8dcdd1004f
Below specifications require changes, * Implement VNF Components Support in Tacker refers old link [1] to install heat agent, the correct link is [2]. * Inline VNF Template refers to old link [3] for vnfc.inc, the correct link is [4]. [1] https://github.com/openstack/heat-templates/blob/master/hot/software-config/elements/README.rst [2] https://docs.openstack.org/heat-agents/latest/install/building_image.html [3] https://github.com/openstack/tacker/blob/master/api-ref/source/v1/vnfs.inc [4] https://opendev.org/openstack/tacker/src/branch/master/api-ref/source/v1/vnfs.inc Change-Id: I8253b5d8ca6529ff5bf1b181f0f50ad559019d4b Closes-Bug: #1891121
5.8 KiB
Implement VNF Components Support in Tacker
https://blueprints.launchpad.net/tacker/+spec/vnf-components-support
VNF Component (VNFC) is network function software that runs within a virtual runtime defined in a Virtual Deployment Unit (VDU).
This spec describes the plan to introduce VNF Components (VNFC) capability into Tacker. In its current state, Tacker requires glance images or image location which has preinstalled network function to instantiate VDU. But this spec provides the plan to specify VNFC in VNF descriptors.
Problem description
Most of the operators have their own installation procedures to create the VDU. But when they try to use Tacker as NFV orchestration solution, they have to build the image first and upload it to glance or provide image location in VNFD.
To address this problem in this spec, we introduce the new feature VNF Component in tacker.
The benefits of using VNFC are as follows:
- To use vendor specific installation procedures to build network function.
- Loose coupling between image and network function which avoids dependency on the underlying image.
- Ability to standardize a minimal, base image (CentOS, Ubuntu) hardened with security fixes.
- Easy to update and configure the VDU.
Proposed change
We have a couple of methods to implement this feature. If we use heat as vnfc_driver, then we have a couple of options to opt:
- Use Cloud-Init option to install software component in VDU. The example provided in Data Model impact section uses this option. The advantage of using this option is, most of the cloud images have cloud-init installed But the drawback with this option is upgrade of software component will be difficult.
- Use SoftwareDeployment option to install the software component. But the image must have heat agents installed.Refer [1] to see how to install heat agents. These agents will invoke heat-api to send the result of software deployment.The main advantage of using this option is, we can easily upgrade the software component at any point in future.
Alternatives
The other alternative option is using ssh as vnfc_driver. Using this driver, tacker will have whole control of managing the software component. But in this blueprint we implement 'heat' as 'vnfc_driver' and also also discuss how we can use 'ssh' as vnfc driver.
Using SSH like driver, Tacker has whole control of managing the flow. But the major concern of using SSH driver is storing the passwords. So to address this issue, we need to integrate OpenStack Barbican with Tacker.
The limitations of this approach is SSH driver completely relies on network health and tacker has to depend on barbican for storing passwords for security.
Data model impact
None
TOSCA Schema impact
In VNFM, the VNFD template will be added with the following TOSCA properties:
firewall_vnfc:
type: tosca.nodes.nfv.VNFC.Tacker
properties:
vnfc_driver: heat
requirements:
host: VDU1
interfaces:
Standard:
create: {get_input:file}
inputs:
ip_address: { get_attribute: [ HOST, private_address ] }
VDU1:
type: tosca.nodes.nfv.VDU.Tacker
properties:
image: fedora
flavor: m1.tiny
availability_zone: nova
mgmt_driver: noopThe definition of tosca.nodes.nfv.VNFC.Tacker is defined in the tacker_nfv_defs.yaml as follows:
tosca.nodes.nfv.VNFC.Tacker:
derived_from: tosca.nodes.SoftwareComponent
properties:
vnfc_driver:
type: string
required: true
requirements:
- host:
node: tosca.nodes.nfv.VDU.Tacker
relationship: tosca.relationships.HostedOnThe above VNFD will convert to the below heat template
VDU1:
type: OS::Nova::Server
properties:
availability_zone: nova
flavor: m1.tiny
image: fedora
user_data_format: SOFTWARE_CONFIG
firewall_vnfc_config:
type: OS::Heat::SoftwareConfig
properties:
group: script
config:
...(contents of path/vfw_sw/installer/install.sh)
firewall_vnfc_sw_deployment:
type: OS::Heat::SoftwareDeployment
properties:
config: {get_resource: firewall_vnfc_config}
server: {get_resource: VDU1}REST API impact
None
Security impact
None
Notifications impact
None
Other end user impact
None
Performance impact
None
Other deployer impact
None
Developer impact
None
Implementation
This feature will include changes to Tacker server only.
Changes include:
- New definition for VNFC in tacker_nfv_defs.yaml to support validation of VNFC syntax in tosca-parser.
Assignee(s)
- Primary assignee:
-
Bharath Thiruveedula <bharath_ves@hotmail.com>
- Other contributors:
-
Manikantha Srinivas Tadi <manikantha.tadi@gmail.com>
Work Items
- Add VNFC definition to tacker_nfv_defs.yaml
- Add parsing logic for VNFC
- Add unit tests for VNFC template parsing.
- Add functional test cases.
- Introduce priority order for the VNFC node in tosca-parser and heat-translator
- Add devref to document how VNFC works
Dependencies
None
Testing
Add functional and unit tests for this functionality.
Documentation Impact
Tacker VNFC user-guide will be provided.
References
[1] https://docs.openstack.org/heat-agents/latest/install/building_image.html