Integrate ONAP with Nokia VNFM
==============================
-The following section describes how the Nokia VNFM can be integrated into ONAP. The integration is the easiest if the
+The following section describes how to integrate the Nokia Virtualized Network Function Manager (VNFM) into ONAP. The integration is easier if the
VNFM is installed before ONAP.
Prepare the VNFM
----------------
-* Start VNFM: The VNFM must be able to communicate with the ONAP VF-C interface, the cloud and the VNF, so the VNFM must
- have the correct network setup. The VNFM will use LCNs to notify VF-C of the executed changes, so the LCN zone of the
+
+* Start the VNFM.
+ The VNFM must be able to communicate with the ONAP VF-C interface, the virtualized infrastructure manager (VIM) and the virtualized network function (VNF), so the VNFM must
+ have the correct network setup. The VNFM uses lifecycle notifications (LCNs) to notify the VF-C about the executed changes, therefore, the LCN zone of the
VNFM must be configured so that the VNFM is able to reach the VF-C LCN interface.
* Register driver in CBAM
- - Log into CBAM via SSH and determine the keycloak admin password
+ - Using SSH, log in to the CloudBand Application Manager (CBAM) virtual machine as cbam user and determine the Keycloak
+ auto-generated admin password with the following command: ectl get /cbam/cluster/components/keycloak/admin_credentials/password
+
+ - Copy the printout of the command.
+
+ - Access the Keycloak login page with the following URL: https://<cbamIp>/auth/admin where <cbamIp> is the FQDN or IP
+ address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port.
+
+ Result: The Keycloak Administration Console login page loads up.
+
+ - Log in to Keycloak with the 'admin' username and the auto-generated admin password you copied to clipboard, then change the auto-generated password and note the new password.
+
+ Result: You are logged in to the Keycloak Administration Console.
+
+ - Add a new client on Keycloak:
+
+ - From the Configure menu, select Clients.
+
+ - Result: The Clients pane appears.
+
+ - Click Create.
+
+ - Result: The Add Client pane appears.
+
+ - Set the Client ID to onapClientId and click Save. Note the Client ID which will be referred to as <clientId>.
+
+ - Result: The following notification appears: Success! The client has been created. The new client's profile page appears.
+
+ - Customize the following settings for the newly created client:
+
+ - Access Type: select confidential. Keycloak will generate a client secret that serves as a type of password for your client.
+
+ - Make sure the following settings are ON: Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled, Authorization Enabled
+
+ - Type * in the Valid Redirect URIs field.
+
+ - Click Save.
+
+ - Result: The following notification appears: Success! Your changes have been saved to the client.
+
+ - Note the Client Secret which will be referred to as <clientSecret>:
+
+ - Select the Credentials tab.
+
+ - From the Client Authenticator drop-down list, select the Client ID and Secret and check the value of Secret.
+
+ - Add a new user on Keycloak:
+
+ - From the Manage menu, select Users.
+
+ - Result: The Users pane appears.
+
+ - Click Add user and define the parameters for the creation:
+
+ - Username: onap
+
+ - Note the username, it will be referred to as <onapUsername>.
+
+ - User Enabled: make sure it is On.
+
+ - Click Save.
+
+ - Result: The following notification appears: Success! The user has been created. The new user's profile page appears.
+
+ - Create a password for the user: select the Credentials tab on the user profile and set the password.
+
+ - Note: The user is prompted to change this password when logging in to CBAM for the first time.
+
+ - Assign the "user" role to the created user:
+
+ - Select the Role Mappings tab on the user profile.
+
+ - Select the "user" role from the Available Roles box, then click Add selected.
+
+ - Access the CBAM GUI login page with the following URL: https://<cbamIp> where <cbamIp> is the FQDN or IP address assigned to CBAM node during instantiation. Optionally, it may contain a port, for example, cbam.mycompany.com:port or 1.2.3.4:port.
- - ectl get /cbam/cluster/components/keycloak/admin_credentials/password
+ - Log in to CBAM GUI using the created user.
- - Log into keycloak https://<cbamIp>/auth/admin with admin username and password from previous step and change password (note the changed password)
- - Add a new client
+ - Change and note the password which will be referred to as <onapPassword>.
- - set client id to onapClient
- - change credential type to confidential
- - enable Standard Flow Enabled, Direct Access Grants Enabled, Service Accounts Enabled
- - add * for redirect URL
- - save
- - note the client id <clientId>
- - add new credential
- - note the client secret <clientSecret>
+ - Using SSH, add SSL certificates for all VIM connections or disable certificate verification as follows:
- - Add a new user
+ - For insecure connection (all certificates are automatically trusted)
- - note the username <onapUsername>
- - reset password
- - assign the "user" role to the created user
+ - execute the below commands in the following order:
- - Log into CBAM GUI using the created user
+.. code-block:: console
+
+ sudo su -
+ ectl set /cbam/cluster/components/tlm/insecure_vim_connection true
+ ectl set /actions/reconfigure start
+ journalctl -fu cbam-reconfigure.service
- - change and note the password <onapPassword>
+ - Wait for the "Started cbam-reconfigure.service." message.
- - Add SSL certificates for all VIM connection or disable certificate verification
+ - For secure connection : read the CBAM documentation.
- - For insecure (all certificates are automatically trusted)
+Prepare /ets/hosts file on your laptop
+--------------------------------------
- - sudo su -
- - ectl set /cbam/cluster/components/tlm/insecure_vim_connection true
- - ectl set /actions/reconfigure start
- - journalctl -fu cbam-reconfigure.service
- - (wait for "Started cbam-reconfigure.service.")
+Note: This is an optional step with which it is easier to copy paste URLs
- - For secure: (read CBAM documentation)
+* Using the OpenStack Horizon Dashboard, find the ONAP servers you have deployed and note their IP addresses.
-Prepare /ets/hosts file on your laptop (optional easier to copy paste URLs)
-----------------------------------------------------------------------------
+* Depending on your operating system, use the respective method to prepare an /ets/hosts file to link the DNS servers to the corresponding IP addresses, see the table below:
+-------------------+---------------------------------+
| IP address | DNS entry |
Add the VNFM driver to ONAP
---------------------------
-- Locate the IP address of the MSB (MSB_IP). Look at the VM instances of ONAP and search one with vm1-multi-service name. This is where the MSB is located
-- Create VIM in A&AI (may already exist) (repeat for all clouds planed to be used)
+- Locate and note the IP address of the MSB (MSB_IP) on the OpenStack Horizon Dashboard. Look at the VM instances of ONAP and find one with vm1-multi-service name. This is where the MSB is located.
+
+- Create VIM in A&AI Note:
+
+ - The VIM may already exist.
+
+ - Repeat this step for all VIMs planned to be used.
+
+ - Go to http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vim/vimView.html
+
+ - Result: The ONAP platform opens.
+
+ - On the platform, click Register.
+
+ - Result: The registration form opens.
+
+ - Fill in the fields.
- - http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vim/vimView.html
+ - Note: Cloud credentials are supplied by the VNF integrator.
-- Determine the tenant id to be used (log into the cloud) (repeat for all tenants planed to be used within the cloud)
+ - To obtain the value of the Auth URL field and the tenant id (which will be required later), follow these steps:
+ - Note: The actual steps depend on the OpenStack Dashboard version and vendor.
+ - Go to OpenStack Horizon Dashboard.
+ - Select the Project main tab.
+ - Select the API Access tab.
+ - Click View Credentials.
+ - Copy the value of Authentication URL and paste it in the Auth URL field.
+ - Note the value of Project ID: this is the <tenantId> which will be required later (Repeat this step for all tenants planned to be used within the VIM.)
- - http://<horizonUrl>/project/access_and_security/ Intentity / Projects
+ - Click Save.
-- Create tenant (may already exist) (repeat for all tenants planed to be used within the cloud)
+ - Result: The driver has been successfully added.
- + tool: Postman
- + change tenantId, cloudRegion and cloudOwner
- + method: PUT
- + url: https://aai.api.simpledemo.onap.org:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/<cloudOwner>/<cloudRegion>/tenants/tenant/<tenantId>
- + Headers
+- Create tenant
- - basic auth AAI:AAI
- - X-FromAppId : any
- - Content-type: application/json
- - Accept: application/json
+ - Note:
- - Content: :download:`aai.create.tenant.request.json <sample/aai.create.tenant.request.json>`
+ - The tenant may already exist.
- - change tenant id, region id owner id and tenant name
+ - Repeat this step for all tenants planned to be used within the VIM.
-- Register the VNFM as external system (repeat for all clouds planed to be used)
+ - Using a REST client of your choice, send a request to the following URL: https://aai.api.simpledemo.onap.org:8443/aai/v11/cloud-infrastructure/cloud-regions/cloud-region/<cloudOwner>/<cloudRegion>/tenants/tenant/<tenantId>
- - Visit MSB http://msb.api.simpledemo.onap.org:9518/api/aai-esr-server/v1/vims
+ - download the content of the request: `aai.create.tenant.request.json <sample/aai.create.tenant.request.json>`
+ - In the request URL and in the content of the request, substitute <tenantId>, <cloudRegion> and <cloudOwner> with the respective values.
+ - HTTP method: PUT
+ - Set the following values in the Header of the request:
- - note the cloud owner field <cloudOwner>
- - note the region id field <cloudRegionId>
+ - basic auth AAI:AAI
+ - X-FromAppId : any
+ - Content-type: application/json
+ - Accept: application/json
- - Visit MSB http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vnfm/vnfmView.html and click on register button
+- Register the VNFM as an external system:
+
+ - Note: - Repeat this step for all VIMs planned to be used.
+
+ - Access the following URL: http://msb.api.simpledemo.onap.org/iui/aai-esr-gui/extsys/vnfm/vnfmView.html
+
+ - Result: The ONAP platform opens
+
+ - On the platform, click Register.
+
+ - Result: The registration form opens.
+
+ - Fill in the fields as follows:
+
+ - Note: Cloud credentials are supplied by the VNF integrator.
+-----------------+-----------------------------------+
| key | Value |
| Password | <clientSecret> |
+-----------------+-----------------------------------+
- - Determine the UUID of the VNFM (if the VNFM was registered multiple times select one at random)
+ - Click Save.
+
+ - Result: The registration has been completed.
+
+ - Determine the UUID of the VNFM:
+
+ - Note: If the VNFM was registered multiple times, select one of them at random
+ - Access the following URL: http://msb.api.simpledemo.onap.org:9518/api/aai-esr-server/v1/vnfms
+ - Look for the previously registered VNFM and note the value of <vnfmId>.
- - visit http://msb.api.simpledemo.onap.org:9518/api/aai-esr-server/v1/vnfms and search for the previously registered VNFM
- - note the id field <vnfmId>
Configure the SVNFM driver (generic)
------------------------------------
- - Download the CBAM SVNFM driver
- - docker pull https://nexus.onap.org/content/sites/raw/onap/vfc/nfvo/svnfm/nokiav2:1.1.0-STAGING-latest
- - Start the driver (fill in values)
+- Using SSH, download the CBAM SVNFM driver by executing the following command:
+ docker pull https://nexus.onap.org/content/sites/raw/onap/vfc/nfvo/svnfm/nokiav2:1.1.0-STAGING-latest
+
+- Determine the IMAGE ID:
+
+ - Execute the following command: docker images
+ - Find the required image and note the IMAGE ID.
+
+- Start the driver:
+
+ - Fill in the required values and execute the following:
.. code-block:: console
export CBAM_USERNAME=<onapUsername>
docker run --name vfc_nokia -p 8089:8089 -e "MSB_IP=$MULTI_NODE_IP" -e "CONFIGURE=kuku" -e "EXTERNAL_IP=$MULTI_NODE_IP" -e "CBAM_CATALOG_URL=https://$CBAM_IP:443/api/catalog/adapter/" -e "CBAM_LCN_URL=https://$CBAM_IP:443/vnfm/lcn/v3/" -e "CBAM_KEYCLOAK_URL=https://$CBAM_IP:443/auth/" -e "CBAM_USERNAME=$CBAM_USERNAME" -e "CBAM_PASSWORD=$CBAM_PASSWORD" -e "VNFM_ID=$VNFM_ID" -d --stop-timeout 300 $IMAGE_ID
+- Determine the identifier of the container:
+
+ - Execute the following command: docker ps
+ - Find the required container and note the CONTAINER ID (first column/first row on the list).
+
+- Verify if the VNFM driver has been successfully started by executing the following commands:
+
+.. code-block:: console
+
+ execute docker exec -it <containerId> /bin/bash
+ execute tail -f service.log
+
+ - Result: The SVNFM integration is successful if the end of the command output contains "Started NokiaSvnfmApplication".
+
+- Verify if the SVNFM is registered into MSB:
+
+ - Go to http://msb.api.simpledemo.onap.org/msb
+ - Check if NokiaSVNFM micro service is present in the boxes.
+
+
Configure the SVNFM driver (ONAP demo environment)
--------------------------------------------------
- - Configure the already running instance
- - docker exec -it `docker ps | grep nokiav2 | awk '{print $1}'` /bin/bash
- - Edit /service/application.properties
- - Fill values for cbamCatalogUrl, cbamLcnUrl, cbamKeyCloakBaseUrl, cbamUsername, cbamPassword, vnfmId
+This step is executed instead of the "Configure the SVNFM driver (generic)" in case of an ONAP demo environment.
+
+- Configure the already running instance:
+
+ - Execute the following command: docker exec -it `docker ps | grep nokiav2 | awk '{print $1}'` /bin/bash
+ - Edit /service/application.properties:
+
+ - In this file, change the default values of the following keys to the correct values: cbamCatalogUrl, cbamLcnUrl, cbamKeyCloakBaseUrl, cbamUsername, cbamPassword, vnfmId
Code Review / vfc / nfvo / driver / vnfm / svnfm.git / commitdiff