPs can be assigned to the ports on +the VMs that are created by the heat template but its important that neutron allow +ports to be created on them. + +openStackPrivateNetCidr: "10.0.0.0/16" + +This ip address block is used to assign OA&M addresses on VNFs to allow ONAP connectivity. +The demonstration heat templates assume that 10.0 prefix can be used by the VNFs and the +demonstration ip addressing plan embodied in the preload template prevent conflicts when +instantiating the various VNFs. If you need to change this, you will need to modify the preload +data in the robot helm chart like integration_preload_parametes.py and the demo/heat/preload_data +in the robot container. The size of the CIDR should be sufficient for ONAP and the VMs you expect +to create. + +openStackOamNetworkCidrPrefix: "10.0" + +This ip prefix mush match the openStackPrivateNetCidr and is a helper variable to some of the +robot scripts for demonstration. A production deployment need not worry about this +setting but for the demonstration VNFs the ip asssignment strategy assumes 10.0 ip prefix. + + +Example Keystone v2.0 .. literalinclude:: example-integration-override.yaml :language: yaml +Example Keystone v3 (required for Rocky and later releases) +.. literalinclude:: example-integration-override-v3.yaml + :language: yaml + + + **Step 4.** To setup a local Helm server to server up the ONAP charts:: > helm serve & diff --git a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py index 9cc30319c7..16b13d976a 100644 --- a/kubernetes/robot/resources/config/eteshare/config/vm_properties.py +++ b/kubernetes/robot/resources/config/eteshare/config/vm_properties.py @@ -20,9 +20,11 @@ GLOBAL_INJECTED_AAI2_IP_ADDR = 'N/A' GLOBAL_INJECTED_APPC_IP_ADDR = 'appc.{{include "common.namespace" .}}' GLOBAL_INJECTED_APPC_CDT_IP_ADDR = 'appc-cdt.{{include "common.namespace" .}}' GLOBAL_INJECTED_ARTIFACTS_VERSION = '{{.Values.demoArtifactsVersion}}' +GLOBAL_INJECTED_ARTIFACTS_REPO_URL = "{{ .Values.demoArtifactsRepoUrl }}" GLOBAL_INJECTED_CLAMP_IP_ADDR = 'clamp.{{include "common.namespace" .}}' GLOBAL_INJECTED_CLI_IP_ADDR = 'cli.{{include "common.namespace" .}}' GLOBAL_INJECTED_CLOUD_ENV = 'openstack' +GLOBAL_INJECTED_DCAE_COLLECTOR_IP = "{{ .Values.dcaeCollectorIp }}" GLOBAL_INJECTED_DCAE_IP_ADDR = 'dcae-healthcheck.{{include "common.namespace" .}}' GLOBAL_INJECTED_DCAE_VES_HOST = 'dcae-ves-collector.{{include "common.namespace" .}}' GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR = 'dmaap-dr-prov.{{include "common.namespace" .}}' @@ -64,6 +66,7 @@ GLOBAL_INJECTED_OPENSTACK_TENANT_ID = '{{ .Values.openStackTenantId }}' GLOBAL_INJECTED_OPENSTACK_USERNAME = '{{ .Values.openStackUserName }}' GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME = '{{ .Values.openStackProjectName }}' GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID = '{{ .Values.openStackDomainId }}' +GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN = '{{ .Values.openStackUserDomain }}' GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION = '{{ .Values.openStackKeystoneAPIVersion }}' GLOBAL_INJECTED_REGION_THREE = '{{ .Values.openStackRegionRegionThree }}' GLOBAL_INJECTED_KEYSTONE_REGION_THREE = '{{ .Values.openStackKeyStoneUrlRegionThree }}' @@ -71,11 +74,15 @@ GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION_REGION_THREE = '{{ .Values.openSt GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE = '{{ .Values.openStackUserNameRegionThree }}' GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE = '{{ .Values.openStackPasswordRegionThree }}' GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE = '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}' +GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD = '{{ .Values.config.openStackSoEncryptedPassword}}' GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE = '{{ .Values.openStackTenantIdRegionThree }}' GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE = '{{ .Values.openStackProjectNameRegionThree }}' GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE = '{{ .Values.openStackDomainIdRegionThree }}' GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX = '{{ .Values.openStackOamNetworkCidrPrefix }}' GLOBAL_INJECTED_OPENSTACK_PUBLIC_NETWORK = 'public' +GLOBAL_INJECTED_OPENSTACK_SECURITY_GROUP = '{{ .Values.openStackSecurityGroup }}' +GLOBAL_INJECTED_OPENSTACK_PRIVATE_SUBNET_ID = "{{ .Values.openStackPrivateSubnetId }}" +GLOBAL_INJECTED_OPENSTACK_PRIVATE_NET_CIDR = "{{ .Values.openStackPrivateNetCidr }}" GLOBAL_INJECTED_POLICY_IP_ADDR = 'pdp.{{include "common.namespace" .}}' GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR = 'drools.{{include "common.namespace" .}}' GLOBAL_INJECTED_PORTAL_IP_ADDR = 'portal-app.{{include "common.namespace" .}}' @@ -85,6 +92,7 @@ GLOBAL_INJECTED_POLICY_DISTRIBUTION_IP_ADDR = 'policy-distribution.{{include "co GLOBAL_INJECTED_POLICY_PDPX_IP_ADDR = 'policy-xacml-pdp.{{include "common.namespace" .}}' GLOBAL_INJECTED_POLICY_APEX_PDP_IP_ADDR = 'policy-apex-pdp.{{include "common.namespace" .}}' GLOBAL_INJECTED_PUBLIC_NET_ID = '{{ .Values.openStackPublicNetId }}' +GLOBAL_INJECTED_PUBLIC_KEY = "{{ .Values.vnfPubKey }}" GLOBAL_INJECTED_REGION = '{{ .Values.openStackRegion }}' GLOBAL_INJECTED_SCRIPT_VERSION = '{{ .Values.scriptVersion }}' GLOBAL_INJECTED_SDC_BE_IP_ADDR = 'sdc-be.{{include "common.namespace" .}}' @@ -117,9 +125,11 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_APPC_IP_ADDR" : 'appc.{{include "common.namespace" .}}', "GLOBAL_INJECTED_APPC_CDT_IP_ADDR" : 'appc-cdt.{{include "common.namespace" .}}', "GLOBAL_INJECTED_ARTIFACTS_VERSION" : '{{.Values.demoArtifactsVersion}}', + "GLOBAL_INJECTED_ARTIFACTS_REPO_URL" : "{{ .Values.demoArtifactsRepoUrl }}", "GLOBAL_INJECTED_CLAMP_IP_ADDR" : 'clamp.{{include "common.namespace" .}}', "GLOBAL_INJECTED_CLI_IP_ADDR" : 'cli.{{include "common.namespace" .}}', "GLOBAL_INJECTED_CLOUD_ENV" : 'openstack', + "GLOBAL_INJECTED_DCAE_COLLECTOR_IP" : "{{ .Values.dcaeCollectorIp }}", "GLOBAL_INJECTED_DCAE_IP_ADDR" : 'dcae-healthcheck.{{include "common.namespace" .}}', "GLOBAL_INJECTED_DCAE_VES_HOST" : 'dcae-ves-collector.{{include "common.namespace" .}}', "GLOBAL_INJECTED_DMAAP_DR_PROV_IP_ADDR" : 'dmaap-dr-prov.{{include "common.namespace" .}}', @@ -157,6 +167,7 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_OPENSTACK_USERNAME" : '{{ .Values.openStackUserName }}', "GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME" : '{{ .Values.openStackProjectName }}', "GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID" : '{{ .Values.openStackDomainId }}', + "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN" : '{{ .Values.openStackUserDomain }}', "GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION" : '{{ .Values.openStackKeystoneAPIVersion }}', "GLOBAL_INJECTED_REGION_THREE" : '{{ .Values.openStackRegionRegionThree }}', "GLOBAL_INJECTED_KEYSTONE_REGION_THREE" : '{{ .Values.openStackKeyStoneUrlRegionThree }}', @@ -164,11 +175,15 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_OPENSTACK_USERNAME_REGION_THREE" : '{{ .Values.openStackUserNameRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_PASSWORD_REGION_THREE" : '{{ .Values.openStackPasswordRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_MSO_ENCRYPTED_PASSWORD_REGION_THREE" : '{{ .Values.openSackMsoEncryptdPasswordRegionThree }}', + "GLOBAL_INJECTED_OPENSTACK_SO_ENCRYPTED_PASSWORD" : '{{ .Values.config.openStackSoEncryptedPassword}}', "GLOBAL_INJECTED_OPENSTACK_TENANT_ID_REGION_THREE" : '{{ .Values.openStackTenantIdRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_PROJECT_DOMAIN_REGION_THREE" : '{{ .Values.openStackProjectNameRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN_REGION_THREE" : '{{ .Values.openStackDomainIdRegionThree }}', "GLOBAL_INJECTED_OPENSTACK_OAM_NETWORK_CIDR_PREFIX" : '{{ .Values.openStackOamNetworkCidrPrefix }}', "GLOBAL_INJECTED_OPENSTACK_PUBLIC_NETWORK" : 'public', + "GLOBAL_INJECTED_OPENSTACK_SECURITY_GROUP": '{{ .Values.openStackSecurityGroup }}', + "GLOBAL_INJECTED_OPENSTACK_PRIVATE_SUBNET_ID" : "{{ .Values.openStackPrivateSubnetId }}", + "GLOBAL_INJECTED_OPENSTACK_PRIVATE_NET_CIDR" : "{{ .Values.openStackPrivateNetCidr }}", "GLOBAL_INJECTED_POLICY_IP_ADDR" : 'pdp.{{include "common.namespace" .}}', "GLOBAL_INJECTED_POLICY_HEALTHCHECK_IP_ADDR" : 'drools.{{include "common.namespace" .}}', "GLOBAL_INJECTED_POLICY_API_IP_ADDR" : 'policy-api.{{include "common.namespace" .}}', @@ -178,6 +193,7 @@ GLOBAL_INJECTED_PROPERTIES = { "GLOBAL_INJECTED_POLICY_APEX_PDP_IP_ADDR" : 'policy-apex-pdp.{{include "common.namespace" .}}', "GLOBAL_INJECTED_PORTAL_IP_ADDR" : 'portal-app.{{include "common.namespace" .}}', "GLOBAL_INJECTED_PUBLIC_NET_ID" : '{{ .Values.openStackPublicNetId }}', + "GLOBAL_INJECTED_PUBLIC_KEY" : "{{ .Values.vnfPubKey }}", "GLOBAL_INJECTED_REGION" : '{{ .Values.openStackRegion }}', "GLOBAL_INJECTED_SDC_BE_IP_ADDR" : 'sdc-be.{{include "common.namespace" .}}', "GLOBAL_INJECTED_SDC_BE_ONBOARD_IP_ADDR" : 'sdc-onboarding-be.{{include "common.namespace" .}}', diff --git a/kubernetes/robot/values.yaml b/kubernetes/robot/values.yaml index 65da947c95..5443771e9b 100644 --- a/kubernetes/robot/values.yaml +++ b/kubernetes/robot/values.yaml @@ -37,6 +37,7 @@ config: # openStackEncryptedPasswordHere should match the encrypted string used in SO and APPC and overridden per environment openStackEncryptedPasswordHere: "c124921a3a0efbe579782cde8227681e" + openStackSoEncryptedPassword: "SAME_STRING_AS_SO_JAVA_ENCRYPTED_PASSWORD" # Demo configuration # Nexus demo artifact version. Maps to GLOBAL_INJECTED_ARTIFACTS_VERSION @@ -45,24 +46,46 @@ demoArtifactsVersion: "1.4.0" demoArtifactsRepoUrl: "https://nexus.onap.org/content/repositories/releases" # Openstack medium sized flavour name. Maps GLOBAL_INJECTED_VM_FLAVOR openStackFlavourMedium: "m1.medium" + +################# Openstack .RC Parameters ################################333 +# KEYSTONE Version 3 Required for Rocky and beyond +# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION +openStackKeystoneAPIVersion: "v2.0" + +# OS_AUTH_URL without the /v3 or /v2.0 from the openstack .RC file # Openstack keystone URL. Maps to GLOBAL_INJECTED_KEYSTONE openStackKeyStoneUrl: "http://1.2.3.4:5000" + +# OS_PROJECT_ID from the openstack .RC file +# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID +openStackTenantId: "47899782ed714295b1151681fdfd51f5" + +# OS_PROJECT_NAME from the openstack .RC file +# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME +openStackProjectName: "onap" + +# OS_USERNAME from the openstack .RC file +# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME +openStackUserName: "tenantUsername" + +# OS_PROJECT_DOMAIN_ID from the openstack .RC file +# in some environments it is a string but in other environmens it may be a numeric +# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID +openStackDomainId: "default" + +# OS_USER_DOMAIN from the openstack .RC file +# Use Domain of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_USER_DOMAIN +openStackUserDomain: "Default" + + # UUID of the Openstack network that can assign floating ips. Maps to GLOBAL_INJECTED_PUBLIC_NET_ID openStackPublicNetId: "e8f51958045716781ffc" # password for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PASSWORD openStackPassword: "tenantPassword" # Openstack region. Maps to GLOBAL_INJECTED_REGION openStackRegion: "RegionOne" -# Openstack tenant UUID where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_TENANT_ID -openStackTenantId: "47899782ed714295b1151681fdfd51f5" -# username for Openstack tenant where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_USERNAME -openStackUserName: "tenantUsername" -# Project name of Openstack where VNFs will be spawned. Maps to GLOBAL_INJECTED_OPENSTACK_PROJECT_NAME -openStackProjectName: "onap" -# Domain id of openstack where VNFs will be deployed. Maps to GLOBAL_INJECTED_OPENSTACK_DOMAIN_ID -openStackDomainId: "Default" -# Openstack Keystone API version. Valid values are [ v2.0, v3 ]. Maps to GLOBAL_INJECTED_OPENSTACK_KEYSTONE_API_VERSION -openStackKeystoneAPIVersion: "v2.0" + + # Values for second cloud instante for VNF instantiatioen testing and keystone v3 openStackRegionRegionThree: "RegionThree" openStackKeyStoneUrlRegionThree: "http://1.2.3.4:5000"