1 .. This work is licensed under a Creative Commons Attribution 4.0
2 .. International License. http://creativecommons.org/licenses/by/4.0
3 .. Copyright 2017 AT&T Intellectual Property. All rights reserved.
6 Adding a new Openstack Cloud Site to ONAP
7 =========================================
9 The following guide describes how to configure ONAP to be able to instantiate
10 a service in a new cloud site based on Openstack.
12 There are 2 methods for ONAP to communicate with Openstack in order
13 to instantiate a service:
15 * method 1 : ONAP SO => Openstack
16 * method 2 : ONAP SO => ONAP MultiCloud => Openstack
18 In this guideline the following parameters/values will be used
20 * Complex Name: My_Complex
21 * Region Name: ONAPCloudRegionName
22 * Openstack Tenant Region Value: TenantRegion
23 * Cloud Owner: MyCompanyName
26 Method 1 : without ONAP MultiCloud
27 ----------------------------------
33 Method 2 : using ONAP MultiCloud
34 --------------------------------
36 STEP 1 : declare Cloud Site in ONAP SO to interact with ONAP multiCloud
37 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
39 The MariaDB database of ONAP SO needs to be modified.
41 In the ONAP SO, the use of ONAP Multicloud for that Cloud Site needs to be
44 ONAP SO will communicate with ONAP MultiCloud that interfaces target cloud
45 environment. Two configuration options are offered:
47 * First option: Declare multicloud URL in identity_services table
49 * Openstack tenant credentials are still managed by SO
50 * Openstack tenant region value is checked against Region_ID value in
53 * Second option (from Dublin version): Target solution managing all Openstack
54 tenant information within AAI
56 * ORCHESTRATOR value is set to `multicloud` in cloud_sites table
57 * All Openstack tenant information are stored in AAI and managed by
60 Connect to ONAP SO pod
61 ^^^^^^^^^^^^^^^^^^^^^^
63 In a Unix Terminal, to get the SO pods id that is providing
68 kubectl -n onap get pod | grep mariadb-galera
70 To connect to that SO pod
71 (in this example, the SO pod id is "onap-mariadb-galera-mariadb-galera-0"):
75 kubectl -n onap exec -ti onap-mariadb-galera-mariadb-galera-0 sh
77 Then modify the data in the MariaDB:
80 A "mso_id" and "mso_pass" are required even if, with multicloud,
81 only credentials managed by ESR will be used.
83 Nevertheless, you need to provide a correct encrypted value for the pass value.
85 "MyCompanyName" is a cloud owner value. WARNING : do not use underscore
88 "ONAPCloudRegionName" is the ONAP region name that can be different from
89 final Openstack tenant region name (TenantRegion in the example).
90 *** know restriction ****
91 Check status of https://jira.onap.org/projects/MULTICLOUD/issues/MULTICLOUD-970
95 mysql --user=so_admin --password=so_Admin123
98 # First option: Without using ORCHESTRATOR VALUE set to multicloud
99 INSERT INTO identity_services VALUES('MC_KEYSTONE', 'http://msb-iag.onap:80/api/multicloud/v1/MyCompanyName/ONAPCloudRegionName/identity/v2.0', 'admin', '5b6f369745f5f0e1c61da7f0656f3daf93c8030a2ea94b7964c67abdcfb49bdf2fa2266344b4caaca1eba8264d277831', 'service', 'admin', 1, 'KEYSTONE', 'USERNAME_PASSWORD', 'lastUser', '2019-07-05 10:32:00', '2019-07-05 10:32:00','PROJECT_DOMAIN_NAME','USER_DOMAIN_NAME');
100 INSERT INTO cloud_sites VALUES('ONAPCloudRegionName', 'TenantRegion', 'MC_KEYSTONE', 2.5, 'ONAPCloudRegionName', NULL, NULL, NULL, 'MySelf', '2019-07-05 10:32:00', '2019-07-05 10:32:00');
102 # Second option: using ORCHESTRATOR VALUE set to multicloud from Dublin version
103 INSERT INTO cloud_sites(ID, REGION_ID, IDENTITY_SERVICE_ID, CLOUD_VERSION, CLLI, ORCHESTRATOR) values("ONAPCloudRegionName", "ONAPCloudRegionName", "DEFAULT_KEYSTONE", "2.5", "My_Complex", "multicloud");
106 **Known restriction with second option**
108 See the following tickets:
110 * `MULTICLOUD-846 <https://jira.onap.org/browse/MULTICLOUD-846>`_
111 * `MULTICLOUD-866 <https://jira.onap.org/browse/MULTICLOUD-866>`_
113 ONAP SO VNF Adapter Rest API endpoint version shall be set to version "v2"
114 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
118 to find the right config map name:
122 kubectl -n onap get configmap | grep so-so-bpmn-infra-app-configmap
125 to edit and change the configmap:
129 kubectl -n onap edit configmap onap-so-so-bpmn-infra-app-configmap
131 in the section "vnf", modify the rest endpoint:
136 endpoint: http://so-openstack-adapter.onap:8087/services/VnfAdapter
138 - endpoint: http://so-openstack-adapter.onap:8087/services/rest/v1/vnfs
139 + endpoint: http://so-openstack-adapter.onap:8087/services/rest/v2/vnfs
142 endpoint: http://so-openstack-adapter.onapg:8087/services/rest/v1/volume-groups
145 Having modified the configmap, it is necessary to delete the pod bpmn-infra in
146 order it takes the modification into account.
148 to find the right pod name:
152 kubectl get po -n onap |grep bpmn-infra
155 You need to find the pod that is similar to the following pod id:
157 "onap-so-so-bpmn-infra-79fdf6f9d5-t8qr4"
164 kubectl -n onap delete po onap-so-so-bpmn-infra-79fdf6f9d5-t8qr4
167 Then, wait for the pod to restart. To check:
171 kubectl -n onap get po | grep so-so
176 STEP 2 : declare the new cloud Site in ONAP AAI
177 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
180 declare a Complex in ONAP AAI
181 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
184 A Cloud Site is located in a Building called "Complex" object
185 in ONAP AAI datamodel.
187 AAI REST API is used to declare the complex object.
189 Here is an example using "curl" tool to send the API request.
191 The new Complex is named "My_Complex" in this example.
197 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/complexes/complex/My_Complex \
198 -H 'Accept: application/json' \
199 -H 'Authorization: Basic QUFJOkFBSQ==' \
200 -H 'Cache-Control: no-cache' \
201 -H 'Content-Type: application/json' \
202 -H 'Real-Time: true' \
203 -H 'X-FromAppId: jimmy-postman' \
204 -H 'X-TransactionId: 9999' \
206 "physical-location-id": "My_Complex",
207 "data-center-code": "example-data-center-code-val-5556",
208 "complex-name": "My_Complex",
209 "identity-url": "example-identity-url-val-56898",
210 "physical-location-type": "example-physical-location-type-val-7608",
211 "street1": "example-street1-val-34205",
212 "street2": "example-street2-val-99210",
214 "state": "example-state-val-59487",
215 "postal-code": "100000",
216 "country": "example-country-val-94173",
217 "region": "example-region-val-13893",
218 "latitude": "39.9042",
219 "longitude": "106.4074",
220 "elevation": "example-elevation-val-30253",
221 "lata": "example-lata-val-46073"
225 Check the Complexes in ONAP AAI:
230 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/complexes \
231 -H 'Accept: application/json' \
232 -H 'Authorization: Basic QUFJOkFBSQ==' \
233 -H 'X-FromAppId: AAI' \
234 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
235 -H 'cache-control: no-cache' -k
240 Declare a Cloud Site in ONAP AAI
241 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
244 To declare a Cloud Site, you need to use the AAI REST API.
246 The new Cloud site is named "ONAPCloudRegionName" in this example.
248 There is also a "Cloud Owner" notion in ONAP AAI datamodel.
250 The new Cloud Owner is named "MyCompanyName" in this example.
252 In Openstack, there is also a "region" notion. You need to get the value of
253 the region that has been set when deploying your Openstack platform.
255 In the following example the Openstack region has the value "TenantRegion"
256 (in the parameter "cloud-extra-info")
258 parameter "complex-name" relate to the Complex you previously declared.
260 parameter "cloud-type" take the value "openstack"
262 parameter "cloud-region-version" is refering to your Openstack version
264 parameter "cloud-extra-info" will contain the Openstack "region".
265 Here, the region ID of the deployed Openstack cloud site will be set.
267 In the following example the Openstack region has the value "TenantRegion".
269 parameter "esr-system-info-list" will contain the list of Openstack platform
270 credentials that will allow ONAP MultiCloud to communicate with the Cloud Site.
276 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName \
277 -H 'Accept: application/json' \
278 -H 'Authorization: Basic QUFJOkFBSQ==' \
279 -H 'Cache-Control: no-cache' \
280 -H 'Content-Type: application/json' \
281 -H 'Postman-Token: 8b9b95ae-91d6-4436-90fa-69cb4d2db99c' \
282 -H 'Real-Time: true' \
283 -H 'X-FromAppId: jimmy-postman' \
284 -H 'X-TransactionId: 9999' \
286 "cloud-owner": "MyCompanyName",
287 "cloud-region-id": "ONAPCloudRegionName",
288 "cloud-type": "openstack",
289 "owner-defined-type": "N/A",
290 "cloud-region-version": "pike",
291 "complex-name": "My_Complex",
292 "cloud-zone": "CloudZone",
293 "sriov-automation": false,
294 "identity-url": "WillBeUpdatedByMultiCloud",
295 "cloud-extra-info":"{\"openstack-region-id\":\"TenantRegion\"}",
296 "esr-system-info-list": {
299 "esr-system-info-id": "<random UUID, e.g. 5c85ce1f-aa78-4ebf-8d6f-4b62773e9bde>",
300 "service-url": "http://<your openstack keystone endpoint, e.g. http://10.12.25.2:5000/v3>",
301 "user-name": "<your openstack user>",
302 "password": "<your openstack password>",
303 "system-type": "VIM",
304 "ssl-insecure": false,
305 "cloud-domain": "Default",
306 "default-tenant": "<your openstack project name>",
307 "system-status": "active"
313 In this example, the cloud-region-version is set to `pike` that is the
314 Openstack pike version.
316 * Multicloud pike plugin is claimed to support Openstack pike
317 * It is possible but not guaranteed to support other Openstack version
318 (e.g. rocky) since no testing has been done by multicloud project on all
319 other Openstack versions.
320 * Whatever the Openstack version is tested against, if the cause of a bug roots
321 in Openstack pike source code, this bug shall be reported.
322 * `starlingx` is another possible version value for Openstack clouds.
324 Associate Cloud site to a Complex in ONAP AAI:
329 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName/relationship-list/relationship \
330 -H 'Accept: application/json' \
331 -H 'Authorization: Basic QUFJOkFBSQ==' \
332 -H 'Content-Type: application/json' \
333 -H 'X-FromAppId: AAI' \
334 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
335 -H 'cache-control: no-cache' \
337 "related-to": "complex",
338 "related-link": "/aai/v16/cloud-infrastructure/complexes/complex/My_Complex",
339 "relationship-data": [
341 "relationship-key": "complex.physical-location-id",
342 "relationship-value": "My_Complex"
348 Check the Cloud Site creation in ONAP AAI:
353 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions \
354 -H 'Accept: application/json' \
355 -H 'Authorization: Basic QUFJOkFBSQ==' \
356 -H 'X-FromAppId: AAI' \
357 -H 'X-TransactionId: 808b54e3-e563-4144-a1b9-e24e2ed93d4f' \
358 -H 'cache-control: no-cache' -k
362 STEP 3 : Register the Cloud Site in ONAP Multicloud
363 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
368 https://msb.api.discovery.simpledemo.onap.org:30283/api/multicloud/v1/MyCompanyName/ONAPCloudRegionName/registry \
369 -H 'Accept: application/json' \
370 -H 'Cache-Control: no-cache' \
371 -H 'Content-Type: application/json' \
379 https://aai.api.sparky.simpledemo.onap.org:30233/aai/v16/cloud-infrastructure/cloud-regions/cloud-region/MyCompanyName/ONAPCloudRegionName?depth=all \
380 -H 'Accept: application/json' \
381 -H 'Authorization: Basic QUFJOkFBSQ==' \
382 -H 'Cache-Control: no-cache' \
383 -H 'Content-Type: application/json' \
384 -H 'Real-Time: true' \
385 -H 'X-FromAppId: jimmy-postman' \
386 -H 'X-TransactionId: 9999' -k
388 The registration is successfull if at least, the field `identity-url` is
389 updated with the multicloud http url. In addition, all the cloud information
390 are loaded in AAI (Flavors, images, etc) but only
392 * if ORCHESTRATOR value is set to `multicloud` in cloud_sites database table
393 * and if the Openstack cloud is configured to support only keystone v2 or v3
394 having the version set in the service url. Multicloud pike and starlingx
395 plugins do not support an Openstack cloud that exposes both v2 and v3.
399 openstack endpoint list --service keystone
400 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+
401 | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
402 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+
403 | 53c0016ad22144b2883b3a9487206a4b | RegionOne | keystone | identity | True | public | https://specific_url:5000/v3 |
404 | 85a7a334353a4b028d8005a454b6578f | RegionOne | keystone | identity | True | admin | http://10.x.x.9:35357/v3 |
405 | 8d5274cd66884ec7b0e3edd965a53f69 | RegionOne | keystone | identity | True | internal | http://10.x.x.9:5000/v3 |
406 +----------------------------------+-----------+--------------+--------------+---------+-----------+-----------------------------------+