Comment to HTTPS part,

Introducing HTTPS to ONAP control plane might cause many additional efforts, we need to confirm other services configure service certificates correctly, like OOM, SO, MSB. I don’t think we have much time left for R1.

It would be good to check if CDP-PAL support sending HTTP requests, if it can, everyone will be saved

 

Best Regards,

Ethan Lynn

ethanlynnl@vmware.com

+86 010-59934270

 

 

On Aug 21, 2017, at 16:54, Xinhui Li <lxinhui@vmware.com> wrote:

@Bin,

 

Let us leave the clarification of VID related concern to their weekly meeting as Lizi suggested.

 

>>> MutliVIM team is still in discussions on identify-url and how it will get into AAI

Ethan’s answer below provides the details of the process of identify url store into AAI.

 

 

@Randa and All,

 

>>> For username & password, APPC stores the credential locally in a properties file and these are passed to OpenStack to authenticate. For R1, this will remain the same. APPC will make no changes to this existing functionality.

 

Multi VIM/Cloud will respect this. Our keystone proxy will pass credential information sent from APP-C to OpenStack to authenticate, like what we will do for other consumers like SO.

 

>>>Ethan indicated that credential would be stored in AAI as part of cloud region, put there by ESR as part of VM info; however, for R1, APPC will not extract username/password from AAI. Implication for testing is that these credentials in properties file must match what is stored in AAI for that cloud instance. 

 

We need to add one attention point in the test cases about this requirement to match between properties file and the targeted cloud backend (stored in AAI). The change to the properties file need to be taken care when multiple backend Clouds exist.

 

>>> APPC/CDP-PAL use HTTPS; need MultiVIM to investigate if they can support HTTPS. Tyler will do likewise to see if HTTP can be supported by CDP-PAL.

According to the requirement here, Multi VIM/Cloud need to register to MSB as https service. After this registry, all consumers of Multi VIM/Cloud need to use https. This involves changes in other modules and need communication to see if the change possible. We quite understand the adoption of https by CDP-PAL to access external Cloud system. Differently, Multi VIM/Cloud is a part of ONAP control plane and deployed as an internal service.  Change to https will add additional work with limited benefits from security perspective.

 

Considering the two reasons, it will be very nice if Tyler could help to check if CDL-PAL can disable ssl or change into http client. At the same time, Multi VIM/Cloud team will continue to investigate in case hard change needed.  

 

+ Huabing, PTL of MSB

 

Xinhui

发件人: Yang, Bin <Bin.Yang@windriver.com>
发送时间: 2017年8月19日 12:08
收件人: Ethan Lynn
抄送: MAHER, RANDA; SMITH, TYLER A; Xinhui Li; GUDISENA, VARUNESHWAR; ADDAGADA, SATISH; YOUNG, RYAN J; SEABOLT, SCOTT; ANAPAN-LAVALLE, HECTOR A; KOYA, RAMPRASAD; HU, BIN; LEFEVRE, CATHERINE; marcus.williams@intel.com; VUL, ALEXANDER; HAY, AARON; DAVANGERE RAJASEKHAR, VEERENDRA; NGUYEN, PHIL; BRADY, PATRICK D; WONNELL, SKIP; DRAGOSH, PAM; FREEMAN, BRIAN D; GAO, CHENFEI; HOTZE, BECKY L; RAJU, CHINNAPPA; CHOU, JOSEPH Y; NGUEKO, GERVAIS-MARTIAL; BAGADI, RAMBABU; li.zi30@zte.com.cn
主题: RE: 8/18/17 - APPC/CDP-PAL/MultVIM - Touch Base 3 - Notes & Follow-up items

 

Hi Randa and Ethan,

 

               With regards to this open issue: “ MutliVIM team is still in discussions on identify-url and how it will get into AAI”，　I think the original concern is: Will other entity (VID or SO) will update this identify-url in AAI as well? We as MultiVIM team need to check that with VID and SO team. If that concern is valid, it will be a critical issue to be identified and fixed.

 

Thanks.

 

Best Regards,

Bin Yang,  Solution Readiness Team,    Wind River

Direct +86,10,84777126    Mobile +86,13811391682    Fax +86,10,64398189

Skype: yangbincs993

 

From: Ethan Lynn [ethanlynnl@vmware.com]
Sent: Saturday, August 19, 2017 12:02 PM
To: Yang, Bin
Cc: MAHER, RANDA; SMITH, TYLER A; Xinhui Li; GUDISENA, VARUNESHWAR; ADDAGADA, SATISH; YOUNG, RYAN J; SEABOLT, SCOTT; ANAPAN-LAVALLE, HECTOR A; KOYA, RAMPRASAD; HU, BIN; LEFEVRE, CATHERINE; marcus.williams@intel.com; VUL, ALEXANDER; HAY, AARON; DAVANGERE RAJASEKHAR, VEERENDRA; NGUYEN, PHIL; BRADY, PATRICK D; WONNELL, SKIP; DRAGOSH, PAM; FREEMAN, BRIAN D; GAO, CHENFEI; HOTZE, BECKY L; RAJU, CHINNAPPA; CHOU, JOSEPH Y; NGUEKO, GERVAIS-MARTIAL; BAGADI, RAMBABU; li.zi30@zte.com.cn
Subject: Re: 8/18/17 - APPC/CDP-PAL/MultVIM - Touch Base 3 - Notes & Follow-up items

 

Hi Randa and Bin,

On 19 Aug 2017, at 11:17 AM, Yang, Bin <Bin.Yang@windriver.com> wrote:

 

• MutliVIM team is still in discussions on identify-url and how it will get into AAI

 

ESR will call MultiCloud when registering a new VIM, then MultiCloud will update identity-url field in AAI. It all happens in VIM registry process.

Auth-info is a new structure we are pushing in A&AI schema and A&AI team agree to add it. After it’s added, cloud-region will have a new attribute auth-info-items, which contains the credentials of VIM. When we retrieve cloud-region info from A&AI, we can get credentials info too. Those credential info will be input from ESR and stored in A&AI when registering a new VIM.