From c97a158cd9d1e85d8daeae24f8f609dbe8487cdc Mon Sep 17 00:00:00 2001 From: Krzysztof Kuzmicki Date: Mon, 19 Apr 2021 09:11:00 +0200 Subject: [PATCH] Add additional information to DCAEGEN notes Add additional information to DCAEGEN notes how to deploy VES Collector with attached dcae-external-repo-configmap-sa88-rel16 config map Issue-ID: DCAEGEN2-2550 Signed-off-by: Krzysztof Kuzmicki Change-Id: I866cb3415b64b5beba3622e84478821370d2d8ca --- docs/sections/services/ves-http/installation.rst | 239 +++++++++++++++-------- docs/sections/services/ves-hv/installation.rst | 4 +- 2 files changed, 159 insertions(+), 84 deletions(-) diff --git a/docs/sections/services/ves-http/installation.rst b/docs/sections/services/ves-http/installation.rst index e31348cf..156427af 100644 --- a/docs/sections/services/ves-http/installation.rst +++ b/docs/sections/services/ves-http/installation.rst @@ -1,82 +1,157 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. _ves-installation: - - -Installation -============ - -VESCollector is installed via cloudify blueprint by DCAE bootstrap process on typical ONAP installation. -As the service is containerized, it can be started on stand-alone mode also. - - -To run VES Collector container on standalone mode, following parameters are required - - ``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9`` - - -DMAAPHOST is required for standalone; for normal platform installed instance the publish URL are obtained from Consul. Below parameters are exposed for DCAE platform (cloudify) deployed instance - - -- COLLECTOR_IP -- DMAAPHOST - should contain an address to DMaaP, so that event publishing can work -- CONFIG_BINDING_SERVICE - should be a name of CBS -- CONFIG_BINDING_SERVICE_SERVICE_PORT - should be a http port of CBS -- HOSTNAME - should be a name of VESCollector application as it is registered in CBS catalog - -These parameters can be configured either by passing command line option during `docker run` call or by specifying environment variables named after command line option name - - -Authentication Support ----------------------- - -VES Collector support following authentication types - - * *auth.method=noAuth* default option - no security (http) - * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication - -The blueprint is same for both deployments - based on the input configuration, VESCollector can be set for required authentication type. -Default ONAP deployed VESCollector is configured for "certBasicAuth". - -If VESCollector instance need to be deployed with authentication disabled, follow below setup - - -- Execute into Bootstrap POD using kubectl command - .. note:: - For doing this, follow the below steps - - * First get the bootstrap pod name by running run this: kubectl get pods -n onap | grep bootstrap - * Then login to bootstrap pod by running this: kubectl exec -it bash -n onap - -- VES blueprint is available under /blueprints directory ``k8s-ves.yaml``. A corresponding input file is also pre-loaded into bootstrap pod under /inputs/k8s-ves-inputs.yaml - -- Deploy blueprint - .. code-block:: bash - - cfy install -b ves-http -d ves-http -i /inputs/k8s-ves-inputs.yaml /blueprints/k8s-ves.yaml - -To undeploy ves-http, steps are noted below - -- Uninstall running ves-http and delete deployment - .. code-block:: bash - - cfy uninstall ves-http - -The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below -** An error occurred on the server: 400: Can't delete blueprint ves-http - There exist deployments for this blueprint; Deployments ids: ves-http** - -In this case blueprint can be deleted explicitly using this command. - - .. code-block:: bash - - cfy blueprint delete ves-http - -Using external TLS certificates obtained using CMP v2 protocol --------------------------------------------------------------- - -In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description: - -.. toctree:: - :maxdepth: 1 - - Enabling TLS with external x.509 certificates <../../tls_enablement> +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. _ves-installation: + + +VES Collector Cloudify Installation +=================================== + +VESCollector is installed via cloudify blueprint by DCAE bootstrap process on typical ONAP installation. +As the service is containerized, it can be started on stand-alone mode also. + + +To run VES Collector container on standalone mode, following parameters are required + + ``docker run -d -p 8080:8080/tcp -p 8443:8443/tcp -P -e DMAAPHOST='10.0.11.1' nexus.onap.org:10001/onap/org.onap.dcaegen2.collectors.ves.vescollector:1.7.9`` + + +DMAAPHOST is required for standalone; for normal platform installed instance the publish URL are obtained from Consul. Below parameters are exposed for DCAE platform (cloudify) deployed instance + + +- COLLECTOR_IP +- DMAAPHOST - should contain an address to DMaaP, so that event publishing can work +- CONFIG_BINDING_SERVICE - should be a name of CBS +- CONFIG_BINDING_SERVICE_SERVICE_PORT - should be a http port of CBS +- HOSTNAME - should be a name of VESCollector application as it is registered in CBS catalog + +These parameters can be configured either by passing command line option during `docker run` call or by specifying environment variables named after command line option name + + +Authentication Support +---------------------- + +VES Collector support following authentication types + + * *auth.method=noAuth* default option - no security (http) + * *auth.method=certBasicAuth* is used to enable mutual TLS authentication or/and basic HTTPs authentication + +The blueprint is same for both deployments - based on the input configuration, VESCollector can be set for required authentication type. +Default ONAP deployed VESCollector is configured for "certBasicAuth". + +If VESCollector instance need to be deployed with authentication disabled, follow below setup + + +- Execute into Bootstrap POD using kubectl command + .. note:: + For doing this, follow the below steps + + * First get the bootstrap pod name by running this: kubectl get pods -n onap | grep bootstrap + * Then login to bootstrap pod by running this: kubectl exec -it -n onap -- bash + +- VES blueprint is available under /blueprints directory ``k8s-ves.yaml``. A corresponding input file is also pre-loaded into bootstrap pod under /inputs/k8s-ves-inputs.yaml + +- Deploy blueprint + .. code-block:: bash + + cfy install -b ves-http -d ves-http -i /inputs/k8s-ves-inputs.yaml /blueprints/k8s-ves.yaml + +To undeploy ves-http, steps are noted below + +- Uninstall running ves-http and delete deployment + .. code-block:: bash + + cfy uninstall ves-http + +The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below +** An error occurred on the server: 400: Can't delete blueprint ves-http - There exist deployments for this blueprint; Deployments ids: ves-http** + +In this case blueprint can be deleted explicitly using this command. + + .. code-block:: bash + + cfy blueprint delete ves-http + +External repo schema files from OOM connection to VES collector +------------------------------------------------------------------- +In order to not use schema files bundled in VES Collector image but schema files defined in `OOM `_ repository and installed with dcaegen2 module, follow below setup. + +- Execute into Bootstrap POD using kubectl command + .. note:: + For doing this, follow the below steps + + * First get the bootstrap pod name by running this: kubectl get pods -n onap | grep bootstrap + * Then login to bootstrap pod by running this: kubectl exec -it -n onap -- bash + +- VES blueprint is available under /blueprints directory ``k8s-ves.yaml``. A corresponding input file is also pre-loaded into bootstrap pod under /inputs/k8s-ves-inputs.yaml + +- Edit ``k8s-ves.yaml`` blueprint by adding section below ``docker_config:`` tag: + .. code-block:: bash + + volumes: + - container: + bind: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI + config_volume: + name: dcae-external-repo-configmap-sa88-rel16 + - container: + bind: /opt/app/VESCollector/etc/externalRepo/ + config_volume: + name: dcae-external-repo-configmap-schema-map + +- After all ``docker_config:`` section in blueprint should looks like: + .. code-block:: bash + + docker_config: + healthcheck: + endpoint: /healthcheck + interval: 15s + timeout: 1s + type: http + volumes: + - container: + bind: /opt/app/VESCollector/etc/externalRepo/3gpp/rep/sa5/MnS/blob/SA88-Rel16/OpenAPI + config_volume: + name: dcae-external-repo-configmap-sa88-rel16 + - container: + bind: /opt/app/VESCollector/etc/externalRepo/ + config_volume: + name: dcae-external-repo-configmap-schema-map + +.. note:: + + To undeploy ves-http if it is deployed, steps are noted below + + Uninstall running ves-http and delete deployment + .. code-block:: bash + + cfy uninstall ves-http + + The deployment uninstall will also delete the blueprint. In some case you might notice 400 error reported indicating active deployment exist such as below + ** An error occurred on the server: 400: Can't delete blueprint ves-http - There exist deployments for this blueprint; Deployments ids: ves-http** + + In this case blueprint can be deleted explicitly using this command. + + .. code-block:: bash + + cfy blueprint delete ves-http + +To deploy modified ves-http, steps are noted below + +- Load blueprint: + .. code-block:: bash + + cfy blueprints upload -b ves-http /blueprints/k8s-ves.yaml + +- Deploy blueprint + .. code-block:: bash + + cfy install -b ves-http -d ves-http -i /inputs/k8s-ves-inputs.yaml /blueprints/k8s-ves.yaml + +Using external TLS certificates obtained using CMP v2 protocol +-------------------------------------------------------------- + +In order to use the X.509 certificates obtained from the CMP v2 server (so called "operator`s certificates"), refer to the following description: + +.. toctree:: + :maxdepth: 1 + + Enabling TLS with external x.509 certificates <../../tls_enablement> diff --git a/docs/sections/services/ves-hv/installation.rst b/docs/sections/services/ves-hv/installation.rst index d97db068..ada7b7f0 100644 --- a/docs/sections/services/ves-hv/installation.rst +++ b/docs/sections/services/ves-hv/installation.rst @@ -3,8 +3,8 @@ .. _installation: -HV-VES installation -=================== +HV-VES Cloudify Installation +============================ Starting from ONAP/Honolulu release, HV-VES is installed with a DCAEGEN2-Services Helm charts. This installation mechanism is convenient, but it doesn`t support all HV-VES features (e.g. CMP v2 certificates, and IPv4/IPv6 dual stack networking). This description demonstrates, how to deploy HV-VES collector using Cloudify orchestrator. -- 2.16.6