enable use of ansible-vault to encrypt variables and variable files

The rm swagger page is broken. Server returns 404.

Current implementation allows to reference openstack networks by name using resource::ans_network::1.0.
However this only returns the network uuid.

It is required to get access to subnet name, id , gw and cidr of a referenced network.
Current assumption/limitation: 1 networks contains exactly 1 subnet.

A new resource: openstack-network is available. This can ONLY be used as reference and returns:

• id (of the network)
• name (of the network)
• subnet_name
• subnet_id
• subnet_gw
• subnet_cidr

According to the latest resource manager API spec the RM has to provide an internalResourceInstance in response to a transition request:

ansible 2.4 is available, add lots of out of the box modules for networking.

The ETSI-SOL003 NVFO-VNFM interfaces require the ALM-RM to act as a server as well as a client to the S-VNFM.
Current RM implemenattion is missing

• OAuth2 flows to allow the S-VNFM to authenticate
• APIs to receive notifications from the S-VNFM
• APIs to subscribe to notifications
• APIs to receive grant requests from the S-VNFM

Add the new field "requestFailureCode" to

• POST /lifecycle/transitions response
• GET /lifecycle/transitions/{id}/status
• Resource Transition Response Message

Only failure code supported as of now: RESOURCE_NOT_FOUND.

Add a section on pre-install configurations:

• async mode settings
• kafka url
• log level

"For license details see https://github.com/open-source-service-lifecycle-mgmt/License" links to 404 not found

include required python modules
add support for 3rd party ansible modules

The current version requires access to the host file system to upload VNF packages.
A REST api to upload a .csar archive with would be much easier to handle.

The RM would

• extract the archive
• validate mandatory folders and files
• check correct yaml descriptors

enable SSL/TSL for the RM interface

Need to add the vault file to the options before calling playbook executor

Allow playbooks to create new resource instance properties and persistently store those for each instance.
For all transition requests store all properties in the instance table.

This enables the resource manager to keep state and other data throughout the instance lifecycle.

new directory naming causes the docker-compose to fail:
docker-compose -f alm-ansible-rm-docker-compose.yml build
ERROR: build path /Users/jkappel/MyApplications/osslm-ansible-adaptor/alm-ansible-driver either does not exist, is not accessible, or is not a valid URL.
need to adapt scripts to new folder structure

see latest RM specification v1.1.1 section 2.7 'publishing metrics' and 2.4.1 'create resource transistion'

Requirements:

• support the metricKey in the transition request
• persist metricKey in instance inventory
• run a "cron" job that gets metrics from VNFs and publishes them on to asm_load or asm_integrity topic ??

Current version only supports synchronous transition request mode. Async mode, i.e. pushing request status to the ALM kafka bus is missing.

Running flask in multi process mode ( fix #52 ) introduces log rotation issues.
Essentially log rotation fails. Random processes will still write to the old log. As file handling is not sequentialized.

the transition requests from ALM for lifecycle operations ( anything other than install,configure, start,stop,uninstall) contain ONLY the properties/parameters for the specific operation (defined in the property section of the operation. This means that the resource properties (that are defined in the properties section of the resource descriptor) are missing for these requests.

The RM needs to get these properties from the database and add them to the ansible playbook call.

ALM requires the resource manager to create a unique ID for each resource during the initial "INSTALL" transition request.
The current ansible-rm implementation defers the creation of this ID to the ansible playbook of each resource (see Resource Id ).

By now ALM itself creates a unique ID for each resource, the "metric_key". This is passed from ALM to RM in every transition request.
This change will eliminate the need to add a debug message to create RESOURCE_IDs to every playbook.
Instead the core RM code will simply create a resource id by using the metric_key.

Current version only fills in internal Resources in the message for the Install transaction.
ASM requires internal resources also for the Uninstall message.

Fix is to open this up to all transactions.

This is not available yet in the shade and os_port ansible openstack module, yet required by clients

Add the request id to the properties (variables) taht are available to the ansible playbooks.
This is required for the enhancements to support ETSI SOL003 in later commit.

the vmware defaull plugins require additional python modules (eg PyVmomi).
These need to added to the requirement.txt so they become part of the setup

set HOSTNAME to "ansible-rm" in the ansible-rm container to support test automation framework.

kafak topic defaults to "docker-rm".
should be "ansible-rm".
Should be fixed in default config.yml file

Ability to handle instance properties that are

• defined and created during playbook execution
  • use "INTERNAL_PROPERTIES" to report these new values
• persistenly stored and available for every lifecycle operation

This allows to handle instance state information that spans lifecycle states.
For example a "Stop" playbook can create a property "state":"stopped"
Another playbook (e.g. "Start") can use this information.

using os_server with
nics:

• port-id:

fails with : "msg": "Additional unsupported keys given for server network creation: dict_keys(['port-id'])"}
Seems to be a bug in shade v 1.22.
solution: upgrade to shade 1.24.0

Need to take into account property-less resources...
Fails when trying to get the instance:

File "/usr/src/app/swagger_server/controllers/ans_requests.py", line 86, in start_request
lc_props, lc_intprops = InstanceHandler( self.resType, self.resVer, self.transitionRequest.deployment_location ).get_instance_properties( self.transitionRequest.metric_key )
TypeError: 'NoneType' object is not iterable

to reflect latest changes (e.g. the async mode support)

ASM picks up resource infor from the kafka bus.
Topic and payload not yet clear.

upgrade requirements to support ansible 2.5

modify the ansible configuration to check for libraries on a shared volume.
Introduce a shared volume "/library" for 3rd party plugins that are part of a VNF package

for some VNF lifecycle operations we require specific ansible modules.
These should be added w/out need to re-create the ansible container.

• add a /library fodler to the shared volumes that will hold the 3rd party modules
• add this folder to the /etc/ansible.cfg so that ansible is aware

current implementation only supports passing openstack auth properties as explicite parameters in the plays.
To enhance reusability and limit dependency on vairous openstack auth options the resource manager should support cloud confg files.
Auth information is driven by os-client-config, which means that values can come from a yaml config file in /etc/ansible/openstack.yaml, /etc/openstack/clouds.yaml or ~/.config/openstack/clouds.yaml.

It is required as part of the CRUD for deployment location also manage the cloud config file.
With this play can simply use "cloud: cloud-name" to use any type fo auth scheme.

create a shared volume that maps the sources to the in container /usr/src/app folder. This will allow code changes w/out the need to re-build the container.
Eases dev and testing.

Add support to manage f5 devices using the ansible plug-in.
Add missing pre-requisite libraries to requirements.txt:
f5-sdk
bigsuds
netaddr
deepdiff

remove and dependency on the ansible RM from the cassandra setup.
get the cassandra cluster from an environment variable
in the docker-compose file set the cassandra cluster variable for the ansible container
this enables sharing the DB by varous RMs instances (eg the OSM rm)

add/remove the metric_key to the list of properties that are passed to ansible as extra variables

whenever a resourceInstance property is populated in the message, the message is not sent to the kafka bus.

upgrade ansible from 2.5 to 2.6

instead of using the junos galaxy modules include the core modules.

The Application LIfecycle Manager API to get deployment location details only supports name and type.
We need to add an API to retrieve the properties of a deployment location

Proposal:
GET /topology/deployment-locations/properties
and
GET /topology/deployment-locations/{id}/properties

https://github.com/IBM/open-source-service-lifecycle-mgmt/Readme.md points to 404 not found

Add support for playbooks that make use of the Juniper.junos roles to manage junos devices

• pre-install the python libraries for junos-eznc (see https://github.com/Juniper/py-junos-eznc)
• pre-install the Juniper.junos role from ansible galaxy
  on the ansible docker image

update ansible core and dependencies to support ansible 2.7

Add required libraries to enable the PAN-OS core ansible modules.
This enbales all ansible network modules that manage a PaloAlto vFW.

Support section 2.7 of the Resource Manager API spec

the requests

• get /topology/instances/{id}
• get /topology/deployment-locations/{name}/instances

return a 500 status code if the resource instance does not have any properties.

implement section 2.5 of the Resource Manager API spec.

Adjust layout of the resources folder to the VNF package structure:

• resource descriptor in descriptor/ folder
• playbooks and roles in lifecycle/ folder
• config files in config/