INF O2 Service User Guide

This guide will introduce the process that make INF O2 interface work with SMO.

• Assume you have an O2 service with INF platform environment, and you have the token of the O2 service.

  export OAM_IP=<INF_OAM_IP>
  export SMO_TOKEN_DATA=<TOKEN of O2 Service>
  

• Discover INF platform inventory

  • INF platform auto-discovery

    After you installed the INF O2 service, it will automatically discover the INF through the parameters that you give from the “o2service-override.yaml”

    The below command can get the INF platform information as O-Cloud

    curl -k -X 'GET' \
      "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/" \
      -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    

  • Resource pool

    The INF platform is a standalone environment, it has one resource pool. If the INF platform is a distributed cloud environment, the central cloud will be one resource pool, and each of the sub-cloud will be a resource pool. All the resources that belong to the cloud will be organized into the resource pool.

    Get the resource pool information through this interface

    curl -k -X 'GET' \
      "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourcePools" \
      -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    
    # export the first resource pool id
    export resourcePoolId=`curl -k -X 'GET' "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourcePools"   -H 'accept: application/json' -H "Authorization: Bearer $SMO_TOKEN_DATA" 2>/dev/null | jq .[0].resourcePoolId | xargs echo`
    
    echo ${resourcePoolId} # check the exported resource pool id
    

  • Resource type

    Resource type defined what type is the specified resource, like a physical machine, memory, or CPU

    Show all resource type

    curl -k -X 'GET' \
      "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourceTypes" \
      -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    

  • Resource

    Get the list of all resources, the value of resourcePoolId from the result of the resource pool interface

    curl -k -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourcePools/${resourcePoolId}/resources" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    

    To get the detail of one resource, need to export one specific resource id that wants to check

    # export the first resource id in the resource pool
    export resourceId=`curl -k -X 'GET' "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourcePools/${resourcePoolId}/resources"   -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" 2>/dev/null | jq .[0].resourceId | xargs echo`
    
    echo ${resourceId} # check the exported resource id
    
    # Get the detail of one specific resource
    curl -k -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/resourcePools/${resourcePoolId}/resources/${resourceId}" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    

  • Deployment manager services endpoint

    The Deployment Manager Service (DMS) related to this IMS information you can use the below API to check

    curl -k -X 'GET' \
      "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers" \
      -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}"
    

• Provisioning INF platform with SMO endpoint configuration

  Assume you have an SMO, and prepare the configuration of the INF platform with the SMO endpoint address before the O2 service installation. This provisioning of the INF O2 service will make a request from the INF O2 service to SMO while the O2 service installing, which make SMO know the O2 service is working.

  After you installed the INF O2 service, it will automatically register the SMO through the parameters that you give from the “o2app.conf”

  export OCLOUD_GLOBAL_ID=<Ocloud global UUID defined by SMO>
  export SMO_REGISTER_URL=<SMO Register URL for O2 service>
  
  cat <<EOF > o2app.conf
  [DEFAULT]
  
  ocloud_global_id = ${OCLOUD_GLOBAL_ID}
  smo_register_url = ${SMO_REGISTER_URL}
  ...
  

• Subscribe to the INF platform resource change notification

  Assume you have an SMO, and the SMO has an API that can receive callback request

  • Create a subscription to the INF O2 IMS

    export SMO_SUBSCRIBE_CALLBACK=<The Callback URL for SMO Subscribe resource>
    export SMO_CONSUMER_SUBSCRIPTION_ID=<The Subscription ID of the SMO Consumer>
    
    curl -k -X 'POST' \
      "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/subscriptions" \
      -H 'accept: application/json' \
      -H 'Content-Type: application/json' \
      -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
      -d '{
      "callback": "'${SMO_SUBSCRIBE_CALLBACK}'",
      "consumerSubscriptionId": "'${SMO_CONSUMER_SUBSCRIPTION_ID}'",
      "filter": ""
    }'
    

  • Handle resource change notification

    When the SMO callback API gets the notification that the resource of INF platform changing, use the URL to get the latest resource information to update its database

• Subscribe to the INF platform alarm change notification

  Assume you have an SMO, and the SMO has an API that can receive callback request

  • Create an alarm subscription to the INF O2 IMS

    export SMO_SUBSCRIBE_CALLBACK=<The Callback URL for SMO Subscribe alarm>
    export SMO_CONSUMER_SUBSCRIPTION_ID=<The Subscription ID of the SMO Consumer>
    
    curl -k -X 'POST' \
      "https://${OAM_IP}:30205/o2ims-infrastructureMonitoring/v1/alarmSubscriptions" \
      -H 'accept: application/json' \
      -H 'Content-Type: application/json' \
      -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
      -d '{
      "callback": "'${SMO_SUBSCRIBE_CALLBACK}'",
      "consumerSubscriptionId": "'${SMO_CONSUMER_SUBSCRIPTION_ID}'",
      "filter": ""
    }'
    

  • Handle alarm change notification

    When the SMO callback API gets the alarm of the INF platform, use the URL to get the latest alarm event record information to get more details

• Use Kubernetes Control Client through O2 DMS profile

  Assume you have the kubectl command tool on your local Linux environment.

  And install the ‘jq’ command for your Linux bash terminal. If you are using Ubuntu, you can follow the below command to install it.

  # install the 'jq' command
  sudo apt-get install -y jq
  
  # install 'kubectl' command
  sudo apt-get install -y apt-transport-https
  echo "deb http://mirrors.ustc.edu.cn/kubernetes/apt kubernetes-xenial main" | \
  sudo tee -a /etc/apt/sources.list.d/kubernetes.list
  gpg --keyserver keyserver.ubuntu.com --recv-keys 836F4BEB
  gpg --export --armor 836F4BEB | sudo apt-key add -
  sudo apt-get update
  sudo apt-get install -y kubectl
  

  We need to get the Kubernetes profile to set up the kubectl command tool.

  Get the DMS Id in the INF O2 service, and set it into bash environment.

  # Get all DMS ID, and print them with command
  dmsIDs=$(curl -k -s -X 'GET' \
  "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers" \
  -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
  | jq --raw-output '.[]["deploymentManagerId"]')
  for i in $dmsIDs;do echo ${i};done;
  
  # Choose one DMS and set it to bash environment, here I set the first one
  export dmsID=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.[0]["deploymentManagerId"]')
  
  echo ${dmsID} # check the exported DMS Id
  

  The profile of the ‘kubectl’ need the cluster name, I assume it is set to “o2dmsk8s1”.

  It also needs the server endpoint address, username, and authority, and for the environment that has Certificate Authority validation, it needs the CA data to be set up.

  CLUSTER_NAME="o2dmsk8s1" # set the cluster name
  
  K8S_SERVER=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers/${dmsID}?profile=native_k8sapi" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.["extensions"]["profileData"]["cluster_api_endpoint"]')
  K8S_CA_DATA=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers/${dmsID}?profile=native_k8sapi" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.["extensions"]["profileData"]["cluster_ca_cert"]')
  
  K8S_USER_NAME=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers/${dmsID}?profile=native_k8sapi" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.["extensions"]["profileData"]["admin_user"]')
  K8S_USER_CLIENT_CERT_DATA=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers/${dmsID}?profile=native_k8sapi" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.["extensions"]["profileData"]["admin_client_cert"]')
  K8S_USER_CLIENT_KEY_DATA=$(curl -k -s -X 'GET' \
    "https://${OAM_IP}:30205/o2ims-infrastructureInventory/v1/deploymentManagers/${dmsID}?profile=native_k8sapi" \
    -H 'accept: application/json' -H "Authorization: Bearer ${SMO_TOKEN_DATA}" \
    | jq --raw-output '.["extensions"]["profileData"]["admin_client_key"]')
  
  # If you do not want to set up the CA data, you can execute following command without the secure checking
  # kubectl config set-cluster ${CLUSTER_NAME} --server=${K8S_SERVER} --insecure-skip-tls-verify
  
  kubectl config set-cluster ${CLUSTER_NAME} --server=${K8S_SERVER}
  kubectl config set clusters.${CLUSTER_NAME}.certificate-authority-data ${K8S_CA_DATA}
  
  kubectl config set-credentials ${K8S_USER_NAME}
  kubectl config set users.${K8S_USER_NAME}.client-certificate-data ${K8S_USER_CLIENT_CERT_DATA}
  kubectl config set users.${K8S_USER_NAME}.client-key-data ${K8S_USER_CLIENT_KEY_DATA}
  
  # set the context and use it
  kubectl config set-context ${K8S_USER_NAME}@${CLUSTER_NAME} --cluster=${CLUSTER_NAME} --user ${K8S_USER_NAME}
  kubectl config use-context ${K8S_USER_NAME}@${CLUSTER_NAME}
  
  kubectl get ns # check the command working with this context
  

  Now you can use “kubectl”, which means you set up a successfully Kubernetes client. But, it uses the default admin user, so I recommend you create an account for yourself.

  Create a new user and account for K8S with a “cluster-admin” role. And, set the token of this user to the base environment.

  USER="admin-user"
  NAMESPACE="kube-system"
  
  cat <<EOF > admin-login.yaml
  apiVersion: v1
  kind: ServiceAccount
  metadata:
    name: ${USER}
    namespace: kube-system
  ---
  apiVersion: rbac.authorization.k8s.io/v1
  kind: ClusterRoleBinding
  metadata:
    name: ${USER}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
  subjects:
  - kind: ServiceAccount
    name: ${USER}
    namespace: kube-system
  EOF
  
  kubectl apply -f admin-login.yaml
  TOKEN_DATA=$(kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${USER} | awk '{print $1}') | grep "token:" | awk '{print $2}')
  echo $TOKEN_DATA
  

  Set the new user in ‘kubectl’ replace the original user, and set the default namespace into the context.

  NAMESPACE=default
  TOKEN_DATA=<TOKEN_DATA from INF>
  
  USER="admin-user"
  CLUSTER_NAME="o2dmsk8s1"
  
  kubectl config set-credentials ${USER} --token=$TOKEN_DATA
  kubectl config set-context ${USER}@inf-cluster --cluster=${CLUSTER_NAME} --user ${USER} --namespace=${NAMESPACE}
  kubectl config use-context ${USER}@inf-cluster