From d438301ca7244e66d5082312e3e84fcfb219f11b Mon Sep 17 00:00:00 2001 From: Sofia Wallin Date: Wed, 23 Nov 2016 14:49:15 +0100 Subject: Adjusted the docs repo structure for D release work Change-Id: I9befe06c424c726e17d754bc480413b2430549ba Signed-off-by: Sofia Wallin --- docs/configurationguide/abstract.rst | 19 -- .../configuration.options.render.rst | 27 -- .../feature.configuration.description.rst | 22 -- docs/configurationguide/index.rst | 18 -- docs/configurationguide/scenario.description.rst | 10 - .../scenarios/scenario.name/index.rst | 16 ++ .../scenario.name/scenario.description.rst | 32 +++ .../userguide/feature.userguide.rst | 19 ++ .../feature.templates/userguide/index.rst | 23 ++ docs/development/opnfvsecguide/_static/temp | 0 docs/development/opnfvsecguide/_templates/temp | 0 docs/development/opnfvsecguide/audit.rst | 9 + .../development/opnfvsecguide/audit/audit_reqs.rst | 110 ++++++++ docs/development/opnfvsecguide/compute.rst | 8 + .../opnfvsecguide/compute/dacmaccontrols.rst | 3 + docs/development/opnfvsecguide/compute/trust.rst | 124 +++++++++ docs/development/opnfvsecguide/contribution.rst | 45 ++++ docs/development/opnfvsecguide/getting_started.rst | 41 +++ docs/development/opnfvsecguide/index.rst | 21 ++ docs/development/opnfvsecguide/introduction.rst | 15 ++ .../introduction/acknowledgements.rst | 3 + .../opnfvsecguide/introduction/background.rst | 38 +++ docs/development/opnfvsecguide/network.rst | 8 + docs/development/opnfvsecguide/network/neutron.rst | 2 + docs/development/scenario/featurematrix.rst | 39 +++ docs/development/scenario/scenariointro.rst | 13 + docs/development/scenario/scenariomatrix.rst | 100 +++++++ docs/development/scenario/scenariovalidation.rst | 0 docs/documentation/index.rst | 208 --------------- .../scenarios/scenario.name/index.rst | 16 -- .../scenario.name/scenario.description.rst | 32 --- .../userguide/feature.userguide.rst | 19 -- docs/feature.templates/userguide/index.rst | 23 -- docs/images/brahmaputrafeaturematrix.jpg | Bin 62966 -> 0 bytes docs/images/brahmaputrascenariomatrix.jpg | Bin 51071 -> 0 bytes docs/images/opnfvplatformgraphic.png | Bin 136767 -> 0 bytes docs/images/weather-clear.jpg | Bin 1286 -> 0 bytes docs/images/weather-dash.jpg | Bin 1010 -> 0 bytes docs/images/weather-few-clouds.jpg | Bin 1348 -> 0 bytes docs/images/weather-overcast.jpg | Bin 1215 -> 0 bytes docs/index.rst | 37 +++ docs/installationprocedure/index.rst | 14 - .../installation.introduction.rst | 104 -------- docs/opnfvsecguide/_static/temp | 0 docs/opnfvsecguide/_templates/temp | 0 docs/opnfvsecguide/audit.rst | 9 - docs/opnfvsecguide/audit/audit_reqs.rst | 110 -------- docs/opnfvsecguide/compute.rst | 8 - docs/opnfvsecguide/compute/dacmaccontrols.rst | 3 - docs/opnfvsecguide/compute/trust.rst | 124 --------- docs/opnfvsecguide/contribution.rst | 45 ---- docs/opnfvsecguide/getting_started.rst | 41 --- docs/opnfvsecguide/index.rst | 21 -- docs/opnfvsecguide/introduction.rst | 15 -- .../introduction/acknowledgements.rst | 3 - docs/opnfvsecguide/introduction/background.rst | 38 --- docs/opnfvsecguide/network.rst | 8 - docs/opnfvsecguide/network/neutron.rst | 2 - docs/overview/index.rst | 12 - docs/overview/overview.rst | 290 --------------------- docs/release/index.rst | 208 +++++++++++++++ docs/release/installation.introduction.rst | 104 ++++++++ docs/release/overview.rst | 290 +++++++++++++++++++++ docs/release/userguide.introduction.rst | 85 ++++++ docs/scenario/featurematrix.rst | 39 --- docs/scenario/scenariointro.rst | 13 - docs/scenario/scenariomatrix.rst | 100 ------- docs/scenario/scenariovalidation.rst | 0 docs/templates/LICENSE.rst | 43 --- docs/templates/build-instructions.rst | 207 --------------- docs/templates/index.rst | 38 --- docs/templates/installation-instructions.rst | 239 ----------------- docs/templates/release-notes.rst | 261 ------------------- .../framework.installation.procedure.render.rst | 10 - docs/testframework/framework.userguide.render.rst | 10 - docs/testframework/index.rst | 16 -- .../testframework/opnfv.testframework.overview.rst | 17 -- .../framework.installation.procedure.render.rst | 10 + .../testframework/framework.userguide.render.rst | 10 + docs/testing/testframework/index.rst | 16 ++ .../testframework/opnfv.testframework.overview.rst | 17 ++ docs/userguide/index.rst | 14 - docs/userguide/userguide.introduction.rst | 85 ------ 83 files changed, 1446 insertions(+), 2333 deletions(-) delete mode 100644 docs/configurationguide/abstract.rst delete mode 100644 docs/configurationguide/configuration.options.render.rst delete mode 100644 docs/configurationguide/feature.configuration.description.rst delete mode 100644 docs/configurationguide/index.rst delete mode 100644 docs/configurationguide/scenario.description.rst create mode 100644 docs/development/feature.templates/scenarios/scenario.name/index.rst create mode 100644 docs/development/feature.templates/scenarios/scenario.name/scenario.description.rst create mode 100644 docs/development/feature.templates/userguide/feature.userguide.rst create mode 100644 docs/development/feature.templates/userguide/index.rst create mode 100644 docs/development/opnfvsecguide/_static/temp create mode 100644 docs/development/opnfvsecguide/_templates/temp create mode 100644 docs/development/opnfvsecguide/audit.rst create mode 100644 docs/development/opnfvsecguide/audit/audit_reqs.rst create mode 100644 docs/development/opnfvsecguide/compute.rst create mode 100644 docs/development/opnfvsecguide/compute/dacmaccontrols.rst create mode 100644 docs/development/opnfvsecguide/compute/trust.rst create mode 100644 docs/development/opnfvsecguide/contribution.rst create mode 100644 docs/development/opnfvsecguide/getting_started.rst create mode 100644 docs/development/opnfvsecguide/index.rst create mode 100644 docs/development/opnfvsecguide/introduction.rst create mode 100644 docs/development/opnfvsecguide/introduction/acknowledgements.rst create mode 100644 docs/development/opnfvsecguide/introduction/background.rst create mode 100644 docs/development/opnfvsecguide/network.rst create mode 100644 docs/development/opnfvsecguide/network/neutron.rst create mode 100644 docs/development/scenario/featurematrix.rst create mode 100644 docs/development/scenario/scenariointro.rst create mode 100644 docs/development/scenario/scenariomatrix.rst create mode 100644 docs/development/scenario/scenariovalidation.rst delete mode 100644 docs/documentation/index.rst delete mode 100644 docs/feature.templates/scenarios/scenario.name/index.rst delete mode 100644 docs/feature.templates/scenarios/scenario.name/scenario.description.rst delete mode 100644 docs/feature.templates/userguide/feature.userguide.rst delete mode 100644 docs/feature.templates/userguide/index.rst delete mode 100644 docs/images/brahmaputrafeaturematrix.jpg delete mode 100644 docs/images/brahmaputrascenariomatrix.jpg delete mode 100644 docs/images/opnfvplatformgraphic.png delete mode 100644 docs/images/weather-clear.jpg delete mode 100644 docs/images/weather-dash.jpg delete mode 100644 docs/images/weather-few-clouds.jpg delete mode 100644 docs/images/weather-overcast.jpg delete mode 100644 docs/installationprocedure/index.rst delete mode 100644 docs/installationprocedure/installation.introduction.rst delete mode 100644 docs/opnfvsecguide/_static/temp delete mode 100644 docs/opnfvsecguide/_templates/temp delete mode 100644 docs/opnfvsecguide/audit.rst delete mode 100644 docs/opnfvsecguide/audit/audit_reqs.rst delete mode 100644 docs/opnfvsecguide/compute.rst delete mode 100644 docs/opnfvsecguide/compute/dacmaccontrols.rst delete mode 100644 docs/opnfvsecguide/compute/trust.rst delete mode 100644 docs/opnfvsecguide/contribution.rst delete mode 100644 docs/opnfvsecguide/getting_started.rst delete mode 100644 docs/opnfvsecguide/index.rst delete mode 100644 docs/opnfvsecguide/introduction.rst delete mode 100644 docs/opnfvsecguide/introduction/acknowledgements.rst delete mode 100644 docs/opnfvsecguide/introduction/background.rst delete mode 100644 docs/opnfvsecguide/network.rst delete mode 100644 docs/opnfvsecguide/network/neutron.rst delete mode 100644 docs/overview/index.rst delete mode 100644 docs/overview/overview.rst create mode 100644 docs/release/index.rst create mode 100644 docs/release/installation.introduction.rst create mode 100644 docs/release/overview.rst create mode 100644 docs/release/userguide.introduction.rst delete mode 100644 docs/scenario/featurematrix.rst delete mode 100644 docs/scenario/scenariointro.rst delete mode 100644 docs/scenario/scenariomatrix.rst delete mode 100644 docs/scenario/scenariovalidation.rst delete mode 100644 docs/templates/LICENSE.rst delete mode 100644 docs/templates/build-instructions.rst delete mode 100644 docs/templates/index.rst delete mode 100644 docs/templates/installation-instructions.rst delete mode 100644 docs/templates/release-notes.rst delete mode 100644 docs/testframework/framework.installation.procedure.render.rst delete mode 100644 docs/testframework/framework.userguide.render.rst delete mode 100644 docs/testframework/index.rst delete mode 100644 docs/testframework/opnfv.testframework.overview.rst create mode 100644 docs/testing/testframework/framework.installation.procedure.render.rst create mode 100644 docs/testing/testframework/framework.userguide.render.rst create mode 100644 docs/testing/testframework/index.rst create mode 100644 docs/testing/testframework/opnfv.testframework.overview.rst delete mode 100644 docs/userguide/index.rst delete mode 100644 docs/userguide/userguide.introduction.rst (limited to 'docs') diff --git a/docs/configurationguide/abstract.rst b/docs/configurationguide/abstract.rst deleted file mode 100644 index 1263dfa56..000000000 --- a/docs/configurationguide/abstract.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -======== -Abstract -======== - -This document provides guidance for the configurations available in the -Colorado release of OPNFV. - -The release includes four installer tools leveraging different -technologies; Apex, Compass4nfv, Fuel and JOID, which deploy -components of the platform. - -This document also includes the selection of tools and -components including guidelines for how to deploy and configure -the platform to an operational state. - diff --git a/docs/configurationguide/configuration.options.render.rst b/docs/configurationguide/configuration.options.render.rst deleted file mode 100644 index f8f16ff54..000000000 --- a/docs/configurationguide/configuration.options.render.rst +++ /dev/null @@ -1,27 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -===================== -Configuration Options -===================== - -OPNFV provides a variety of virtual infrastructure deployments called scenarios designed to -host virtualised network functions (VNF's). Each scenario provide specific capabilities and/or -components aimed to solve specific problems for the deployment of VNF's. A scenario may include -components such as OpenStack, OpenDaylight, OVS, KVM etc. where each scenario will -include different source components or configurations. - -OPNFV Scenarios -=============== - -Each OPNFV scenario provides unique features and capabilities, it is important to understand -your target platform capabilities before installing and configuring your target scenario. -This configuration guide outlines how to install and configure components in order to enable -the features you require. - -.. include:: ../scenario/scenariomatrix.rst - -This document will describe how to install and configure your target OPNFV scenarios. -Remember to check the associated validation procedures section following your installation for -details of the use cases and tests that have been run. diff --git a/docs/configurationguide/feature.configuration.description.rst b/docs/configurationguide/feature.configuration.description.rst deleted file mode 100644 index 717cd0fa2..000000000 --- a/docs/configurationguide/feature.configuration.description.rst +++ /dev/null @@ -1,22 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Sofia Wallin (Ericsson AB) - -Configuration of -========================== - -Add a brief introduction to configure OPNFV with this specific feature including -dependancies on platform components, this description should be at a level that -will apply to any installer providing the pre-requisite components. - -Pre-configuration activities ----------------------------- -Describe specific pre-configuration activities. This should include ensuring the -right components are installed by the installation tools as required for your -feature to function. Refer to the previous installer configuration chapters, -installations guide and release notes - -Hardware configuration ----------------------- -Describe the hardware configuration needed for this specific feature - diff --git a/docs/configurationguide/index.rst b/docs/configurationguide/index.rst deleted file mode 100644 index 9bf442a42..000000000 --- a/docs/configurationguide/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -************************* -OPNFV Configuration Guide -************************* -Colorado 1.0 ------------- - -.. toctree:: - :maxdepth: 2 - - ./abstract.rst - ./configuration.options.render.rst - ./feature.configuration.description.rst - ./scenario.description.rst - diff --git a/docs/configurationguide/scenario.description.rst b/docs/configurationguide/scenario.description.rst deleted file mode 100644 index c318e6f59..000000000 --- a/docs/configurationguide/scenario.description.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Sofia Wallin (Ericsson AB) - -==================== -Scenario description -==================== - -This document will describe and link to the scenario installation instructions. - diff --git a/docs/development/feature.templates/scenarios/scenario.name/index.rst b/docs/development/feature.templates/scenarios/scenario.name/index.rst new file mode 100644 index 000000000..59ada34e9 --- /dev/null +++ b/docs/development/feature.templates/scenarios/scenario.name/index.rst @@ -0,0 +1,16 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + +=================================== + overview and description +=================================== +.. This document will be used to provide a description of the scenario for an end user. +.. You should explain the purpose of the scenario, the types of capabilities provided and +.. the unique components that make up the scenario including how they are used. + +.. toctree:: + :maxdepth: 3 + + ./scenario.description.rst + diff --git a/docs/development/feature.templates/scenarios/scenario.name/scenario.description.rst b/docs/development/feature.templates/scenarios/scenario.name/scenario.description.rst new file mode 100644 index 000000000..afd587915 --- /dev/null +++ b/docs/development/feature.templates/scenarios/scenario.name/scenario.description.rst @@ -0,0 +1,32 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + +Introduction +============ +.. In this section explain the purpose of the scenario and the types of capabilities provided + +Scenario components and composition +=================================== +.. In this section describe the unique components that make up the scenario, +.. what each component provides and why it has been included in order +.. to communicate to the user the capabilities available in this scenario. + +Scenario usage overview +======================= +.. Provide a brief overview on how to use the scenario and the features available to the +.. user. This should be an "introduction" to the userguide document, and explicitly link to it, +.. where the specifics of the features are covered including examples and API's + +Limitations, Issues and Workarounds +=================================== +.. Explain scenario limitations here, this should be at a design level rather than discussing +.. faults or bugs. If the system design only provide some expected functionality then provide +.. some insight at this point. + +References +========== + +For more information on the OPNFV Colorado release, please visit +http://www.opnfv.org/colorado + diff --git a/docs/development/feature.templates/userguide/feature.userguide.rst b/docs/development/feature.templates/userguide/feature.userguide.rst new file mode 100644 index 000000000..b8adfa592 --- /dev/null +++ b/docs/development/feature.templates/userguide/feature.userguide.rst @@ -0,0 +1,19 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + + description +===================== +.. Describe the specific features and how it is realised in the scenario in a brief manner +.. to ensure the user understand the context for the user guide instructions to follow. + + capabilities and usage +================================ +.. Describe the specific capabilities and usage for feature. +.. Provide enough information that a user will be able to operate the feature on a deployed scenario. + + +----------------------------------------------- +.. Describe with examples how to use specific features, provide API examples and details required to +.. operate the feature on the platform. + diff --git a/docs/development/feature.templates/userguide/index.rst b/docs/development/feature.templates/userguide/index.rst new file mode 100644 index 000000000..cc84670fc --- /dev/null +++ b/docs/development/feature.templates/userguide/index.rst @@ -0,0 +1,23 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + +==================== + user guide +==================== + +.. The feature user guide should provide an OPNFV user with enough information to +.. use the features provided by the feature project in the supported scenarios. +.. This guide should walk a user through the usage of the features once a scenario +.. has been deployed and is active according to the installation guide provided +.. by the installer project. + +.. toctree:: + :maxdepth: 3 + +.. The feature.userguide.rst file should contain the text for this document +.. additional documents can be added to this directory and added in the right order +.. to this file as a list below. + + ./feature.userguide.rst + diff --git a/docs/development/opnfvsecguide/_static/temp b/docs/development/opnfvsecguide/_static/temp new file mode 100644 index 000000000..e69de29bb diff --git a/docs/development/opnfvsecguide/_templates/temp b/docs/development/opnfvsecguide/_templates/temp new file mode 100644 index 000000000..e69de29bb diff --git a/docs/development/opnfvsecguide/audit.rst b/docs/development/opnfvsecguide/audit.rst new file mode 100644 index 000000000..cdeecba60 --- /dev/null +++ b/docs/development/opnfvsecguide/audit.rst @@ -0,0 +1,9 @@ +Audit +---------------- + +.. toctree:: + :maxdepth: 2 + + audit/audit_reqs + audit/configuring + diff --git a/docs/development/opnfvsecguide/audit/audit_reqs.rst b/docs/development/opnfvsecguide/audit/audit_reqs.rst new file mode 100644 index 000000000..ce76d016b --- /dev/null +++ b/docs/development/opnfvsecguide/audit/audit_reqs.rst @@ -0,0 +1,110 @@ +Requirements references related to OPNFV Audit + +------------------ +Source information +------------------ + +http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf +http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf + +* ETSI GS NFV-SEC 003 V1.1.1 (2014-12) + + - Network Functions Virtualisation NFV); + - NFV Security; Security and Trust Guidance + - NFV-SEC-003_. + + +.. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf +* ETSI GS NFV 004 V1.1.1 (2013-10) + + - Network Functions Virtualisation (NFV); + - Virtualisation Requirements + - NFV-SEC-004_. + +.. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf + +Requirements on Auditing framework +---------------------------------- + +Audit records shall be maintained within protected binary logs so that the record of +malicious actions cannot be deleted from the logs. + +Necessary auditable events +-------------------------- + +* access control management + + - Adding a user account + - Modifying user account + - Deleting a user account + - login event + - logout event + - IP whitelisting update + - IP blacklisting update + +* VNFC Creation + + - The instantiation of a newly-defined VNFC + - The instantiation of a VNFC with pre-configured state + - The cloning of an existing VNFC + +* VNFC Deletion + + - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images) + +* Software management + + - patching e.g. opreating system, drivers, VM components + - dynamic updates to the configuration e.g. DNS, DHCP + - application software updates + - software component updates + +* Data management + + - Root level access to NFVI file system + - User level access to NFVI file system + - Secured wipe, disk and memory + - Verified destruction + - Certificate revocation + +* VNFC Migration + + - VNFC original host identity + - VNFC target host identity + - high availability + - recovery + - data-in-motion changes + +* Other VNFC Operational State Changes + + - Hibernation, sleep, resumption, abort, restore, suspension + - Power-on and power-off (either physical or virtual) + - Integrity verification failure, crash and OS compromise + +* VNFC Topology Changes + + - Network IP address and VLAN updates + - Service chaining + - Failover and disaster recovery + +* traffic inspection + + - enabling virtual port mirroring + - enabling hypervisor introspection + - enabling in-line traffic inspection + - application insertion + +* initial provisioning of a public/private key pair + + - Self-generation of key pairs for later validation by an external party: + + - Certificate Authority + - VNFM + + - Provision by trusted party + + - network + - storage + + - Injection by hypervisor + diff --git a/docs/development/opnfvsecguide/compute.rst b/docs/development/opnfvsecguide/compute.rst new file mode 100644 index 000000000..d6c1a0159 --- /dev/null +++ b/docs/development/opnfvsecguide/compute.rst @@ -0,0 +1,8 @@ +Compute Security +---------------- + +.. toctree:: + :maxdepth: 2 + + compute/dacmaccontrols.rst + compute/trust.rst diff --git a/docs/development/opnfvsecguide/compute/dacmaccontrols.rst b/docs/development/opnfvsecguide/compute/dacmaccontrols.rst new file mode 100644 index 000000000..08cd7ee89 --- /dev/null +++ b/docs/development/opnfvsecguide/compute/dacmaccontrols.rst @@ -0,0 +1,3 @@ +DAC & MAC Controls +------------------ + diff --git a/docs/development/opnfvsecguide/compute/trust.rst b/docs/development/opnfvsecguide/compute/trust.rst new file mode 100644 index 000000000..3022e59c0 --- /dev/null +++ b/docs/development/opnfvsecguide/compute/trust.rst @@ -0,0 +1,124 @@ +Trusted Compute +--------------- + +Trusted compute is centered on insuring the complete lifecycle of a VM, and +the VM's underlying infrastructure is of a 'trustful' state. + +**Trusted computing in a cloud environment** + +To ensure overall security in an OPNFV deployment, both the launch and the +operation of virtualized resources need to be secure. To build a trusted +computing in a cloud environment the following core features are essential: + +* boot integrity - the hardware platform can guarantee a trustworthy RoT for the overall cloud environment +* secure management of VMs – to secure the launch and migration of VMs in the cloud environment + +In this section we will cover some aspects of what is considered compute +security, such as secure/trusted boot, although of course these can be +extended to other actors such as neutron networking nodes. + +Secure Boot +########### + +Secure boot, a UEFI-based feature that has become controversial lately, +ensures that nodes in an OPNFV deployment boot only software that is trusted +by the admin or end user. + +In order to understand the secure boot procedure, we need to explain the related technology +and specification. + +**Unified Extensible Firmware Interface (UEFI)** + +UEFI is a specification intended to be the replacement and improvement on the +old BIOS (Basic Input/Output System). + +One UEFI-based feature that has become controversial lately is the secure boot feature. + +The UEFI specification is a standard that’s handled by a non-profit organization +with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others, +called the Unified EFI Forum. + +UEFI supports 32 and 64 bit processors and can be used with Itanium, x86, +x64 and ARM processors. + +**Trusted Execution Environment (TEE) vs Trusted Platform Mobile (TPM)** + +Two main components of platform security: + +* Trusted Execution Environment +* Trusted Platform Module + +These are not designed as a replacement of the other. TEE is the bulletproof +safe, while TPM is the 128-digit combination lock for the safe. Both are +needed to ensure the safe is protected. + +TPM is a dependency of TEE but not the other way around. + +The TPM is where TEE will store the measurements - hash of components - of the platform. + +If TEE is not supported by a platform but a TPM is still present you still have +all these features: + +* Integrity measurement – securely measure the platform's components (hashes stored within the TPM) + +* Authenticated boot – a process by which a platform's state (the sum of its + components) is reliably measured and stored + +* SRTM - Static Root of Trust for Measurements + +* Sealed Storage - encrypt data based on the current state of the platform + or in other words, what has been measured (the PCR hash values stored in the + TPM) - seal operation + +* Attestation - securely report to other parties the state of the platform + + +Trusted Compute Pools +##################### + +**Trusted Boot** + +Trusted boot (tboot) is an open source, pre- kernel/VMM module that uses +Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured +and verified launch of an OS kernel/VMM. The root of trust is in the hardware +and a TPM is required. Compute nodes in an OPNFV deployment boot with Intel +TXT technology enabled. + +Read more about `Trusted Boot `_ and +`Trusted Computing. `_ + +**Trusted Execution Environments (TEE)** + +The Trusted Execution Environment is an isolated execution environment which +provides higher level of security such as isolated execution, integrity of +Trusted Applications along with confidentiality of their assets. + +**Goals of a Trusted Execution Environments:** + +* Isolated Execution +* Secure Storage +* Remote Attestation +* Secure Provisioning +* Trusted Path + +**TEE platforms/implementations** + +* Intel’s TXT (Trusted Execution Technology) +* AMD Secure Execution Environment +* ARM TrustZone + +All three of these TEE implementations provide a virtualized Execution +Environment for the secure OS and applications. + +To switch between the secure world and the normal world, Intel provides SMX +Instructions, while ARM uses SMC. Programmatically, they all achieve very +similar results. + +Read more about Trusted Execution Environments `here. `_ + +`NIST SP800-147 `_ +, is a guidelines for firmware security, to ensure that the firmware itself is secure. + +Read more about "Trusted compute pools", in the +`OpenStack Security Guide. `_ + diff --git a/docs/development/opnfvsecguide/contribution.rst b/docs/development/opnfvsecguide/contribution.rst new file mode 100644 index 000000000..683aa2d14 --- /dev/null +++ b/docs/development/opnfvsecguide/contribution.rst @@ -0,0 +1,45 @@ +How to Contribute +----------------- + +Anyone is welcome to make additions, raise bugs, and fix issues within this Documentation. +To do so, you will however need to first get an enviroment set up. + +Development Environment +####################### + +All project data such as formatting guidelines, and upstream mapping is documented via sphinx +which uses reStructuredText + +It is recommended that you use a python virtualenv to keep things clean and contained. + +VirtualEnv +********** + +Use of a virtual environment is recommended, as not only is it a quick easy form of +getting the needed modules in place, it isolates the module versions to a project. + +From within your inspector directory, set up a new virtualenv:: + + virtualenv venv + +Activate the new virtual environment:: + + source venv/bin/activate + +Install requirements:: + + pip install -r requirements.txt + +Sphinx Basics +************* + +To get started with sphinx, visit the main tutorial which will provide a primer `http://sphinx-doc.org/tutorial.html` + +Hack your changes into opnfv-security-guide/source + +To compile changes: + + make html + +From here you can run a basic python web server or just navigate to the +file:////opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/development/opnfvsecguide/getting_started.rst b/docs/development/opnfvsecguide/getting_started.rst new file mode 100644 index 000000000..e09507dd2 --- /dev/null +++ b/docs/development/opnfvsecguide/getting_started.rst @@ -0,0 +1,41 @@ +Getting Started +--------------- + +Development Environment +####################### + +All project data such as formatting guidelines, and upstream mapping is documented via sphinx +which uses reStructuredText + +VirtualEnv +********** + +Use of a virtual environment is recommended, as not only is it a quick easy form of +getting the needed modules in place, it isolates the module versions to a project. + +From within your inspector directory, set up a new virtualenv:: + + virtualenv venv + +Activate the new virtual environment:: + + source venv/bin/activate + +Install requirements:: + + pip install -r requirements.txt + +Sphinx Basics +************* + +To get started with sphinx, visit the main tutorial which will provide a primer +`http://sphinx-doc.org/tutorial.html` + +Hack your changes into opnfv-security-guide/source + +To compile changes: + + make html + +From here you can run a basic python web server or just navigate to the +file:////opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/development/opnfvsecguide/index.rst b/docs/development/opnfvsecguide/index.rst new file mode 100644 index 000000000..ecefd61ce --- /dev/null +++ b/docs/development/opnfvsecguide/index.rst @@ -0,0 +1,21 @@ +.. OPNFV Security Guide documentation master file, created by + sphinx-quickstart on Tue Oct 27 19:30:29 2015. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to OPNFV Security Guide +================================================ + +This guide seeks to inform operators who to secure and maintain the security of the OPNFV Platform and its components. + +Contents: + +.. toctree:: + :maxdepth: 2 + + introduction + compute + network + contribution + audit + diff --git a/docs/development/opnfvsecguide/introduction.rst b/docs/development/opnfvsecguide/introduction.rst new file mode 100644 index 000000000..ad8083197 --- /dev/null +++ b/docs/development/opnfvsecguide/introduction.rst @@ -0,0 +1,15 @@ +Introduction +--------------- + +The OPNFV Security Guide is the collaborative work of many individuals, +involved in both the OPNFV Security Group and the wider OPNFV community. + +The purpose of this guide is to provide the best practice security guidelines for +deploying the OPNFV platfornm. It is a living document that is updated as +new changes are merged into it's repository. + +.. toctree:: + :maxdepth: 2 + + introduction/background + introduction/acknowledgements diff --git a/docs/development/opnfvsecguide/introduction/acknowledgements.rst b/docs/development/opnfvsecguide/introduction/acknowledgements.rst new file mode 100644 index 000000000..60c687d05 --- /dev/null +++ b/docs/development/opnfvsecguide/introduction/acknowledgements.rst @@ -0,0 +1,3 @@ +Acknowledgements +---------------- + diff --git a/docs/development/opnfvsecguide/introduction/background.rst b/docs/development/opnfvsecguide/introduction/background.rst new file mode 100644 index 000000000..bd7e44d01 --- /dev/null +++ b/docs/development/opnfvsecguide/introduction/background.rst @@ -0,0 +1,38 @@ +Background +---------- + +Pre-virtualization security protection was largely centered on the network. +Malicious attacks from hostile machines, would seek to exploit network based +operating systems and applications, with the goal of compromising their +target node. + +Physical security had always been a much simpler business, with most focus on +the secure access of the data center hardware. +In-turn security was built up in layers (defense in depth) where machines +would be +daisy chained with network cables via security appliances to provide +controlled segmentation and isolation. +This form of security was built upon the principle of an 'air gap' +being present, +whereby machines were separate physical units, joined largely by the +network stack. + +With the advent of virtualization (namely the hypervisor), new attack +vectors have +surfaced as the 'air-gap' is no longer key design aspect for security. +Further to this elements orchestation nodes and network controllers +lead to an even wider attack surface: + +* Guests breaking isolation of the hypervisor. + +* Unauthorized access and control of supporting orchestration nodes. + +* Unauthorized access and control of supporting overlay network control systems. + +The hypervisor and the overlay network have now become the 'Achilles heel' +whereby all tenant data isolation is enforced within the hypervisor and its +abstraction +of hardware and the virtualized overlay network. + +This guide has been formulated, in order to assist users of the OPNFV platform +in securing an Telco NFV / SDN environment. diff --git a/docs/development/opnfvsecguide/network.rst b/docs/development/opnfvsecguide/network.rst new file mode 100644 index 000000000..b1744796c --- /dev/null +++ b/docs/development/opnfvsecguide/network.rst @@ -0,0 +1,8 @@ +Network Security +---------------- + + +.. toctree:: + :maxdepth: 2 + + network/neutron diff --git a/docs/development/opnfvsecguide/network/neutron.rst b/docs/development/opnfvsecguide/network/neutron.rst new file mode 100644 index 000000000..e7ca06075 --- /dev/null +++ b/docs/development/opnfvsecguide/network/neutron.rst @@ -0,0 +1,2 @@ +Neutron Security +---------------- diff --git a/docs/development/scenario/featurematrix.rst b/docs/development/scenario/featurematrix.rst new file mode 100644 index 000000000..2d00a4097 --- /dev/null +++ b/docs/development/scenario/featurematrix.rst @@ -0,0 +1,39 @@ +Each scenario provides a set of platform capabilities and features that it supports. It is +possible to identify which features are provided by reviewing the scenario name, however +not all features and capabilities are discernible from the name itself. + +Brahmaputra feature support matrix +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following table provides an overview of the available scenarios and supported features +in the Brahmaputra release of OPNFV. + +.. image:: ../images/brahmaputrafeaturematrix.jpg + :alt: OPNFV Brahmaputra Feature Matrix + +The table above provides an overview of which scenarios will support certain feature capabilities. +The table does not indicate if the feature or scenario has limitations. Refer to the +`Configuration Guide `_ +for details on the state of each scenario and further information. + +Feature development in the Brahmaputra release often consisted of the development of specific +requirements and the further integration and validation of those requirements. This results in some +features only being supported on the platform when a specific scenario, providing the +capabilities necessary to run the feature, is deployed. + +Scenario Naming +^^^^^^^^^^^^^^^ + +In OPNFV, scenarios are identified by short scenario names. These names follow a scheme that +identifies the key components and behaviours of the scenario, the rules for scenario naming are as follows: + + os-[controller]-[feature]-[mode]-[option] + +For example: *os-nosdn-kvm-noha* provides an OpenStack based deployment using neutron including +the OPNFV enhanced KVM hypervisor. + +The [feature] tag in the scenario name describes the main feature provided by the scenario. +This scenario may also provide support for features, such as advanced fault management, which are +not apparent in the scenario name. +The following section describes the features available in each scenario. + diff --git a/docs/development/scenario/scenariointro.rst b/docs/development/scenario/scenariointro.rst new file mode 100644 index 000000000..dd808432b --- /dev/null +++ b/docs/development/scenario/scenariointro.rst @@ -0,0 +1,13 @@ +OPNFV Scenarios +--------------- + +The OPNFV project provides an integration and deployment environment for a variety of components +that can make up a virtualisation platform. OPNFV identifies these variations on the composition of +the platform as scenarios. + +A scenario in OPNFV can be defined as "a deployment of a specific set of platform components". The +composition of a scenario may include specific SDN controller technologies, specific accelerate +switching technologies, or even specific configurations of components to achieve targeted platform +capabilities. Each scenario behaves differetly and it is important to understand the behaviour you +want in order to target the specific scenario you wish to deploy prior to working with the +OPNFV platform. diff --git a/docs/development/scenario/scenariomatrix.rst b/docs/development/scenario/scenariomatrix.rst new file mode 100644 index 000000000..64e115015 --- /dev/null +++ b/docs/development/scenario/scenariomatrix.rst @@ -0,0 +1,100 @@ +Scenarios are implemented as deployable compositions through integration with an installation tool. +OPNFV supports multiple installation tools and for any given release not all tools will support all +scenarios. While our target is to establish parity across the installation tools to ensure they +can provide all scenarios, the practical challenge of achieving that goal for any given feature and +release results in some disparity. + +Brahmaputra scenario overeview +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following table provides an overview of the installation tools and available scenario's +in the Brahmaputra release of OPNFV. + +.. image:: ../images/brahmaputrascenariomatrix.jpg + :alt: OPNFV Brahmaputra Scenario Matrix + +Scenario status is indicated by a weather pattern icon. All scenarios listed with +a weather pattern are possible to deploy and run in your environment or a Pharos lab, +however they may have known limitations or issues as indicated by the icon. + +Weather pattern icon legend: + ++---------------------------------------------+----------------------------------------------------------+ +| Weather Icon | Scenario Status | ++=============================================+==========================================================+ +| .. image:: ../images/weather-clear.jpg | Stable, no known issues | ++---------------------------------------------+----------------------------------------------------------+ +| .. image:: ../images/weather-few-clouds.jpg | Stable, documented limitations | ++---------------------------------------------+----------------------------------------------------------+ +| .. image:: ../images/weather-overcast.jpg | Deployable, stability or feature limitations | ++---------------------------------------------+----------------------------------------------------------+ +| .. image:: ../images/weather-dash.jpg | Not deployed with this installer | ++---------------------------------------------+----------------------------------------------------------+ + +Scenarios that are not yet in a state of "Stable, no known issues" will continue to be stabilised +and updates will be made on the stable/brahmaputra branch. While we intend that all Brahmaputra +scenarios should be stable it is worth checking regularly to see the current status. Due to +our dependency on upstream communities and code some issues may not be resolved prior to the C release. + +Scenario Naming +^^^^^^^^^^^^^^^ + +In OPNFV scenarios are identified by short scenario names, these names follow a scheme that +identifies the key components and behaviours of the scenario. The rules for scenario naming are as follows: + + os-[controller]-[feature]-[mode]-[option] + +Details of the fields are + * os: mandatory + + * Refers to the platform type used + * possible value: os (OpenStack) + +* [controller]: mandatory + + * Refers to the SDN controller integrated in the platform + * example values: nosdn, ocl, odl, onos + + * [feature]: mandatory + + * Refers to the feature projects supported by the scenario + * example values: nofeature, kvm, ovs, sfc + + * [mode]: mandatory + + * Refers to the deployment type, which may include for instance high availability + * possible values: ha, noha + + * [option]: optional + + * Used for the scenarios those do not fit into naming scheme. + * The optional field in the short scenario name should not be included if there is no optional scenario. + +Some examples of supported scenario names are: + + * os-nosdn-kvm-noha + + * This is an OpenStack based deployment using neutron including the OPNFV enhanced KVM hypervisor + + * os-onos-nofeature-ha + + * This is an OpenStack deployment in high availability mode including ONOS as the SDN controller + + * os-odl_l2-sfc + + * This is an OpenStack deployment using OpenDaylight and OVS enabled with SFC features + +Installing your scenario +^^^^^^^^^^^^^^^^^^^^^^^^ + +There are two main methods of deploying your target scenario, one method is to follow this guide which will +walk you through the process of deploying to your hardware using scripts or ISO images, the other method is +to set up a Jenkins slave and connect your infrastructure to the OPNFV Jenkins master. + +For the purposes of evaluation and development a number of Brahmaputra scenarios are able to be deployed +virtually to mitigate the requirements on physical infrastructure. Details and instructions on performing +virtual deployments can be found in the installer specific installation instructions. + +To set up a Jenkins slave for automated deployment to your lab, refer to the `Jenkins slave connect guide. +`_ + diff --git a/docs/development/scenario/scenariovalidation.rst b/docs/development/scenario/scenariovalidation.rst new file mode 100644 index 000000000..e69de29bb diff --git a/docs/documentation/index.rst b/docs/documentation/index.rst deleted file mode 100644 index 6f3ee54b8..000000000 --- a/docs/documentation/index.rst +++ /dev/null @@ -1,208 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Open Platform for NFV Project, Inc. and its contributors - -******************* -OPNFV Documentation -******************* - -============================== -Colorado Release Documentation -============================== - -OPNFV release documentation is structured with brief platform-level documents referencing -more detailed installation instructions and descriptive documentation. - -Platform documentation -====================== - -* `OPNFV platform overview document `_ -* `OPNFV Installation instruction `_ -* `OPNFV user guide `_ - -Installation instructions -========================= - -* `Apex installation instruction `_ -* `Apex release notes `_ -* `Compass installation instruction `_ -* `Compass release notes `_ -* `Fuel installation instruction `_ -* `Fuel release notes `_ -* `Joid installation instruction `_ -* `Joid release notes `_ - -Feature project documentation -============================= - ---------------- -ARMband project ---------------- - -* `Installation instruction `_ -* `Release notes `_ - ----------------------------------------------- -Copper release documentation ----------------------------------------------- - -* `Design documentation `_ -* `Installation instruction `_ -* `User guide `_ -* `Release notes `_ - ------------------------------------------------------ -Doctor features and capabilities ------------------------------------------------------ - -* `Project overview `_ -* `User guide `_ -* `Release notes `_ - ----------------------------------------------------------------- -Domino features and capabilities ----------------------------------------------------------------- - -* `User guide `_ - -------------------------------------------------- -FastDataStacks feature and scenario documentation -------------------------------------------------- - -* `OpenDaylight integrated fd.io scenario description `_ - ------------------------------------- -IPv6 platform support and capability ------------------------------------- - -* `Configuration guide `_ -* `User guide `_ - ------------ -KVM for NFV ------------ - -* `Installation instruction `_ -* `Configuration guide `_ -* `User guide `_ -* `Release notes `_ - --------------------------------- -MOON security management for NFV --------------------------------- - -* `Project and Scenario overview `_ -* `Installation instruction `_ -* `User guide `_ -* `Release notes `_ - ----------------------------- -Multisite datacenter project ----------------------------- - -* `Installation instruction `_ -* `User guide `_ -* `Release notes `_ - -------------------------- -Network readiness project -------------------------- - -* `Requirements document `_ - ----------------------- -ONOS framework project ----------------------- - -* `Installation instruction `_ -* `User guide `_ - ----------------------------- -OVSNFV release documentation ----------------------------- - -* `OVS for NFV scenario description `_ -* `Configuration guide `_ -* `User guide `_ - --------------- -Parser project --------------- - -* `Parser release documentation `_ -* `Installation instruction `_ -* `User guide `_ - ------- -Pharos ------- - -* `Pharos specification `_ -* `Configuration guide `_ - -------- -Promise -------- - -* `Requirement specification `_ -* `Installation and configuration guide `_ -* `User guide `_ - ------- -SDNVPN ------- - -* `BGPVPN scenario description `_ -* `User guide `_ -* `Release notes `_ - ---- -SFC ---- - -* `Design documentation `_ -* `SFC scenario description `_ -* `High availability SFC scenario description `_ -* `Installation instruction `_ -* `User guide `_ -* `Release notes `_ - ------------------------------------------------- -Software fast-path quality metrics documentation ------------------------------------------------- - -* `Release and development documentation `_ - - -Test Project documentation -========================== - -------------------------- -Bottlenecks documentation -------------------------- - -* `Installation instruction `_ -* `Release notes `_ - ----------------------- -Functest documentation ----------------------- - -* `Configuration guide `_ -* `User guide `_ -* `Developer guide `_ -* `Release notes `_ - -------------------------- -vSwitchPerf documentation -------------------------- - -* `Release and development documentation `_ - ------------------------ -Yardstick documentation ------------------------ - -* `User guide `_ -* `Release notes `_ - diff --git a/docs/feature.templates/scenarios/scenario.name/index.rst b/docs/feature.templates/scenarios/scenario.name/index.rst deleted file mode 100644 index 59ada34e9..000000000 --- a/docs/feature.templates/scenarios/scenario.name/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - -=================================== - overview and description -=================================== -.. This document will be used to provide a description of the scenario for an end user. -.. You should explain the purpose of the scenario, the types of capabilities provided and -.. the unique components that make up the scenario including how they are used. - -.. toctree:: - :maxdepth: 3 - - ./scenario.description.rst - diff --git a/docs/feature.templates/scenarios/scenario.name/scenario.description.rst b/docs/feature.templates/scenarios/scenario.name/scenario.description.rst deleted file mode 100644 index afd587915..000000000 --- a/docs/feature.templates/scenarios/scenario.name/scenario.description.rst +++ /dev/null @@ -1,32 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - -Introduction -============ -.. In this section explain the purpose of the scenario and the types of capabilities provided - -Scenario components and composition -=================================== -.. In this section describe the unique components that make up the scenario, -.. what each component provides and why it has been included in order -.. to communicate to the user the capabilities available in this scenario. - -Scenario usage overview -======================= -.. Provide a brief overview on how to use the scenario and the features available to the -.. user. This should be an "introduction" to the userguide document, and explicitly link to it, -.. where the specifics of the features are covered including examples and API's - -Limitations, Issues and Workarounds -=================================== -.. Explain scenario limitations here, this should be at a design level rather than discussing -.. faults or bugs. If the system design only provide some expected functionality then provide -.. some insight at this point. - -References -========== - -For more information on the OPNFV Colorado release, please visit -http://www.opnfv.org/colorado - diff --git a/docs/feature.templates/userguide/feature.userguide.rst b/docs/feature.templates/userguide/feature.userguide.rst deleted file mode 100644 index b8adfa592..000000000 --- a/docs/feature.templates/userguide/feature.userguide.rst +++ /dev/null @@ -1,19 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - - description -===================== -.. Describe the specific features and how it is realised in the scenario in a brief manner -.. to ensure the user understand the context for the user guide instructions to follow. - - capabilities and usage -================================ -.. Describe the specific capabilities and usage for feature. -.. Provide enough information that a user will be able to operate the feature on a deployed scenario. - - ------------------------------------------------ -.. Describe with examples how to use specific features, provide API examples and details required to -.. operate the feature on the platform. - diff --git a/docs/feature.templates/userguide/index.rst b/docs/feature.templates/userguide/index.rst deleted file mode 100644 index cc84670fc..000000000 --- a/docs/feature.templates/userguide/index.rst +++ /dev/null @@ -1,23 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - -==================== - user guide -==================== - -.. The feature user guide should provide an OPNFV user with enough information to -.. use the features provided by the feature project in the supported scenarios. -.. This guide should walk a user through the usage of the features once a scenario -.. has been deployed and is active according to the installation guide provided -.. by the installer project. - -.. toctree:: - :maxdepth: 3 - -.. The feature.userguide.rst file should contain the text for this document -.. additional documents can be added to this directory and added in the right order -.. to this file as a list below. - - ./feature.userguide.rst - diff --git a/docs/images/brahmaputrafeaturematrix.jpg b/docs/images/brahmaputrafeaturematrix.jpg deleted file mode 100644 index 0d2a12279..000000000 Binary files a/docs/images/brahmaputrafeaturematrix.jpg and /dev/null differ diff --git a/docs/images/brahmaputrascenariomatrix.jpg b/docs/images/brahmaputrascenariomatrix.jpg deleted file mode 100644 index 84fc87a76..000000000 Binary files a/docs/images/brahmaputrascenariomatrix.jpg and /dev/null differ diff --git a/docs/images/opnfvplatformgraphic.png b/docs/images/opnfvplatformgraphic.png deleted file mode 100644 index 9d6074f02..000000000 Binary files a/docs/images/opnfvplatformgraphic.png and /dev/null differ diff --git a/docs/images/weather-clear.jpg b/docs/images/weather-clear.jpg deleted file mode 100644 index 011ad52e9..000000000 Binary files a/docs/images/weather-clear.jpg and /dev/null differ diff --git a/docs/images/weather-dash.jpg b/docs/images/weather-dash.jpg deleted file mode 100644 index 3bf98dd27..000000000 Binary files a/docs/images/weather-dash.jpg and /dev/null differ diff --git a/docs/images/weather-few-clouds.jpg b/docs/images/weather-few-clouds.jpg deleted file mode 100644 index 51994ee84..000000000 Binary files a/docs/images/weather-few-clouds.jpg and /dev/null differ diff --git a/docs/images/weather-overcast.jpg b/docs/images/weather-overcast.jpg deleted file mode 100644 index bdc1e0487..000000000 Binary files a/docs/images/weather-overcast.jpg and /dev/null differ diff --git a/docs/index.rst b/docs/index.rst index b69aa3980..ed06ecc9e 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -8,3 +8,40 @@ OPNFV Docs placeholder landing page This will be extended to include all the sub pages and to provide the docs.opnfv.org landing page for Danube. +===================== +Release Documentation +===================== + +Just pointing to the index.rst file here, but we need to break that out and have +sub-directories for each of the projects documents to be copied into. + +.. toctree:: + :maxdepth: 1 + + release/index + +.. need to figure out the correct URL to use here so readthedocs does it for us. + +======= +Testing +======= + +Just pointing to the index.rst file here, but we need to break that out and have +sub-directories for each of the projects documents to be copied into. + +.. toctree:: + :maxdepth: 1 + + testing/index + +========= +Developer +========= + +Just pointing to the index.rst file here, but we need to break that out and have +sub-directories for each of the projects documents to be copied into. + +.. toctree:: + :maxdepth: 1 + + developer/index diff --git a/docs/installationprocedure/index.rst b/docs/installationprocedure/index.rst deleted file mode 100644 index 3d02f310b..000000000 --- a/docs/installationprocedure/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Sofia Wallin Ericsson AB - -****************************** -OPNFV Installation Instruction -****************************** - -.. toctree:: - :numbered: - :maxdepth: 3 - - installation.introduction.rst - diff --git a/docs/installationprocedure/installation.introduction.rst b/docs/installationprocedure/installation.introduction.rst deleted file mode 100644 index 201112cad..000000000 --- a/docs/installationprocedure/installation.introduction.rst +++ /dev/null @@ -1,104 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 - .. (c) Sofia Wallin Ericsson AB - -======== -Abstract -======== - -The following document provides an overview of the instructions required for the installation -of the Colorado release of OPNFV. - -The Colorado release can be installed using a variety of technologies provided by the -integration projects participating in OPNFV: Apex, Compass4Nfv, Fuel and JOID. -Each installer provides the ability to install a common OPNFV platform as well as integrating -additional features delivered through a variety of scenarios by the OPNFV community. - -============ -Introduction -============ - -The OPNFV platform is comprised of a variety of upstream components that may be deployed on your physical -infrastructure. A composition of components, tools and configurations is identified in OPNFV as a -deployment scenario. -The various OPNFV scenarios provide unique features and capabilities that you may want to leverage, -it is important to understand your required target platform capabilities before installing and -configuring your target scenario. - -An OPNFV installation requires either a physical, or virtual, infrastructure environment as defined -in the `Pharos specification `_. -When configuring a physical infrastructure it is strongly advised to follow the Pharos configuration guidelines. - -========= -Scenarios -========= - -OPNFV scenarios are designed to host virtualised network functions (VNF’s) in a variety of deployment -architectures and locations. Each scenario provides specific capabilities and/or components aimed to -solve specific problems for the deployment of VNF’s. -A scenario may, for instance, include components such as OpenStack, OpenDaylight, OVS, KVM etc... -where each scenario will include different source components or configurations. - -To learn more about the scenarios supported in the Colorado release refer to the scenario -description documents provided: - -- Accelerated OVS `os-nosdn-ovs `_ -- Layer 3 overlay using opendaylight `os-odl-l2-bgpvpn `_ -- FD.io based forwarding using opendaylight SDN `os-odl-12-fdio-noha `_ -- High availability service function chaining `os-odl-l2-sfc-ha `_ -- Service function chaining `os-odl-l2-sfc-noha `_ -- Accelerated KVM hypervisor `os-nosdn-kvm-ha `_ -- LXD container hypervisor `os-nosdn-lxd-noha `_ -- High Availability LXD container hypervisor `os-nosdn-lxd-ha `_ - -====================== -Installation Procedure -====================== - -Detailed step by step instructions for working with an installation toolchain and installing -the required scenario are provided by each installation project. The four projects providing installation -support for the OPNFV Colorado release are; Apex, Compass4nfv, Fuel and Joid. - -The instructions for each toolchain can be found in these links: - -- `Apex installation instruction `_ -- `Compass4nfv installation instruction `_ -- `Fuel installation instruction `_ -- `Joid installation instruction `_ - -===================== -OPNFV Test Frameworks -===================== - -If you have elected to install the OPNFV platform using the deployment toolchain provided by OPNFV -your system will have been validated once the installation is completed. -The basic deployment validation only addresses a small component of the capability provided in -the platform and you may desire to execute more exhaustive tests. Some investigation is required to -select the right test suites to run on your platform from the available projects and suites. - -Many of the OPNFV test project provide user-guide documentation and installation instructions as provided below: - -- `Functest user guide `_ -- `Yardstick user guide `_ -- `vSwitchPerf user guide `_ -- `Software Fastpath Service Quality Metrics (SFQM) user guide `_ -- `Bottlenecks user guide `_ -- `Storage Performance Benchmarking for NFVI (StorPerf) user guide `_ - -============== -Security Notes -============== - -The following patches were applied to fix security issues discovered in opnfv -projects, during the c-release cycle. - -- `Removal of private keys `_ -- `Fix security issues of eval-s in testapi `_ -- `Implements use of yaml.safe_load `_ -- `Fix security issues reported by the security audit `_ -- `Fix issues found in security review `_ -- `Removing OpenSteak Project `_ -- `Remove unsed files in open-contrail role `_ -- `Get rid of private key in repo `_ -- `Handling file loads and tmp dirs differently `_ -- `Remove `Debug = True when run Flask and add logger `_ diff --git a/docs/opnfvsecguide/_static/temp b/docs/opnfvsecguide/_static/temp deleted file mode 100644 index e69de29bb..000000000 diff --git a/docs/opnfvsecguide/_templates/temp b/docs/opnfvsecguide/_templates/temp deleted file mode 100644 index e69de29bb..000000000 diff --git a/docs/opnfvsecguide/audit.rst b/docs/opnfvsecguide/audit.rst deleted file mode 100644 index cdeecba60..000000000 --- a/docs/opnfvsecguide/audit.rst +++ /dev/null @@ -1,9 +0,0 @@ -Audit ----------------- - -.. toctree:: - :maxdepth: 2 - - audit/audit_reqs - audit/configuring - diff --git a/docs/opnfvsecguide/audit/audit_reqs.rst b/docs/opnfvsecguide/audit/audit_reqs.rst deleted file mode 100644 index ce76d016b..000000000 --- a/docs/opnfvsecguide/audit/audit_reqs.rst +++ /dev/null @@ -1,110 +0,0 @@ -Requirements references related to OPNFV Audit - ------------------- -Source information ------------------- - -http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/003/01.01.01_60/gs_NFV-INF003v010101p.pdf -http://www.etsi.org/deliver/etsi_gs/NFV-INF/001_099/004/01.01.01_60/gs_NFV-INF004v010101p.pdf - -* ETSI GS NFV-SEC 003 V1.1.1 (2014-12) - - - Network Functions Virtualisation NFV); - - NFV Security; Security and Trust Guidance - - NFV-SEC-003_. - - -.. _NFV-SEC-003: http://www.etsi.org/deliver/etsi_gs/NFV-SEC/001_099/003/01.01.01_60/gs_NFV-SEC003v010101p.pdf -* ETSI GS NFV 004 V1.1.1 (2013-10) - - - Network Functions Virtualisation (NFV); - - Virtualisation Requirements - - NFV-SEC-004_. - -.. _NFV-SEC-004: http://www.etsi.org/deliver/etsi_gs/NFV/001_099/004/01.01.01_60/gs_NFV004v010101p.pdf - -Requirements on Auditing framework ----------------------------------- - -Audit records shall be maintained within protected binary logs so that the record of -malicious actions cannot be deleted from the logs. - -Necessary auditable events --------------------------- - -* access control management - - - Adding a user account - - Modifying user account - - Deleting a user account - - login event - - logout event - - IP whitelisting update - - IP blacklisting update - -* VNFC Creation - - - The instantiation of a newly-defined VNFC - - The instantiation of a VNFC with pre-configured state - - The cloning of an existing VNFC - -* VNFC Deletion - - - The deletion of VNFC and of all of its instances (e.g. snapshots, backups, archives, cloned images) - -* Software management - - - patching e.g. opreating system, drivers, VM components - - dynamic updates to the configuration e.g. DNS, DHCP - - application software updates - - software component updates - -* Data management - - - Root level access to NFVI file system - - User level access to NFVI file system - - Secured wipe, disk and memory - - Verified destruction - - Certificate revocation - -* VNFC Migration - - - VNFC original host identity - - VNFC target host identity - - high availability - - recovery - - data-in-motion changes - -* Other VNFC Operational State Changes - - - Hibernation, sleep, resumption, abort, restore, suspension - - Power-on and power-off (either physical or virtual) - - Integrity verification failure, crash and OS compromise - -* VNFC Topology Changes - - - Network IP address and VLAN updates - - Service chaining - - Failover and disaster recovery - -* traffic inspection - - - enabling virtual port mirroring - - enabling hypervisor introspection - - enabling in-line traffic inspection - - application insertion - -* initial provisioning of a public/private key pair - - - Self-generation of key pairs for later validation by an external party: - - - Certificate Authority - - VNFM - - - Provision by trusted party - - - network - - storage - - - Injection by hypervisor - diff --git a/docs/opnfvsecguide/compute.rst b/docs/opnfvsecguide/compute.rst deleted file mode 100644 index d6c1a0159..000000000 --- a/docs/opnfvsecguide/compute.rst +++ /dev/null @@ -1,8 +0,0 @@ -Compute Security ----------------- - -.. toctree:: - :maxdepth: 2 - - compute/dacmaccontrols.rst - compute/trust.rst diff --git a/docs/opnfvsecguide/compute/dacmaccontrols.rst b/docs/opnfvsecguide/compute/dacmaccontrols.rst deleted file mode 100644 index 08cd7ee89..000000000 --- a/docs/opnfvsecguide/compute/dacmaccontrols.rst +++ /dev/null @@ -1,3 +0,0 @@ -DAC & MAC Controls ------------------- - diff --git a/docs/opnfvsecguide/compute/trust.rst b/docs/opnfvsecguide/compute/trust.rst deleted file mode 100644 index 3022e59c0..000000000 --- a/docs/opnfvsecguide/compute/trust.rst +++ /dev/null @@ -1,124 +0,0 @@ -Trusted Compute ---------------- - -Trusted compute is centered on insuring the complete lifecycle of a VM, and -the VM's underlying infrastructure is of a 'trustful' state. - -**Trusted computing in a cloud environment** - -To ensure overall security in an OPNFV deployment, both the launch and the -operation of virtualized resources need to be secure. To build a trusted -computing in a cloud environment the following core features are essential: - -* boot integrity - the hardware platform can guarantee a trustworthy RoT for the overall cloud environment -* secure management of VMs – to secure the launch and migration of VMs in the cloud environment - -In this section we will cover some aspects of what is considered compute -security, such as secure/trusted boot, although of course these can be -extended to other actors such as neutron networking nodes. - -Secure Boot -########### - -Secure boot, a UEFI-based feature that has become controversial lately, -ensures that nodes in an OPNFV deployment boot only software that is trusted -by the admin or end user. - -In order to understand the secure boot procedure, we need to explain the related technology -and specification. - -**Unified Extensible Firmware Interface (UEFI)** - -UEFI is a specification intended to be the replacement and improvement on the -old BIOS (Basic Input/Output System). - -One UEFI-based feature that has become controversial lately is the secure boot feature. - -The UEFI specification is a standard that’s handled by a non-profit organization -with representatives of Intel, AMD, Microsoft, Apple, Dell, HP, IBM and others, -called the Unified EFI Forum. - -UEFI supports 32 and 64 bit processors and can be used with Itanium, x86, -x64 and ARM processors. - -**Trusted Execution Environment (TEE) vs Trusted Platform Mobile (TPM)** - -Two main components of platform security: - -* Trusted Execution Environment -* Trusted Platform Module - -These are not designed as a replacement of the other. TEE is the bulletproof -safe, while TPM is the 128-digit combination lock for the safe. Both are -needed to ensure the safe is protected. - -TPM is a dependency of TEE but not the other way around. - -The TPM is where TEE will store the measurements - hash of components - of the platform. - -If TEE is not supported by a platform but a TPM is still present you still have -all these features: - -* Integrity measurement – securely measure the platform's components (hashes stored within the TPM) - -* Authenticated boot – a process by which a platform's state (the sum of its - components) is reliably measured and stored - -* SRTM - Static Root of Trust for Measurements - -* Sealed Storage - encrypt data based on the current state of the platform - or in other words, what has been measured (the PCR hash values stored in the - TPM) - seal operation - -* Attestation - securely report to other parties the state of the platform - - -Trusted Compute Pools -##################### - -**Trusted Boot** - -Trusted boot (tboot) is an open source, pre- kernel/VMM module that uses -Intel(R) Trusted Execution Technology (Intel(R) TXT) to perform a measured -and verified launch of an OS kernel/VMM. The root of trust is in the hardware -and a TPM is required. Compute nodes in an OPNFV deployment boot with Intel -TXT technology enabled. - -Read more about `Trusted Boot `_ and -`Trusted Computing. `_ - -**Trusted Execution Environments (TEE)** - -The Trusted Execution Environment is an isolated execution environment which -provides higher level of security such as isolated execution, integrity of -Trusted Applications along with confidentiality of their assets. - -**Goals of a Trusted Execution Environments:** - -* Isolated Execution -* Secure Storage -* Remote Attestation -* Secure Provisioning -* Trusted Path - -**TEE platforms/implementations** - -* Intel’s TXT (Trusted Execution Technology) -* AMD Secure Execution Environment -* ARM TrustZone - -All three of these TEE implementations provide a virtualized Execution -Environment for the secure OS and applications. - -To switch between the secure world and the normal world, Intel provides SMX -Instructions, while ARM uses SMC. Programmatically, they all achieve very -similar results. - -Read more about Trusted Execution Environments `here. `_ - -`NIST SP800-147 `_ -, is a guidelines for firmware security, to ensure that the firmware itself is secure. - -Read more about "Trusted compute pools", in the -`OpenStack Security Guide. `_ - diff --git a/docs/opnfvsecguide/contribution.rst b/docs/opnfvsecguide/contribution.rst deleted file mode 100644 index 683aa2d14..000000000 --- a/docs/opnfvsecguide/contribution.rst +++ /dev/null @@ -1,45 +0,0 @@ -How to Contribute ------------------ - -Anyone is welcome to make additions, raise bugs, and fix issues within this Documentation. -To do so, you will however need to first get an enviroment set up. - -Development Environment -####################### - -All project data such as formatting guidelines, and upstream mapping is documented via sphinx -which uses reStructuredText - -It is recommended that you use a python virtualenv to keep things clean and contained. - -VirtualEnv -********** - -Use of a virtual environment is recommended, as not only is it a quick easy form of -getting the needed modules in place, it isolates the module versions to a project. - -From within your inspector directory, set up a new virtualenv:: - - virtualenv venv - -Activate the new virtual environment:: - - source venv/bin/activate - -Install requirements:: - - pip install -r requirements.txt - -Sphinx Basics -************* - -To get started with sphinx, visit the main tutorial which will provide a primer `http://sphinx-doc.org/tutorial.html` - -Hack your changes into opnfv-security-guide/source - -To compile changes: - - make html - -From here you can run a basic python web server or just navigate to the -file:////opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/opnfvsecguide/getting_started.rst b/docs/opnfvsecguide/getting_started.rst deleted file mode 100644 index e09507dd2..000000000 --- a/docs/opnfvsecguide/getting_started.rst +++ /dev/null @@ -1,41 +0,0 @@ -Getting Started ---------------- - -Development Environment -####################### - -All project data such as formatting guidelines, and upstream mapping is documented via sphinx -which uses reStructuredText - -VirtualEnv -********** - -Use of a virtual environment is recommended, as not only is it a quick easy form of -getting the needed modules in place, it isolates the module versions to a project. - -From within your inspector directory, set up a new virtualenv:: - - virtualenv venv - -Activate the new virtual environment:: - - source venv/bin/activate - -Install requirements:: - - pip install -r requirements.txt - -Sphinx Basics -************* - -To get started with sphinx, visit the main tutorial which will provide a primer -`http://sphinx-doc.org/tutorial.html` - -Hack your changes into opnfv-security-guide/source - -To compile changes: - - make html - -From here you can run a basic python web server or just navigate to the -file:////opnfv-security-guide/build/html/index.html in your browser diff --git a/docs/opnfvsecguide/index.rst b/docs/opnfvsecguide/index.rst deleted file mode 100644 index ecefd61ce..000000000 --- a/docs/opnfvsecguide/index.rst +++ /dev/null @@ -1,21 +0,0 @@ -.. OPNFV Security Guide documentation master file, created by - sphinx-quickstart on Tue Oct 27 19:30:29 2015. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -Welcome to OPNFV Security Guide -================================================ - -This guide seeks to inform operators who to secure and maintain the security of the OPNFV Platform and its components. - -Contents: - -.. toctree:: - :maxdepth: 2 - - introduction - compute - network - contribution - audit - diff --git a/docs/opnfvsecguide/introduction.rst b/docs/opnfvsecguide/introduction.rst deleted file mode 100644 index ad8083197..000000000 --- a/docs/opnfvsecguide/introduction.rst +++ /dev/null @@ -1,15 +0,0 @@ -Introduction ---------------- - -The OPNFV Security Guide is the collaborative work of many individuals, -involved in both the OPNFV Security Group and the wider OPNFV community. - -The purpose of this guide is to provide the best practice security guidelines for -deploying the OPNFV platfornm. It is a living document that is updated as -new changes are merged into it's repository. - -.. toctree:: - :maxdepth: 2 - - introduction/background - introduction/acknowledgements diff --git a/docs/opnfvsecguide/introduction/acknowledgements.rst b/docs/opnfvsecguide/introduction/acknowledgements.rst deleted file mode 100644 index 60c687d05..000000000 --- a/docs/opnfvsecguide/introduction/acknowledgements.rst +++ /dev/null @@ -1,3 +0,0 @@ -Acknowledgements ----------------- - diff --git a/docs/opnfvsecguide/introduction/background.rst b/docs/opnfvsecguide/introduction/background.rst deleted file mode 100644 index bd7e44d01..000000000 --- a/docs/opnfvsecguide/introduction/background.rst +++ /dev/null @@ -1,38 +0,0 @@ -Background ----------- - -Pre-virtualization security protection was largely centered on the network. -Malicious attacks from hostile machines, would seek to exploit network based -operating systems and applications, with the goal of compromising their -target node. - -Physical security had always been a much simpler business, with most focus on -the secure access of the data center hardware. -In-turn security was built up in layers (defense in depth) where machines -would be -daisy chained with network cables via security appliances to provide -controlled segmentation and isolation. -This form of security was built upon the principle of an 'air gap' -being present, -whereby machines were separate physical units, joined largely by the -network stack. - -With the advent of virtualization (namely the hypervisor), new attack -vectors have -surfaced as the 'air-gap' is no longer key design aspect for security. -Further to this elements orchestation nodes and network controllers -lead to an even wider attack surface: - -* Guests breaking isolation of the hypervisor. - -* Unauthorized access and control of supporting orchestration nodes. - -* Unauthorized access and control of supporting overlay network control systems. - -The hypervisor and the overlay network have now become the 'Achilles heel' -whereby all tenant data isolation is enforced within the hypervisor and its -abstraction -of hardware and the virtualized overlay network. - -This guide has been formulated, in order to assist users of the OPNFV platform -in securing an Telco NFV / SDN environment. diff --git a/docs/opnfvsecguide/network.rst b/docs/opnfvsecguide/network.rst deleted file mode 100644 index b1744796c..000000000 --- a/docs/opnfvsecguide/network.rst +++ /dev/null @@ -1,8 +0,0 @@ -Network Security ----------------- - - -.. toctree:: - :maxdepth: 2 - - network/neutron diff --git a/docs/opnfvsecguide/network/neutron.rst b/docs/opnfvsecguide/network/neutron.rst deleted file mode 100644 index e7ca06075..000000000 --- a/docs/opnfvsecguide/network/neutron.rst +++ /dev/null @@ -1,2 +0,0 @@ -Neutron Security ----------------- diff --git a/docs/overview/index.rst b/docs/overview/index.rst deleted file mode 100644 index 6b7b66846..000000000 --- a/docs/overview/index.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Open Platform for NFV Project, Inc. and its contributors - -******************************** -OPNFV Platform Overview Document -******************************** - -.. toctree:: - :maxdepth: 2 - - ./overview.rst diff --git a/docs/overview/overview.rst b/docs/overview/overview.rst deleted file mode 100644 index cd1b5d0f9..000000000 --- a/docs/overview/overview.rst +++ /dev/null @@ -1,290 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Open Platform for NFV Project, Inc. and its contributors - -============ -Introduction -============ - -Network Functions Virtualization (NFV) is transforming the networking industry via -software-defined infrastructures and open source is the proven method for developing -software quickly for commercial products and services that can move markets. -Open Platform for NFV (OPNFV) facilitates the development and evolution of NFV -components across various open source ecosystems. Through system level integration, -deployment and testing, OPNFV constructs a reference NFV platform to accelerate the -transformation of enterprise and service provider networks. -As an open source project, OPNFV is uniquely positioned to bring together the work -of standards bodies, open source communities, and commercial suppliers to deliver a -de facto NFV platform for the industry. - -By integrating components from upstream projects, the community is able to conduct performance -and use case-based testing on a variety of solutions to ensure the platform’s suitability for -NFV use cases. OPNFV also works upstream with other open source communities to bring both contributions -and learnings from its work directly to those communities in the form of blueprints, patches, -and new code. - -OPNFV initially focused on building NFV Infrastructure (NFVI) and Virtualised Infrastructure -Management (VIM) by integrating components from upstream projects such as OpenDaylight, -OpenStack, Ceph Storage, KVM, Open vSwitch, and Linux. -More recently, OPNFV has extended its portfolio of forwarding solutions to include fd.io and ODP, -is able to run on both Intel and ARM commercial and white-box hardware, and includes -Management and Network Orchestration MANO components primarily for application composition -and management in the Colorado release. - -These capabilities, along with application programmable interfaces (APIs) to other NFV -elements, form the basic infrastructure required for Virtualized Network Functions (VNF) -and MANO components. - -Concentrating on these components while also considering proposed projects on additional -topics (such as the MANO components and applications themselves), OPNFV aims to enhance -NFV services by increasing performance and power efficiency improving reliability, -availability and serviceability, and delivering comprehensive platform instrumentation. - -=========================== -OPNFV Platform Architecture -=========================== - -The OPNFV project addresses a number of aspects in the development of a consistent virtualisation -platform including common hardware requirements, software architecture, MANO and applications. - - -OPNFV Platform Overview Diagram - -.. image:: ../images/opnfvplatformgraphic.png - :alt: Overview infographic of the opnfv platform and projects. - - -To address these areas effectively, the OPNFV platform architecture can be decomposed -into the following basic building blocks: - -* Hardware: with the Infra working group, Pharos project and associated activities -* Software Platform: through the platform integration and deployment projects -* MANO: through the MANO working group and associated projects -* Applications: which affect all other areas and drive requirements for OPNFV - -OPNFV Lab Infrastructure -======================== - -The infrastructure working group oversees such topics as lab management, workflow, -definitions, metrics and tools for OPNFV infrastructure. - -Fundamental to the WG is the `Pharos Project `_ -which provides a set of defined lab infrastructures over a geographically and technically -diverse federated global OPNFV lab. - -Labs may instantiate bare-metal and virtual environments that are accessed remotely by the -community and used for OPNFV platform and feature development, build, deploy and testing. -No two labs are the same and the heterogeneity of the Pharos environment provides the ideal -platform for establishing hardware and software abstractions providing well understood -performance characteristics. - -Community labs are hosted by OPNFV member companies on a voluntary basis. -The Linux Foundation also hosts an OPNFV lab that provides centralized CI -and other production resources which are linked to community labs. -Future lab capabilities will include the ability easily automate deploy and test of any -OPNFV install scenario in any lab environment as well as on a nested "lab as a service" -virtual infrastructure. - -OPNFV Software Platform Architecture -==================================== - -The OPNFV software platform is comprised exclusively of open source implementations of -platform component pieces. OPNFV is able to draw from the rich ecosystem of NFV related -technologies available in open-source then integrate, test, measure and improve these -components in conjunction with our source communities. - -While the composition of the OPNFV software platform is highly complex and constituted of many -projects and components, a subset of these projects gain the most attention from the OPNFV community -to drive the development of new technologies and capabilities. - ---------------------------------- -Virtual Infrastructure Management ---------------------------------- - -OPNFV derives it's virtual infrastructure management from one of our largest upstream ecosystems -OpenStack. OpenStack provides a complete reference cloud management system and associated technologies. -While the OpenStack community sustains a broad set of projects, not all technologies are relevant in -an NFV domain, the OPNFV community consumes a sub-set of OpenStack projects where the usage and -composition may vary depending on the installer and scenario. - -For details on the scenarios available in OPNFV and the specific composition of components -refer to the OPNFV installation instruction: -http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/installationprocedure/index.html - ------------------ -Operating Systems ------------------ - -OPNFV currently uses Linux on all target machines, this can include Ubuntu, Centos or SUSE linux. The -specific version of Linux used for any deployment is documented in the installation guide. - ------------------------ -Networking Technologies ------------------------ - -SDN Controllers ---------------- - -OPNFV, as an NFV focused project, has a significant investment on networking technologies -and provides a broad variety of integrated open source reference solutions. The diversity -of controllers able to be used in OPNFV is supported by a similarly diverse set of -forwarding technologies. - -There are many SDN controllers available today relevant to virtual environments -where the OPNFV community supports and contributes to a number of these. The controllers -being worked on by the community during this release of OPNFV include: - -* Neutron: an OpenStack project to provide “network connectivity as a service” between - interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). -* OpenDaylight: addresses multivendor, traditional and greenfield networks, establishing the - industry’s de facto SDN platform and providing the foundation for networks of the future. -* ONOS: a carrier-grade SDN network operating system designed for high availability, - performance, scale-out. - -.. OpenContrail SDN controller is planned to be supported in the next release. - -Data Plane ----------- - -OPNFV extends Linux virtual networking capabilities by using virtual switching -and routing components. The OPNFV community proactively engages with these source -communities to address performance, scale and resiliency needs apparent in carrier -networks. - -* FD.io (Fast data - Input/Output): a collection of several projects and libraries to - amplify the transformation that began with Data Plane Development Kit (DPDK) to support - flexible, programmable and composable services on a generic hardware platform. -* Open vSwitch: a production quality, multilayer virtual switch designed to enable - massive network automation through programmatic extension, while still supporting standard - management interfaces and protocols. - -Deployment Architecture -======================= - -A typical OPNFV deployment starts with three controller nodes running in a high availability -configuration including control plane components from OpenStack, SDN, etc. and a minimum -of two compute nodes for deployment of workloads (VNFs). -A detailed description of the hardware requirements required to support the 5 node configuration -can be found in pharos specification: http://artifacts.opnfv.org/pharos/colorado/2.0/docs/specification/index.html - -In addition to the deployment on a highly available physical infrastructure, OPNFV can be -deployed for development and lab purposes in a virtual environment. In this case each of the hosts -is provided by a virtual machine and allows control and workload placement using nested virtualization. - -The initial deployment is done using a staging server, referred to as the "jumphost". -This server-either physical or virtual-is first installed with the installation program -that then installs OpenStack and other components on the controller nodes and compute nodes. -See the `OPNFV User Guide`_ for more details. - -=========================== -The OPNFV Testing Ecosystem -=========================== - -The OPNFV community has set out to address the needs of virtualization in the carrier -network and as such platform validation and measurements are a cornerstone to the -iterative releases and objectives. - -To simplify the complex task of feature, component and platform validation and characterization -the testing community has established a fully automated method for addressing all key areas of -platform validation. This required the integration of a variety of testing frameworks in our CI -systems, real time and automated analysis of results, storage and publication of key facts for -each run as shown in the following diagram. - -.. image:: ../images/OPNFV_testing_group.png - :alt: Overview infographic of the Colorado OPNFV testing Ecosystem - -Release Verification -==================== - -The OPNFV community relies on its testing community to establish release criteria for each OPNFV -release. Each release cycle the testing criteria become more stringent and better representative -of our feature and resiliency requirements. - - -As each OPNFV release establishes a set of deployment scenarios to validate, the testing -infrastructure and test suites need to accommodate these features and capabilities. It’s not -only in the validation of the scenarios themselves where complexity increases, there are test -cases that require multiple datacenters to execute when evaluating features, including multisite -and distributed datacenter solutions. - -The release criteria as established by the testing teams include passing a set of test cases -derived from the functional testing project ‘functest,’ a set of test cases derived from our -platform system and performance test project ‘yardstick,’ and a selection of test cases for -feature capabilities derived from other test projects such as bottlenecks, vsperf, cperf and -storperf. The scenario needs to be able to be deployed, pass these tests, and be removed from -the infrastructure iteratively (no less that 4 times) in order to fulfill the release criteria. - --------- -Functest --------- - -Functest provides a functional testing framework incorporating a number of test suites -and test cases that test and verify OPNFV platform functionality. -The scope of Functest and relevant test cases can be found in its -`user guide `_. - -Functest provides both feature project and component test suite integration, leveraging -OpenStack and SDN controllers testing frameworks to verify the key components of the OPNFV -platform are running successfully. - ---------- -Yardstick ---------- - -Yardstick is a testing project for verifying the infrastructure compliance when running VNF applications. -Yardstick benchmarks a number of characteristics and performance vectors on the infrastructure making it -a valuable pre-deployment NFVI testing tools. - -Yardstick provides a flexible testing framework for launching other OPNFV testing projects. - -There are two types of test cases in Yardstick: - -* Yardstick generic test cases and OPNFV feature test cases; - including basic characteristics benchmarking in compute/storage/network area. -* OPNFV feature test cases include basic telecom feature testing from OPNFV projects; - for example nfv-kvm, sfc, ipv6, Parser, Availability and SDN VPN - -System Evaluation and compliance testing -======================================== - -The OPNFV community is developing a set of test suites intended to evaluate a set of reference -behaviors and capabilities for NFV systems developed externally from the OPNFV ecosystem to -evaluate and measure their ability to provide the features and capabilities developed in the -OPNFV ecosystem. - -The Dovetail project will provide a test framework and methodology able to be used on any NFV platform, -including an agreed set of test cases establishing an evaluation criteria for exercising -an OPNFV compatible system. The Dovetail project has begun establishing the test framework -and will provide a preliminary methodology for the Colorado release. Work will continue to -develop these test cases to establish a stand alone compliance evaluation solution -in future releases. - -Additional Testing -================== - -Besides the test suites and cases for release verification, additional testing is performed to validate -specific features or characteristics of the OPNFV platform. -These testing framework and test cases may include some specific needs; such as extended measurements, -additional testing stimuli, or tests simulating environmental disturbances or failures. - -These additional testing activities provide a more complete evaluation of the OPNFV platform. -Some of the projects focused on these testing areas include: - ------- -VSPERF ------- - -VSPERF provides a generic and architecture agnostic vSwitch testing framework and associated tests. -This serves as a basis for validating the suitability of different vSwitch implementations and deployments. - ------------ -Bottlenecks ------------ - -Bottlenecks provides a framework to find system limitations and bottlenecks, providing -root cause isolation capabilities to facilitate system evaluation. - - -.. _`OPNFV Configuration Guide`: http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/configguide -.. _`OPNFV User Guide`: http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/userguide -.. _Dovetail project: https://wiki.opnfv.org/display/dovetail diff --git a/docs/release/index.rst b/docs/release/index.rst new file mode 100644 index 000000000..6f3ee54b8 --- /dev/null +++ b/docs/release/index.rst @@ -0,0 +1,208 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Open Platform for NFV Project, Inc. and its contributors + +******************* +OPNFV Documentation +******************* + +============================== +Colorado Release Documentation +============================== + +OPNFV release documentation is structured with brief platform-level documents referencing +more detailed installation instructions and descriptive documentation. + +Platform documentation +====================== + +* `OPNFV platform overview document `_ +* `OPNFV Installation instruction `_ +* `OPNFV user guide `_ + +Installation instructions +========================= + +* `Apex installation instruction `_ +* `Apex release notes `_ +* `Compass installation instruction `_ +* `Compass release notes `_ +* `Fuel installation instruction `_ +* `Fuel release notes `_ +* `Joid installation instruction `_ +* `Joid release notes `_ + +Feature project documentation +============================= + +--------------- +ARMband project +--------------- + +* `Installation instruction `_ +* `Release notes `_ + +---------------------------------------------- +Copper release documentation +---------------------------------------------- + +* `Design documentation `_ +* `Installation instruction `_ +* `User guide `_ +* `Release notes `_ + +----------------------------------------------------- +Doctor features and capabilities +----------------------------------------------------- + +* `Project overview `_ +* `User guide `_ +* `Release notes `_ + +---------------------------------------------------------------- +Domino features and capabilities +---------------------------------------------------------------- + +* `User guide `_ + +------------------------------------------------- +FastDataStacks feature and scenario documentation +------------------------------------------------- + +* `OpenDaylight integrated fd.io scenario description `_ + +------------------------------------ +IPv6 platform support and capability +------------------------------------ + +* `Configuration guide `_ +* `User guide `_ + +----------- +KVM for NFV +----------- + +* `Installation instruction `_ +* `Configuration guide `_ +* `User guide `_ +* `Release notes `_ + +-------------------------------- +MOON security management for NFV +-------------------------------- + +* `Project and Scenario overview `_ +* `Installation instruction `_ +* `User guide `_ +* `Release notes `_ + +---------------------------- +Multisite datacenter project +---------------------------- + +* `Installation instruction `_ +* `User guide `_ +* `Release notes `_ + +------------------------- +Network readiness project +------------------------- + +* `Requirements document `_ + +---------------------- +ONOS framework project +---------------------- + +* `Installation instruction `_ +* `User guide `_ + +---------------------------- +OVSNFV release documentation +---------------------------- + +* `OVS for NFV scenario description `_ +* `Configuration guide `_ +* `User guide `_ + +-------------- +Parser project +-------------- + +* `Parser release documentation `_ +* `Installation instruction `_ +* `User guide `_ + +------ +Pharos +------ + +* `Pharos specification `_ +* `Configuration guide `_ + +------- +Promise +------- + +* `Requirement specification `_ +* `Installation and configuration guide `_ +* `User guide `_ + +------ +SDNVPN +------ + +* `BGPVPN scenario description `_ +* `User guide `_ +* `Release notes `_ + +--- +SFC +--- + +* `Design documentation `_ +* `SFC scenario description `_ +* `High availability SFC scenario description `_ +* `Installation instruction `_ +* `User guide `_ +* `Release notes `_ + +------------------------------------------------ +Software fast-path quality metrics documentation +------------------------------------------------ + +* `Release and development documentation `_ + + +Test Project documentation +========================== + +------------------------- +Bottlenecks documentation +------------------------- + +* `Installation instruction `_ +* `Release notes `_ + +---------------------- +Functest documentation +---------------------- + +* `Configuration guide `_ +* `User guide `_ +* `Developer guide `_ +* `Release notes `_ + +------------------------- +vSwitchPerf documentation +------------------------- + +* `Release and development documentation `_ + +----------------------- +Yardstick documentation +----------------------- + +* `User guide `_ +* `Release notes `_ + diff --git a/docs/release/installation.introduction.rst b/docs/release/installation.introduction.rst new file mode 100644 index 000000000..201112cad --- /dev/null +++ b/docs/release/installation.introduction.rst @@ -0,0 +1,104 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + .. (c) Sofia Wallin Ericsson AB + +======== +Abstract +======== + +The following document provides an overview of the instructions required for the installation +of the Colorado release of OPNFV. + +The Colorado release can be installed using a variety of technologies provided by the +integration projects participating in OPNFV: Apex, Compass4Nfv, Fuel and JOID. +Each installer provides the ability to install a common OPNFV platform as well as integrating +additional features delivered through a variety of scenarios by the OPNFV community. + +============ +Introduction +============ + +The OPNFV platform is comprised of a variety of upstream components that may be deployed on your physical +infrastructure. A composition of components, tools and configurations is identified in OPNFV as a +deployment scenario. +The various OPNFV scenarios provide unique features and capabilities that you may want to leverage, +it is important to understand your required target platform capabilities before installing and +configuring your target scenario. + +An OPNFV installation requires either a physical, or virtual, infrastructure environment as defined +in the `Pharos specification `_. +When configuring a physical infrastructure it is strongly advised to follow the Pharos configuration guidelines. + +========= +Scenarios +========= + +OPNFV scenarios are designed to host virtualised network functions (VNF’s) in a variety of deployment +architectures and locations. Each scenario provides specific capabilities and/or components aimed to +solve specific problems for the deployment of VNF’s. +A scenario may, for instance, include components such as OpenStack, OpenDaylight, OVS, KVM etc... +where each scenario will include different source components or configurations. + +To learn more about the scenarios supported in the Colorado release refer to the scenario +description documents provided: + +- Accelerated OVS `os-nosdn-ovs `_ +- Layer 3 overlay using opendaylight `os-odl-l2-bgpvpn `_ +- FD.io based forwarding using opendaylight SDN `os-odl-12-fdio-noha `_ +- High availability service function chaining `os-odl-l2-sfc-ha `_ +- Service function chaining `os-odl-l2-sfc-noha `_ +- Accelerated KVM hypervisor `os-nosdn-kvm-ha `_ +- LXD container hypervisor `os-nosdn-lxd-noha `_ +- High Availability LXD container hypervisor `os-nosdn-lxd-ha `_ + +====================== +Installation Procedure +====================== + +Detailed step by step instructions for working with an installation toolchain and installing +the required scenario are provided by each installation project. The four projects providing installation +support for the OPNFV Colorado release are; Apex, Compass4nfv, Fuel and Joid. + +The instructions for each toolchain can be found in these links: + +- `Apex installation instruction `_ +- `Compass4nfv installation instruction `_ +- `Fuel installation instruction `_ +- `Joid installation instruction `_ + +===================== +OPNFV Test Frameworks +===================== + +If you have elected to install the OPNFV platform using the deployment toolchain provided by OPNFV +your system will have been validated once the installation is completed. +The basic deployment validation only addresses a small component of the capability provided in +the platform and you may desire to execute more exhaustive tests. Some investigation is required to +select the right test suites to run on your platform from the available projects and suites. + +Many of the OPNFV test project provide user-guide documentation and installation instructions as provided below: + +- `Functest user guide `_ +- `Yardstick user guide `_ +- `vSwitchPerf user guide `_ +- `Software Fastpath Service Quality Metrics (SFQM) user guide `_ +- `Bottlenecks user guide `_ +- `Storage Performance Benchmarking for NFVI (StorPerf) user guide `_ + +============== +Security Notes +============== + +The following patches were applied to fix security issues discovered in opnfv +projects, during the c-release cycle. + +- `Removal of private keys `_ +- `Fix security issues of eval-s in testapi `_ +- `Implements use of yaml.safe_load `_ +- `Fix security issues reported by the security audit `_ +- `Fix issues found in security review `_ +- `Removing OpenSteak Project `_ +- `Remove unsed files in open-contrail role `_ +- `Get rid of private key in repo `_ +- `Handling file loads and tmp dirs differently `_ +- `Remove `Debug = True when run Flask and add logger `_ diff --git a/docs/release/overview.rst b/docs/release/overview.rst new file mode 100644 index 000000000..cd1b5d0f9 --- /dev/null +++ b/docs/release/overview.rst @@ -0,0 +1,290 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Open Platform for NFV Project, Inc. and its contributors + +============ +Introduction +============ + +Network Functions Virtualization (NFV) is transforming the networking industry via +software-defined infrastructures and open source is the proven method for developing +software quickly for commercial products and services that can move markets. +Open Platform for NFV (OPNFV) facilitates the development and evolution of NFV +components across various open source ecosystems. Through system level integration, +deployment and testing, OPNFV constructs a reference NFV platform to accelerate the +transformation of enterprise and service provider networks. +As an open source project, OPNFV is uniquely positioned to bring together the work +of standards bodies, open source communities, and commercial suppliers to deliver a +de facto NFV platform for the industry. + +By integrating components from upstream projects, the community is able to conduct performance +and use case-based testing on a variety of solutions to ensure the platform’s suitability for +NFV use cases. OPNFV also works upstream with other open source communities to bring both contributions +and learnings from its work directly to those communities in the form of blueprints, patches, +and new code. + +OPNFV initially focused on building NFV Infrastructure (NFVI) and Virtualised Infrastructure +Management (VIM) by integrating components from upstream projects such as OpenDaylight, +OpenStack, Ceph Storage, KVM, Open vSwitch, and Linux. +More recently, OPNFV has extended its portfolio of forwarding solutions to include fd.io and ODP, +is able to run on both Intel and ARM commercial and white-box hardware, and includes +Management and Network Orchestration MANO components primarily for application composition +and management in the Colorado release. + +These capabilities, along with application programmable interfaces (APIs) to other NFV +elements, form the basic infrastructure required for Virtualized Network Functions (VNF) +and MANO components. + +Concentrating on these components while also considering proposed projects on additional +topics (such as the MANO components and applications themselves), OPNFV aims to enhance +NFV services by increasing performance and power efficiency improving reliability, +availability and serviceability, and delivering comprehensive platform instrumentation. + +=========================== +OPNFV Platform Architecture +=========================== + +The OPNFV project addresses a number of aspects in the development of a consistent virtualisation +platform including common hardware requirements, software architecture, MANO and applications. + + +OPNFV Platform Overview Diagram + +.. image:: ../images/opnfvplatformgraphic.png + :alt: Overview infographic of the opnfv platform and projects. + + +To address these areas effectively, the OPNFV platform architecture can be decomposed +into the following basic building blocks: + +* Hardware: with the Infra working group, Pharos project and associated activities +* Software Platform: through the platform integration and deployment projects +* MANO: through the MANO working group and associated projects +* Applications: which affect all other areas and drive requirements for OPNFV + +OPNFV Lab Infrastructure +======================== + +The infrastructure working group oversees such topics as lab management, workflow, +definitions, metrics and tools for OPNFV infrastructure. + +Fundamental to the WG is the `Pharos Project `_ +which provides a set of defined lab infrastructures over a geographically and technically +diverse federated global OPNFV lab. + +Labs may instantiate bare-metal and virtual environments that are accessed remotely by the +community and used for OPNFV platform and feature development, build, deploy and testing. +No two labs are the same and the heterogeneity of the Pharos environment provides the ideal +platform for establishing hardware and software abstractions providing well understood +performance characteristics. + +Community labs are hosted by OPNFV member companies on a voluntary basis. +The Linux Foundation also hosts an OPNFV lab that provides centralized CI +and other production resources which are linked to community labs. +Future lab capabilities will include the ability easily automate deploy and test of any +OPNFV install scenario in any lab environment as well as on a nested "lab as a service" +virtual infrastructure. + +OPNFV Software Platform Architecture +==================================== + +The OPNFV software platform is comprised exclusively of open source implementations of +platform component pieces. OPNFV is able to draw from the rich ecosystem of NFV related +technologies available in open-source then integrate, test, measure and improve these +components in conjunction with our source communities. + +While the composition of the OPNFV software platform is highly complex and constituted of many +projects and components, a subset of these projects gain the most attention from the OPNFV community +to drive the development of new technologies and capabilities. + +--------------------------------- +Virtual Infrastructure Management +--------------------------------- + +OPNFV derives it's virtual infrastructure management from one of our largest upstream ecosystems +OpenStack. OpenStack provides a complete reference cloud management system and associated technologies. +While the OpenStack community sustains a broad set of projects, not all technologies are relevant in +an NFV domain, the OPNFV community consumes a sub-set of OpenStack projects where the usage and +composition may vary depending on the installer and scenario. + +For details on the scenarios available in OPNFV and the specific composition of components +refer to the OPNFV installation instruction: +http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/installationprocedure/index.html + +----------------- +Operating Systems +----------------- + +OPNFV currently uses Linux on all target machines, this can include Ubuntu, Centos or SUSE linux. The +specific version of Linux used for any deployment is documented in the installation guide. + +----------------------- +Networking Technologies +----------------------- + +SDN Controllers +--------------- + +OPNFV, as an NFV focused project, has a significant investment on networking technologies +and provides a broad variety of integrated open source reference solutions. The diversity +of controllers able to be used in OPNFV is supported by a similarly diverse set of +forwarding technologies. + +There are many SDN controllers available today relevant to virtual environments +where the OPNFV community supports and contributes to a number of these. The controllers +being worked on by the community during this release of OPNFV include: + +* Neutron: an OpenStack project to provide “network connectivity as a service” between + interface devices (e.g., vNICs) managed by other OpenStack services (e.g., nova). +* OpenDaylight: addresses multivendor, traditional and greenfield networks, establishing the + industry’s de facto SDN platform and providing the foundation for networks of the future. +* ONOS: a carrier-grade SDN network operating system designed for high availability, + performance, scale-out. + +.. OpenContrail SDN controller is planned to be supported in the next release. + +Data Plane +---------- + +OPNFV extends Linux virtual networking capabilities by using virtual switching +and routing components. The OPNFV community proactively engages with these source +communities to address performance, scale and resiliency needs apparent in carrier +networks. + +* FD.io (Fast data - Input/Output): a collection of several projects and libraries to + amplify the transformation that began with Data Plane Development Kit (DPDK) to support + flexible, programmable and composable services on a generic hardware platform. +* Open vSwitch: a production quality, multilayer virtual switch designed to enable + massive network automation through programmatic extension, while still supporting standard + management interfaces and protocols. + +Deployment Architecture +======================= + +A typical OPNFV deployment starts with three controller nodes running in a high availability +configuration including control plane components from OpenStack, SDN, etc. and a minimum +of two compute nodes for deployment of workloads (VNFs). +A detailed description of the hardware requirements required to support the 5 node configuration +can be found in pharos specification: http://artifacts.opnfv.org/pharos/colorado/2.0/docs/specification/index.html + +In addition to the deployment on a highly available physical infrastructure, OPNFV can be +deployed for development and lab purposes in a virtual environment. In this case each of the hosts +is provided by a virtual machine and allows control and workload placement using nested virtualization. + +The initial deployment is done using a staging server, referred to as the "jumphost". +This server-either physical or virtual-is first installed with the installation program +that then installs OpenStack and other components on the controller nodes and compute nodes. +See the `OPNFV User Guide`_ for more details. + +=========================== +The OPNFV Testing Ecosystem +=========================== + +The OPNFV community has set out to address the needs of virtualization in the carrier +network and as such platform validation and measurements are a cornerstone to the +iterative releases and objectives. + +To simplify the complex task of feature, component and platform validation and characterization +the testing community has established a fully automated method for addressing all key areas of +platform validation. This required the integration of a variety of testing frameworks in our CI +systems, real time and automated analysis of results, storage and publication of key facts for +each run as shown in the following diagram. + +.. image:: ../images/OPNFV_testing_group.png + :alt: Overview infographic of the Colorado OPNFV testing Ecosystem + +Release Verification +==================== + +The OPNFV community relies on its testing community to establish release criteria for each OPNFV +release. Each release cycle the testing criteria become more stringent and better representative +of our feature and resiliency requirements. + + +As each OPNFV release establishes a set of deployment scenarios to validate, the testing +infrastructure and test suites need to accommodate these features and capabilities. It’s not +only in the validation of the scenarios themselves where complexity increases, there are test +cases that require multiple datacenters to execute when evaluating features, including multisite +and distributed datacenter solutions. + +The release criteria as established by the testing teams include passing a set of test cases +derived from the functional testing project ‘functest,’ a set of test cases derived from our +platform system and performance test project ‘yardstick,’ and a selection of test cases for +feature capabilities derived from other test projects such as bottlenecks, vsperf, cperf and +storperf. The scenario needs to be able to be deployed, pass these tests, and be removed from +the infrastructure iteratively (no less that 4 times) in order to fulfill the release criteria. + +-------- +Functest +-------- + +Functest provides a functional testing framework incorporating a number of test suites +and test cases that test and verify OPNFV platform functionality. +The scope of Functest and relevant test cases can be found in its +`user guide `_. + +Functest provides both feature project and component test suite integration, leveraging +OpenStack and SDN controllers testing frameworks to verify the key components of the OPNFV +platform are running successfully. + +--------- +Yardstick +--------- + +Yardstick is a testing project for verifying the infrastructure compliance when running VNF applications. +Yardstick benchmarks a number of characteristics and performance vectors on the infrastructure making it +a valuable pre-deployment NFVI testing tools. + +Yardstick provides a flexible testing framework for launching other OPNFV testing projects. + +There are two types of test cases in Yardstick: + +* Yardstick generic test cases and OPNFV feature test cases; + including basic characteristics benchmarking in compute/storage/network area. +* OPNFV feature test cases include basic telecom feature testing from OPNFV projects; + for example nfv-kvm, sfc, ipv6, Parser, Availability and SDN VPN + +System Evaluation and compliance testing +======================================== + +The OPNFV community is developing a set of test suites intended to evaluate a set of reference +behaviors and capabilities for NFV systems developed externally from the OPNFV ecosystem to +evaluate and measure their ability to provide the features and capabilities developed in the +OPNFV ecosystem. + +The Dovetail project will provide a test framework and methodology able to be used on any NFV platform, +including an agreed set of test cases establishing an evaluation criteria for exercising +an OPNFV compatible system. The Dovetail project has begun establishing the test framework +and will provide a preliminary methodology for the Colorado release. Work will continue to +develop these test cases to establish a stand alone compliance evaluation solution +in future releases. + +Additional Testing +================== + +Besides the test suites and cases for release verification, additional testing is performed to validate +specific features or characteristics of the OPNFV platform. +These testing framework and test cases may include some specific needs; such as extended measurements, +additional testing stimuli, or tests simulating environmental disturbances or failures. + +These additional testing activities provide a more complete evaluation of the OPNFV platform. +Some of the projects focused on these testing areas include: + +------ +VSPERF +------ + +VSPERF provides a generic and architecture agnostic vSwitch testing framework and associated tests. +This serves as a basis for validating the suitability of different vSwitch implementations and deployments. + +----------- +Bottlenecks +----------- + +Bottlenecks provides a framework to find system limitations and bottlenecks, providing +root cause isolation capabilities to facilitate system evaluation. + + +.. _`OPNFV Configuration Guide`: http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/configguide +.. _`OPNFV User Guide`: http://artifacts.opnfv.org/opnfvdocs/colorado/2.0/docs/userguide +.. _Dovetail project: https://wiki.opnfv.org/display/dovetail diff --git a/docs/release/userguide.introduction.rst b/docs/release/userguide.introduction.rst new file mode 100644 index 000000000..48112e78e --- /dev/null +++ b/docs/release/userguide.introduction.rst @@ -0,0 +1,85 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Sofia Wallin (sofia.wallin@ericssion.com) + +======== +Abstract +======== + +OPNFV is a collaborative project aimed at providing a variety of virtualization +deployments intended to host applications serving the networking and carrier +industry. This document provides guidance and instructions for using platform +features designed to support these applications, made available in the OPNFV +Colorado release. + +This document is not intended to replace or replicate documentation from other +open source projects such as OpenStack or OpenDaylight, rather highlight the +features and capabilities delivered through the OPNFV project. + +============ +Introduction +============ + +OPNFV provides a suite of scenarios, infrastructure depoyment options, which +are able to be installed to host virtualized network functions (VNFs). +This guide intends to help users of the platform leverage the features and +capabilities delivered by the OPNFV project in support of these applications. + +OPNFV Continuous Integration builds, deploys and tests combinations of virtual +infrastructure components in what are defined as scenarios. A scenario may +include components such as OpenStack, OpenDaylight, OVS, KVM etc. where each +scenario will include different source components or configurations. Scenarios +are designed to enable specific features and capabilities in the platform that +can be leveraged by the OPNFV user community. + +================ +Feature Overview +================ + +The following links outline the feature deliveries from the participant OPNFV +projects in the Colorado release. Each of the participating projects provides +detailed descriptions about the delivered features. Including use cases, +implementation and configuration specifics on a per OPNFV project basis. + +The following are Configuration Guides and User Guides and assume that the reader has already some +information about a given projects specifics and deliverables. These guides +are intended to be used following the installation of a given OPNFV installer +to allow a user to deploy and implement feature delivered by OPNFV. + +If you are unsure about the specifics of a given project, please refer to the +OPNFV projects home page, found on http://wiki.opnfv.org, for specific details. + +You can find project specific usage and configuration information below: + +Feature Configuration Guides +============================ + +- `Armband configuration guide `_ +- `Copper configuration guide `_ +- `Doctor configuration guide `_ +- `IPv6 configuration guide `_ +- `KVMforNFV configuration guide `_ +- `Moon configuration guide `_ +- `Multisite configuration guide `_ +- `ONOSFW configuration guide `_ +- `OVSNFV configuration guide `_ +- `Promise configuration guide `_ +- `SFC configuration guide `_ + + +Feature User Guides +=================== + +- `Copper user guide `_ +- `Doctor user guide `_ +- `Domino user guide `_ +- `IPv6 user guide `_ +- `KVMforNFV user guide `_ +- `Moon user guide `_ +- `Multisite user guide `_ +- `ONOSFW user guide `_ +- `OVSNFV user guide `_ +- `Parser user guide `_ +- `Promise user guide `_ +- `SDNVPN user guide `_ +- `SFC user guide `_ diff --git a/docs/scenario/featurematrix.rst b/docs/scenario/featurematrix.rst deleted file mode 100644 index 2d00a4097..000000000 --- a/docs/scenario/featurematrix.rst +++ /dev/null @@ -1,39 +0,0 @@ -Each scenario provides a set of platform capabilities and features that it supports. It is -possible to identify which features are provided by reviewing the scenario name, however -not all features and capabilities are discernible from the name itself. - -Brahmaputra feature support matrix -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The following table provides an overview of the available scenarios and supported features -in the Brahmaputra release of OPNFV. - -.. image:: ../images/brahmaputrafeaturematrix.jpg - :alt: OPNFV Brahmaputra Feature Matrix - -The table above provides an overview of which scenarios will support certain feature capabilities. -The table does not indicate if the feature or scenario has limitations. Refer to the -`Configuration Guide `_ -for details on the state of each scenario and further information. - -Feature development in the Brahmaputra release often consisted of the development of specific -requirements and the further integration and validation of those requirements. This results in some -features only being supported on the platform when a specific scenario, providing the -capabilities necessary to run the feature, is deployed. - -Scenario Naming -^^^^^^^^^^^^^^^ - -In OPNFV, scenarios are identified by short scenario names. These names follow a scheme that -identifies the key components and behaviours of the scenario, the rules for scenario naming are as follows: - - os-[controller]-[feature]-[mode]-[option] - -For example: *os-nosdn-kvm-noha* provides an OpenStack based deployment using neutron including -the OPNFV enhanced KVM hypervisor. - -The [feature] tag in the scenario name describes the main feature provided by the scenario. -This scenario may also provide support for features, such as advanced fault management, which are -not apparent in the scenario name. -The following section describes the features available in each scenario. - diff --git a/docs/scenario/scenariointro.rst b/docs/scenario/scenariointro.rst deleted file mode 100644 index dd808432b..000000000 --- a/docs/scenario/scenariointro.rst +++ /dev/null @@ -1,13 +0,0 @@ -OPNFV Scenarios ---------------- - -The OPNFV project provides an integration and deployment environment for a variety of components -that can make up a virtualisation platform. OPNFV identifies these variations on the composition of -the platform as scenarios. - -A scenario in OPNFV can be defined as "a deployment of a specific set of platform components". The -composition of a scenario may include specific SDN controller technologies, specific accelerate -switching technologies, or even specific configurations of components to achieve targeted platform -capabilities. Each scenario behaves differetly and it is important to understand the behaviour you -want in order to target the specific scenario you wish to deploy prior to working with the -OPNFV platform. diff --git a/docs/scenario/scenariomatrix.rst b/docs/scenario/scenariomatrix.rst deleted file mode 100644 index 64e115015..000000000 --- a/docs/scenario/scenariomatrix.rst +++ /dev/null @@ -1,100 +0,0 @@ -Scenarios are implemented as deployable compositions through integration with an installation tool. -OPNFV supports multiple installation tools and for any given release not all tools will support all -scenarios. While our target is to establish parity across the installation tools to ensure they -can provide all scenarios, the practical challenge of achieving that goal for any given feature and -release results in some disparity. - -Brahmaputra scenario overeview -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - -The following table provides an overview of the installation tools and available scenario's -in the Brahmaputra release of OPNFV. - -.. image:: ../images/brahmaputrascenariomatrix.jpg - :alt: OPNFV Brahmaputra Scenario Matrix - -Scenario status is indicated by a weather pattern icon. All scenarios listed with -a weather pattern are possible to deploy and run in your environment or a Pharos lab, -however they may have known limitations or issues as indicated by the icon. - -Weather pattern icon legend: - -+---------------------------------------------+----------------------------------------------------------+ -| Weather Icon | Scenario Status | -+=============================================+==========================================================+ -| .. image:: ../images/weather-clear.jpg | Stable, no known issues | -+---------------------------------------------+----------------------------------------------------------+ -| .. image:: ../images/weather-few-clouds.jpg | Stable, documented limitations | -+---------------------------------------------+----------------------------------------------------------+ -| .. image:: ../images/weather-overcast.jpg | Deployable, stability or feature limitations | -+---------------------------------------------+----------------------------------------------------------+ -| .. image:: ../images/weather-dash.jpg | Not deployed with this installer | -+---------------------------------------------+----------------------------------------------------------+ - -Scenarios that are not yet in a state of "Stable, no known issues" will continue to be stabilised -and updates will be made on the stable/brahmaputra branch. While we intend that all Brahmaputra -scenarios should be stable it is worth checking regularly to see the current status. Due to -our dependency on upstream communities and code some issues may not be resolved prior to the C release. - -Scenario Naming -^^^^^^^^^^^^^^^ - -In OPNFV scenarios are identified by short scenario names, these names follow a scheme that -identifies the key components and behaviours of the scenario. The rules for scenario naming are as follows: - - os-[controller]-[feature]-[mode]-[option] - -Details of the fields are - * os: mandatory - - * Refers to the platform type used - * possible value: os (OpenStack) - -* [controller]: mandatory - - * Refers to the SDN controller integrated in the platform - * example values: nosdn, ocl, odl, onos - - * [feature]: mandatory - - * Refers to the feature projects supported by the scenario - * example values: nofeature, kvm, ovs, sfc - - * [mode]: mandatory - - * Refers to the deployment type, which may include for instance high availability - * possible values: ha, noha - - * [option]: optional - - * Used for the scenarios those do not fit into naming scheme. - * The optional field in the short scenario name should not be included if there is no optional scenario. - -Some examples of supported scenario names are: - - * os-nosdn-kvm-noha - - * This is an OpenStack based deployment using neutron including the OPNFV enhanced KVM hypervisor - - * os-onos-nofeature-ha - - * This is an OpenStack deployment in high availability mode including ONOS as the SDN controller - - * os-odl_l2-sfc - - * This is an OpenStack deployment using OpenDaylight and OVS enabled with SFC features - -Installing your scenario -^^^^^^^^^^^^^^^^^^^^^^^^ - -There are two main methods of deploying your target scenario, one method is to follow this guide which will -walk you through the process of deploying to your hardware using scripts or ISO images, the other method is -to set up a Jenkins slave and connect your infrastructure to the OPNFV Jenkins master. - -For the purposes of evaluation and development a number of Brahmaputra scenarios are able to be deployed -virtually to mitigate the requirements on physical infrastructure. Details and instructions on performing -virtual deployments can be found in the installer specific installation instructions. - -To set up a Jenkins slave for automated deployment to your lab, refer to the `Jenkins slave connect guide. -`_ - diff --git a/docs/scenario/scenariovalidation.rst b/docs/scenario/scenariovalidation.rst deleted file mode 100644 index e69de29bb..000000000 diff --git a/docs/templates/LICENSE.rst b/docs/templates/LICENSE.rst deleted file mode 100644 index ed7a4a22b..000000000 --- a/docs/templates/LICENSE.rst +++ /dev/null @@ -1,43 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -Copyright 2015 Open Platform for NFV Project, Inc. and its contributors - -Open Platform for NFV Project Software Licence -============================================== -Any software developed by the "Open Platform for NFV" Project is licenced under the -Apache License, Version 2.0 (the "License"); -you may not use the content of this software bundle except in compliance with the License. -You may obtain a copy of the License at - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Open Platform for NFV Project Documentation Licence -=================================================== -Any documentation developed by the "Open Platform for NFV Project" -is licensed under a Creative Commons Attribution 4.0 International License. -You should have received a copy of the license along with this. If not, -see . - -Unless required by applicable law or agreed to in writing, documentation -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -Other applicable upstream project Licenses relevant for -=================================================================== -You may not use the content of this software bundle except in compliance with the -Licenses as listed below: -+----------------+----------------------------+ -| **Component** | **Licence** | -+----------------+----------------------------+ -| OpenStack | Apache License 2.0 | -+----------------+----------------------------+ -| OpenDaylight | Eclipse Public License 1.0 | -+----------------+----------------------------+ -| ++ | | -+----------------+----------------------------+ diff --git a/docs/templates/build-instructions.rst b/docs/templates/build-instructions.rst deleted file mode 100644 index 3c7a9b8f1..000000000 --- a/docs/templates/build-instructions.rst +++ /dev/null @@ -1,207 +0,0 @@ -:Authors: Jonas Bjurel (Ericsson) -:Version: 0.1 - -================================================================ -OPNFV Build instructions for - < Component denomination > -================================================================ - -Abstract -======== - -This document describes how to build , build system dependencies and required system resources. - -License -======= - (c) by - - is licensed under a Creative Commons Attribution 4.0 International License. -You should have received a copy of the license along with this. -If not, see . - - -**Contents** - -1 Version history - -2 Introduction - -3 Requirements - -4 Building - -5 Artifacts - - -1 Version history -=================== - -+--------------------+--------------------+--------------------+--------------------+ -| **Date** | **Ver.** | **Author** | **Comment** | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| 2015-04-14 | 0.1.0 | Jonas Bjurel | First draft | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 0.1.1 | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 1.0 | | | -| | | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ - -2 Introduction -================ - - -: - -This document describes build system used to build Fuel@OPNFV, -required dependencies and minimum requirements on the host to be used for the buildsystem. - -The Fuel build system is desigened around Docker containers such that dependencies -outside of the build system can be kept to a minimum. -It also shields the host from any potential dangerous operations performed by the build system. - -The audience of this document is assumed to have good knowledge in network and Unix/Linux administration. - -3 Requirements -================ - - -3.1 Minimum Hardware Requirements ---------------------------------- -: - -- An x86_64 host (Bare-metal or VM) with Ubuntu 14.04 LTS installed - -- ~30 GB available disc - -- 4 GB RAM - -3.2 Minimum Software Requirements ---------------------------------- -: -The build host should run Ubuntu 14.04 operating system. - -On the host, the following packages must be installed: - -- docker - see https://docs.docker.com/installation/ubuntulinux/ for installation notes for Ubuntu 14.04. - Note: only use the Ubuntu stock distro of Docker (docker.io) - -- git (simply available through sudo apt-get install git) - -- make (simply available through sudo apt-get install make) - -- curl (simply available through sudo apt-get install curl) - -3.3 Preparations ----------------- -: - -3.3.1 Setting up the Docker build container -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -After having installed Docker, add yourself to the docker group: - - - -Also make sure to define relevant DNS servers part of the global dns chain in -in your configuration file, eg. - - - -Then restart docker: - - - -3.3.2 Setting up OPNFV Gerrit in order to being able to clone the code -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -- Start setting up OPNFV gerrit by creating a SSH key (unless you don't already have one), - create one with ssh-keygen - -- Add your generated public key in OPNFV Gerrit - (this requires a linuxfoundation account, create one if you do not already have one) - -- Select "SSH Public Keys" to the left and then "Add Key" and paste your public key in. - -3.3.3 Clone the OPNFV code git repository -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Now it is time to clone the code repository: - - - -Now you should have the OPNFV genesis repository with Fuel@OPNFV stored locally on your build host. - -4 Building -============ - - -: - -There are two methods available for building Fuel@OPNFV: - -- A low level method using Make - -- An abstracted method using build.sh - -4.1 Configure your build environment -------------------------------------- - -Select the versions of the components you want to build by editing the fuel/build/config.mk file. -Note if you want to build with OpenDaylight SDN controller you need to uncomment the lines starting -with odl-main and java-main - -4.2 Low level build method using make --------------------------------------- - -The low level method is based on Make: - -From the invoke - -Following targets exist: - -- none/all - this will: - - - If not allready existing, initialize the docker build environment - - - If not already done, build OpenDaylight from upstream (as defined by fuel-build config-spec) - - - If not already done, build fuel from upstream (as defined by fuel-build/config-spec) - - - Build the defined additions to fuel (as defined by the structure of this framework) - - - Apply changes and patches to fuel (as defined by the structure of this framework) - - - Reconstruct a fuel .iso image - -- clean - this will remove all artifacts from earlier builds. - -If the build is successful, you will find the generated ISO file in the subdirectory! - -4.3 Abstracted build method using build.sh -=========================================== -The abstracted build method useses the script which allows you to: - -- Create and use a build cache - significantly speeding up the buildtime if upstream repositories have not changed. - -- push/pull cache and artifacts to an arbitrary URI (http(s):, file:, ftp:) - -For more info type . - -5 Artifacts -============= - - -: - -The artifacts produced are: - -- - Which represents the bootable Fuel@OPNFV image, - XXXX is replaced with the build identity provided to the build system - -- - Which holds version metadata. - -6 References -============= - diff --git a/docs/templates/index.rst b/docs/templates/index.rst deleted file mode 100644 index 2f124e5c0..000000000 --- a/docs/templates/index.rst +++ /dev/null @@ -1,38 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - -.. OPNFV Release Engineering documentation, created by - sphinx-quickstart on Tue Jun 9 19:12:31 2015. - You can adapt this file completely to your liking, but it should at least - contain the root `toctree` directive. - -.. image:: opnfv-logo.png - :height: 40 - :width: 200 - :alt: OPNFV - :align: left - -Example Documentation table of contents -======================================= - -Contents: - -.. toctree:: - :numbered: - :maxdepth: 4 - - build-instructions.rst - installation-instructions.rst - LICENSE.rst - release-notes.rst - - -Indices and tables -================== - -* :ref:`search` - -Revision: _sha1_ - -Build date: |today| diff --git a/docs/templates/installation-instructions.rst b/docs/templates/installation-instructions.rst deleted file mode 100644 index 8c46fe9ba..000000000 --- a/docs/templates/installation-instructions.rst +++ /dev/null @@ -1,239 +0,0 @@ -:Authors: Jonas Bjurel (Ericsson) -:Version: 0.1 - -Revision: _sha1_ - -Build date: _date_ - - -================================================================ -OPNFV Installation instructions for - < Component denomination > -================================================================ - -Abstract -======== - -This document describes how to install , it's dependencies and required system resources. - -License -======= - (c) by - - is licensed under a Creative Commons Attribution 4.0 International License. -You should have received a copy of the license along with this. -If not, see . - - -**Contents** - -1 Version history - -2 Introduction - -3 Preface - -4 Hardware requirements - -5 Top of the rack (TOR) Configuration requirements - -6 OPNFV Software installation and deployment - -7 Installation health-check - -8 Post installation and deployment actions - -9 References - -1 Version history -=================== - -+--------------------+--------------------+--------------------+--------------------+ -| **Date** | **Ver.** | **Author** | **Comment** | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| 2015-04-14 | 0.1.0 | Jonas Bjurel | First draft | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 0.1.1 | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 1.0 | | | -| | | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ - -2 Introduction -================ - - -: - -This document describes the supported software and hardware configurations for the -Fuel OPNFV reference platform as well as providing guidelines on how to install and -configure such reference system. - -Although the available installation options gives a high degree of freedom in how the system is set-up, -with what architecture, services and features, etc., not nearly all of those permutations provides -a OPNFV compliant reference architecture. Following the guidelines in this document ensures -a result that is OPNFV compliant. - -The audience of this document is assumed to have good knowledge in network and Unix/Linux administration. - -3 Preface -=========== - - -: - -Before starting the installation of Fuel@OPNFV, some planning must preceed. - -First of all, the Fuel@OPNFV .iso image needs to be retrieved, -the Latest stable Arno release of Fuel@OPNFV can be found here: - -Alternatively, you may build the .iso from source by cloning the opnfv/genesis git repository: -@gerrit.opnf.org/gerrit/genesis> -Check-out the Arno release: - -Goto the fuel directory and build the .iso - - -Familiarize yourself with the Fuel 6.0.1 version by reading the following documents: -- abc -- def -- ghi - -Secondly, a number of deployment specific parameters must be collected, those are: - -1. Provider sub-net and gateway information - -2. Provider VLAN information - -3. Provider DNS addresses - -4. Provider NTP addresses - -This information will be needed for the configuration procedures provided in this document. - -4 Hardware requirements -========================= - - -: - -Following minimum hardware requirements must be met for installation of Fuel@OPNFV: - -+--------------------+----------------------------------------------------+ -| **HW Aspect** | **Requirement** | -| | | -+--------------------+----------------------------------------------------+ -| **# of servers** | Minimum 5 (3 for non redundant deployment) | -| | 1 Fuel deployment master (may be virtualized) | -| | 3(1) Controllers | -| | 1 Compute | -+--------------------+----------------------------------------------------+ -| **CPU** | Minimum 1 socket x86_AMD64 Ivy bridge 1.6 GHz | -| | | -+--------------------+----------------------------------------------------+ -| **RAM** | Minimum 16GB/server (Depending on VNF work load) | -| | | -+--------------------+----------------------------------------------------+ -| **Disk** | Minimum 256GB 10kRPM spinning disks | -| | | -+--------------------+----------------------------------------------------+ -| **NICs** | 2(1)x10GE Niantec for Private/Public (Redundant) | -| | | -| | 2(1)x10GE Niantec for SAN (Redundant) | -| | | -| | 2(1)x1GE for admin (PXE) and control (RabitMQ,etc) | -| | | -+--------------------+----------------------------------------------------+ - -5 Top of the rack (TOR) Configuration requirements -==================================================== - - -: - -The switching infrastructure provides connectivity for the OPNFV infra-structure operations as well as -for the tenant networks (East/West) and provider connectivity (North/South bound connectivity). -The switching connectivity can (but does not need to) be fully redundant, -in case it and comprises a redundant 10GE switch pair for "Traffic/Payload/SAN" purposes as well as -a 1GE switch pair for "infrastructure control-, management and administration" - -The switches are **not** automatically configured from the OPNFV reference platform. -All the networks involved in the OPNFV infra-structure as well as the provider networks -and the private tenant VLANs needs to be manually configured. - -This following sections guides through required black-box switch configurations. - -5.1 VLAN considerations and blue-print --------------------------------------- - -5.2 IP Address plan considerations and blue-print -------------------------------------------------- - -6 OPNFV Software installation and deployment -============================================== - - -: - -This section describes the installation of the Fuel@OPNFV installation server (Fuel master) -as well as the deployment of the full OPNFV reference platform stack across a server cluster. -Etc. - -6.1 Install Fuel master ------------------------ - -6.2 Create an OPNV (Fuel Environment) -------------------------------------- - -6.3 Configure the OPNFV environment ------------------------------------ - -6.4 Deploy the OPNFV environment --------------------------------- - -7 Installation health-check -============================= - - -: - -Now that the OPNFV environment has been created, and before the post installation configurations is started, -perform a system health check from the Fuel GUI: - -- Select the "Health check" TAB. -- Select all test-cases -- And click "Run tests" - -All test cases except the following should pass: - -8 Post installation and deployment actions -============================================ - - -: -After the OPNFV deployment is completed, the following manual changes needs to be performed in order -for the system to work according OPNFV standards. - -**Change host OS password:** -Change the Host OS password by...... - -9 References -============= - - -: - -9.1 OPNFV -------------- - -9.2 OpenStack ------------------ - -9.3 OpenDaylight --------------------- - -9.4 Fuel ------------- diff --git a/docs/templates/release-notes.rst b/docs/templates/release-notes.rst deleted file mode 100644 index 6941f181f..000000000 --- a/docs/templates/release-notes.rst +++ /dev/null @@ -1,261 +0,0 @@ -:Authors: Jonas Bjurel (Ericsson) -:Version: 0.1 - -Revision: _sha1_ - -Build date: _date_ - - -====================================================================== -OPNFV Release Note for "Arno-SRx release" - < Component denomination > -====================================================================== - -Abstract -======== - -This document provides the release notes for of . - -License -======= - (c) by - - is licensed under a Creative Commons Attribution 4.0 International License. -You should have received a copy of the license along with this. If not, -see . - - -**Contents** - -1 Version History - -2 Important notes - -3 Summary - -4 Delivery Data - -5 Known Limitations, Issues and Workarounds - -6 Test Result - -7 References - -1 Version history -=================== - -+--------------------+--------------------+--------------------+--------------------+ -| **Date** | **Ver.** | **Author** | **Comment** | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| 2015-04-14 | 0.1.0 | Jonas Bjurel | First draft | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 0.1.1 | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ -| | 1.0 | | | -| | | | | -+--------------------+--------------------+--------------------+--------------------+ - -2 Important notes -=================== - - - -: - -**Attention:** Please be aware that since LSV3 a pre-deploy script must be ran on the Fuel master - -see the OPNFV@Fuel SW installation instructions - -3 Summary -=========== - - - -: - -Arno Fuel@OPNFV is based the OpenStack Fuel upstream project version 6.0.1, -but adds OPNFV unique components such as OpenDaylight version: Helium as well as other OPNFV unique configurations...... - -4 Release Data -================ - - -: - -+--------------------------------------+--------------------------------------+ -| **Project** | E.g. Arno/genesis/fuel@opnfv | -| | | -+--------------------------------------+--------------------------------------+ -| **Repo/commit-ID** | E.g. genesis/adf634a0d4..... | -| | | -+--------------------------------------+--------------------------------------+ -| **Release designation** | E.g. Arno RC2 | -| | | -+--------------------------------------+--------------------------------------+ -| **Release date** | E.g. 2015-04-16 | -| | | -+--------------------------------------+--------------------------------------+ -| **Purpose of the delivery** | E.g. OPNFV Internal quality assurance| -| | | -+--------------------------------------+--------------------------------------+ - -4.1 Version change ------------------- - -4.1.1 Module version changes -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - -: - -- Fuel have changed from 5.1 to 6.0.1 - -- OpenDaylight has changed from Helium-SR1 to Helium-SR2 - -4.1.2 Document version changes -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - -: - -- The Fuel@OPNFV installation guide version has changed from version 0.1 to to 0.2 - -4.2 Reason for version ----------------------- -4.2.1 Feature additions -~~~~~~~~~~~~~~~~~~~~~~~ - - -: - -**JIRA BACK-LOG:** - -+--------------------------------------+--------------------------------------+ -| **JIRA REFERENCE** | **SLOGAN** | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-123 | ADD OpenDaylight ml2 integration | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-456 | Add auto-deployment of Fuel@OPNFV | -| | | -+--------------------------------------+--------------------------------------+ - -4.2.2 Bug corrections -~~~~~~~~~~~~~~~~~~~~~ - -**JIRA TICKETS:** - -+--------------------------------------+--------------------------------------+ -| **JIRA REFERENCE** | **SLOGAN** | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-888 | Fuel doesn't deploy | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-999 | Floating IP doesn't work | -| | | -+--------------------------------------+--------------------------------------+ - -4.3 Deliverables ----------------- - -4.3.1 Software deliverables -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - - -: - -4.3.2 Documentation deliverables -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - - -: - -5 Known Limitations, Issues and Workarounds -============================================ - -5.1 System Limitations -------------------------- - - -: - -**Max number of blades:** 1 Fuel master, 3 Controllers, 20 Compute blades - -**Min number of blades:** 1 Fuel master, 1 Controller, 1 Compute blade - -**Storage:** Ceph is the only supported storage configuration. - -**Max number of networks:** 3800 (Needs special switch config.) - -**L3Agent:** L3 agent and floating IPs is not supported. - -5.2 Known issues -------------------- - - -: - -**JIRA TICKETS:** - -+--------------------------------------+--------------------------------------+ -| **JIRA REFERENCE** | **SLOGAN** | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-987 | Nova-compute process does | -| | not re-spawn when killed | -| | | -+--------------------------------------+--------------------------------------+ -| BGS-654 | MOS 5.1 : neutron net-list returns | -| | "400 Bad request" | -| | | -+--------------------------------------+--------------------------------------+ - -5.3 Workarounds ------------------- - - - -: - -- In case the contact with a compute is lost - restart the compute host -- In case the disk is full on a controller - delete all files in /tmp - -6 Test Result -============== - - -: - -Fuel@OPNFV Arno RC2 has undergone QA test runs with the following results: - -+--------------------------------------+--------------------------------------+ -| **TEST-SUITE** | **Results:** | -| | | -+--------------------------------------+--------------------------------------+ -| Tempest test suite 123 | Following tests failed: | -| | | -| | 1. Image resizing.... | -| | | -| | 2. Heat deploy.... | -+--------------------------------------+--------------------------------------+ -| Robot test suite 456 | Following tests failed: | -| | | -| | 1....... | -| | | -| | 2....... | -+--------------------------------------+--------------------------------------+ - -7 References -============= - - -: - -For more information on the OPNFV Arno release, please see: - -http://wiki.opnfv.org/release/arno diff --git a/docs/testframework/framework.installation.procedure.render.rst b/docs/testframework/framework.installation.procedure.render.rst deleted file mode 100644 index 8eaa57d12..000000000 --- a/docs/testframework/framework.installation.procedure.render.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - - preparation and installation -============================================= - -.. Explain how to prepare for and install the test framework. -.. Need to identify the target structure of this document with the testing WG - diff --git a/docs/testframework/framework.userguide.render.rst b/docs/testframework/framework.userguide.render.rst deleted file mode 100644 index 3f9993c13..000000000 --- a/docs/testframework/framework.userguide.render.rst +++ /dev/null @@ -1,10 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) - - userguide and reporting document -================================================= - -.. Explain how to use the test framework and read reports/results. -.. Need to identify the target structure of this document with the testing WG - diff --git a/docs/testframework/index.rst b/docs/testframework/index.rst deleted file mode 100644 index 16521c141..000000000 --- a/docs/testframework/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -***************************** -OPNFV Test Framework document -***************************** - -.. toctree:: - :maxdepth: 2 - - ./abstract - ./opnfv.testframework.overview - ./framework.installation.procedure.render - ./framework.userguide.render - diff --git a/docs/testframework/opnfv.testframework.overview.rst b/docs/testframework/opnfv.testframework.overview.rst deleted file mode 100644 index 92cc88685..000000000 --- a/docs/testframework/opnfv.testframework.overview.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -================================== -Using the test frameworks in OPNFV -================================== - -Testing is one of the key activities in OPNFV, validation can include component level testing, -system testing, automated deployment validation and performance characteristics testing. - -The following section outlines how to use the test projects that are delivered on the -OPNFV platform for the purpose of testing components and VNFs in the context of a -Brahmaputra deployment. - -Needs to be completed according to the testing WG needs. - diff --git a/docs/testing/testframework/framework.installation.procedure.render.rst b/docs/testing/testframework/framework.installation.procedure.render.rst new file mode 100644 index 000000000..8eaa57d12 --- /dev/null +++ b/docs/testing/testframework/framework.installation.procedure.render.rst @@ -0,0 +1,10 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + + preparation and installation +============================================= + +.. Explain how to prepare for and install the test framework. +.. Need to identify the target structure of this document with the testing WG + diff --git a/docs/testing/testframework/framework.userguide.render.rst b/docs/testing/testframework/framework.userguide.render.rst new file mode 100644 index 000000000..3f9993c13 --- /dev/null +++ b/docs/testing/testframework/framework.userguide.render.rst @@ -0,0 +1,10 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) + + userguide and reporting document +================================================= + +.. Explain how to use the test framework and read reports/results. +.. Need to identify the target structure of this document with the testing WG + diff --git a/docs/testing/testframework/index.rst b/docs/testing/testframework/index.rst new file mode 100644 index 000000000..16521c141 --- /dev/null +++ b/docs/testing/testframework/index.rst @@ -0,0 +1,16 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Christopher Price (Ericsson AB) + +***************************** +OPNFV Test Framework document +***************************** + +.. toctree:: + :maxdepth: 2 + + ./abstract + ./opnfv.testframework.overview + ./framework.installation.procedure.render + ./framework.userguide.render + diff --git a/docs/testing/testframework/opnfv.testframework.overview.rst b/docs/testing/testframework/opnfv.testframework.overview.rst new file mode 100644 index 000000000..92cc88685 --- /dev/null +++ b/docs/testing/testframework/opnfv.testframework.overview.rst @@ -0,0 +1,17 @@ +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 +.. (c) Christopher Price (Ericsson AB) + +================================== +Using the test frameworks in OPNFV +================================== + +Testing is one of the key activities in OPNFV, validation can include component level testing, +system testing, automated deployment validation and performance characteristics testing. + +The following section outlines how to use the test projects that are delivered on the +OPNFV platform for the purpose of testing components and VNFs in the context of a +Brahmaputra deployment. + +Needs to be completed according to the testing WG needs. + diff --git a/docs/userguide/index.rst b/docs/userguide/index.rst deleted file mode 100644 index faa5dbd94..000000000 --- a/docs/userguide/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Christopher Price (Ericsson AB) - -**************** -OPNFV User Guide -**************** - -.. toctree:: - :numbered: - :maxdepth: 2 - - ./userguide.introduction.rst - diff --git a/docs/userguide/userguide.introduction.rst b/docs/userguide/userguide.introduction.rst deleted file mode 100644 index 48112e78e..000000000 --- a/docs/userguide/userguide.introduction.rst +++ /dev/null @@ -1,85 +0,0 @@ -.. This work is licensed under a Creative Commons Attribution 4.0 International License. -.. http://creativecommons.org/licenses/by/4.0 -.. (c) Sofia Wallin (sofia.wallin@ericssion.com) - -======== -Abstract -======== - -OPNFV is a collaborative project aimed at providing a variety of virtualization -deployments intended to host applications serving the networking and carrier -industry. This document provides guidance and instructions for using platform -features designed to support these applications, made available in the OPNFV -Colorado release. - -This document is not intended to replace or replicate documentation from other -open source projects such as OpenStack or OpenDaylight, rather highlight the -features and capabilities delivered through the OPNFV project. - -============ -Introduction -============ - -OPNFV provides a suite of scenarios, infrastructure depoyment options, which -are able to be installed to host virtualized network functions (VNFs). -This guide intends to help users of the platform leverage the features and -capabilities delivered by the OPNFV project in support of these applications. - -OPNFV Continuous Integration builds, deploys and tests combinations of virtual -infrastructure components in what are defined as scenarios. A scenario may -include components such as OpenStack, OpenDaylight, OVS, KVM etc. where each -scenario will include different source components or configurations. Scenarios -are designed to enable specific features and capabilities in the platform that -can be leveraged by the OPNFV user community. - -================ -Feature Overview -================ - -The following links outline the feature deliveries from the participant OPNFV -projects in the Colorado release. Each of the participating projects provides -detailed descriptions about the delivered features. Including use cases, -implementation and configuration specifics on a per OPNFV project basis. - -The following are Configuration Guides and User Guides and assume that the reader has already some -information about a given projects specifics and deliverables. These guides -are intended to be used following the installation of a given OPNFV installer -to allow a user to deploy and implement feature delivered by OPNFV. - -If you are unsure about the specifics of a given project, please refer to the -OPNFV projects home page, found on http://wiki.opnfv.org, for specific details. - -You can find project specific usage and configuration information below: - -Feature Configuration Guides -============================ - -- `Armband configuration guide `_ -- `Copper configuration guide `_ -- `Doctor configuration guide `_ -- `IPv6 configuration guide `_ -- `KVMforNFV configuration guide `_ -- `Moon configuration guide `_ -- `Multisite configuration guide `_ -- `ONOSFW configuration guide `_ -- `OVSNFV configuration guide `_ -- `Promise configuration guide `_ -- `SFC configuration guide `_ - - -Feature User Guides -=================== - -- `Copper user guide `_ -- `Doctor user guide `_ -- `Domino user guide `_ -- `IPv6 user guide `_ -- `KVMforNFV user guide `_ -- `Moon user guide `_ -- `Multisite user guide `_ -- `ONOSFW user guide `_ -- `OVSNFV user guide `_ -- `Parser user guide `_ -- `Promise user guide `_ -- `SDNVPN user guide `_ -- `SFC user guide `_ -- cgit 1.2.3-korg