VNF Package CSAR for ONAP Release 4 Andrei

  • Slides: 7
Download presentation
VNF Package CSAR for ONAP Release 4 Andrei Kojukhov, Ph. D, Amdocs February, 2019

VNF Package CSAR for ONAP Release 4 Andrei Kojukhov, Ph. D, Amdocs February, 2019

Features Adding to ONAP CSAR Rel. 4 ONAP CSAR with non-MANO artifact set (PNF

Features Adding to ONAP CSAR Rel. 4 ONAP CSAR with non-MANO artifact set (PNF package onboarding) o Manifest file Metadata: pnf_xxx o Adding artifacts for PNF package: VES, PM dictionary and configuration YANG files ONAP CSAR - adding security (TSC meeting approval? ) o Option 1 Security features: Adding digests for all artifacts (internal and external) Adding a CMS certificate signature o Option 2 Security features: A signature for the whole CSAR Constrain: No external artifacts

CSAR ONAP with TOSCA. meta File The TOSCA. meta file includes block_0 with the

CSAR ONAP with TOSCA. meta File The TOSCA. meta file includes block_0 with the Entry. Definitions keyword pointing to a TOSCA definitions YAML file used as entry for parsing the contents of the overall CSAR archive – MRF. yaml TOSCA-Meta-File-Version: 1. 0 CSAR-Version: 1. 1 Created-by: Company Name Entry-Definitions: Main. Service. Template. yaml Any TOSCA definitions files besides the one denoted by the Entry-Definitions can be found by processing respective imports statements in the entry definitions file (or in recursively imported files) Any artifact files (e. g. scripts, binaries, configuration files) can be either declared explicitly through blocks in the TOSCA. meta file or pointed to by relative path names through artifact definitions in one of the TOSCA definitions files contained in the CSAR file. 3 !------TOSCA-Metadata !------TOSCA. meta !----- Main. Service. Template. mf !----- Main. Service. Template. yaml !------Definitions !----- Other. Templates (e. g. , type definitions) !------Artifacts !----- install. sh !----- other artifacts !------Licenses !----- file(s) References: - ETSI GS NFV-SOL 004 - TOSCA-Simple-Profile-YAML-v 1. 1

CSAR with ONAP extensions artifacts - example SOL 004 V. 2. 4. 1 supports

CSAR with ONAP extensions artifacts - example SOL 004 V. 2. 4. 1 supports non-MANO extensions !------Main. Service. Template. yaml A relevant fragment of manifest file is shown below with red color additions. CSAR is shown on the right !------Main. Service. Template. mf ……………. !------Definitions !----- Other. Templates (e. g. type definitions) !------Artifacts !----- install. sh !----- other artifacts Source: MRF. yaml Algorithm: SHA-256 Hash: 09 e 5 a 788 acb 180162 c 51679 ae 4 c 998039 fa 6644505 db 2415 e 35107 d 1 ee 213943 !------Licenses !----- file(s) Source: scripts/install. sh Algorithm: SHA-256 !------Lfnetworkingonap Hash: d 0 e 7828293355 a 07 c 2 dccaaa 765 c 80 b 507 e 60 e 6167067 c 950 dc 2 e 6 b 0 da 0 dbd 8 b !----- ves. yaml non_mano_artifact_sets: lf_networking_onap: Source: Lfnetworkingonap/ves. yaml Algorithm: SHA-256 Hash: d 0 e 7828293355 a 07 c 2 dccaaa 765 c 80 b 507 e 60 e 6167067 c 950 dc 2 e 6 b 0 da 0 dbd 8 b ……………. 4 References: - ETSI GS NFV-SOL 004

CSAR with ONAP R 4 extensions artifacts for PNF package !------TOSCA-Metadata Below are fragments

CSAR with ONAP R 4 extensions artifacts for PNF package !------TOSCA-Metadata Below are fragments of manifest file • Artifacts are without digests (Opt. 2) CSAR is shown on the right !------TOSCA. meta !----- Main. Service. Template. mf !----- Main. Service. Template. yaml !------Definitions !----- Other. Templates (e. g. , type definitions) metadata: !------Artifacts pnf_product_name: Radio. Node !----- install. sh pnf_provider_id: Ericsson !—---Deployment pnf_package_version: 1. 0 !----Events pnf_release_date_time: 2019 -01 -14 T 11: 25: 00+00: 00 !----Radio. Node_Pnf_v 1. yml -------------------------------------------------!----Measurements non_mano_artifact_sets: !----PM_Dictionary. yml lf_networking_onap: !----Yang_module prv. onap. ves_event: # if private else onap_ves_event if public !----yang-module 1. yang Source: Artifacts/Deployment/Events/Radio. Node_Pnf_v 1. yml !----yang-module 2. yang prv. onap. pm_dictionary: # if private else onap_pm_dictionary if public Source: Artifacts/Deployment/Measurements/PM_Dictionary. yml prv. onap. yang_modules: # if private else onap_yang_modules if public Source: Artifacts/Deployment/Yang_module/yang-module 1. yang Source: Artifacts/Deployment/Yang_module/yang-module 2. yang

Adding Security to VNF Package Public Key Based Integrity and Authenticity Security Option 1:

Adding Security to VNF Package Public Key Based Integrity and Authenticity Security Option 1: Manifest file - based if there are both local and external artifacts • A Digest hash per each artifact • Manifest file is signed with VNF provider • • private key VNF provider’s certificate includes a VNF provider public key The certificate may be a separate artifact or included in the signature container, e. g. CMS Security Option 2: CSAR-based if all artifacts are located inside a CSAR • CSAR file is digitally signed with the VNF 6 Option 1 Manifest file VNF Package metadata Artifact 1 Artifact N Path/URI Hash . . . Manifest file Signature Signing Certificate VNF Package. zip Option 2 VNFPackage. csar provider private key (all artifacts. . ) • No digest hash per each artifact VNFPackage. csar • VNF provider delivers one zip file containing a or Signature CSAR file, a signature file and a certificate file that includes a VNF provider public key Signing Certificate • The certificate may be a separate artifact or included in the signature container, e. g. CMS Key different: Option 1 has two level security protection, whereas option 2 has one level Both options rely on existence in the NFVO of a root certificate of a trusted certificate authority, delivered via a trusted channel separately from a VNF package

VNF Package Manifest File with Security support – Opt. 1 VNF package metadata A

VNF Package Manifest File with Security support – Opt. 1 VNF package metadata A list of blocks each is related to one file in the VNF package, including • Source: artifact URI • Algorithm: name of an algorithm used to generate the hash • Hash: text string corresponding to the hexadecimal representation of the hash Manifest file Signature 7 metadata: vnf_product_name: v. MRF-1 -0 -0 vnf_provider_id: Acme vnf_package_version: 1. 0 vnf_release_data_time: 2017. 01 T 10: 00+03: 00 Source: MRF. yaml Algorithm: SHA-256 Hash: 09 e 5 a 788 acb 180162 c 51679 ae 4 c 998039 fa 6644505 db 2415 e 35107 d 1 ee 213943 Source: scripts/install. sh Algorithm: SHA-256 Hash: d 0 e 7828293355 a 07 c 2 dccaaa 765 c 80 b 507 e 60 e 6167067 c 950 dc 2 e 6 b 0 da 0 dbd 8 b Source: https: //www. vendor_org. com/MRF/v 4. 1/scripts/scale. sh Algorithm: SHA-256 Hash: 36 f 945953929812 aca 2701 b 114 b 068 c 71 bd 8 c 95 ceb 3609711428 c 26325649165 -----BEGIN CMS----MIGDBgsqhki. G 9 w 0 BCRABCa. B 0 MHICAQAw. DQYLKo. ZIhvc. NAQk. QAwgw. Xg. YJKo. ZIhvc. N AQc. Bo. FEET 3 icc 87 PK 0 n. NK 9 ENq. Sx. It. VIo. Sa 0 o 0 S/IScz. Ms 1 ZIzkgs. Kk 4 ts. Q 0 N 1 n. UM dvb 05 OXi 5 XLPLEt. Vi. Mwv. LVLw. SE 0 s. Kl. FIVHAq. Sk 3 MBkk. BAJv 0 Fx 0= -----END CMS----- References: - IANA register for Hash Function Textual Names https: //www. iana. org/assignments/hash-function-text-names. xhtml

VNF Package CSAR for ONAP Release 4 AndreiVNF Package CSAR for ONAP Release 4 Andrei
VNF Package CSAR for ONAP Release 2 addingVNF Package CSAR for ONAP Release 2 adding
VNF Package CSAR Format Tal Halfon Amdocs AndreiVNF Package CSAR Format Tal Halfon Amdocs Andrei
VNF Package CSAR Format Tal Halfon Amdocs AndreiVNF Package CSAR Format Tal Halfon Amdocs Andrei
VNF Package CSAR Format Tal Halfon Amdocs AndreiVNF Package CSAR Format Tal Halfon Amdocs Andrei
VNF Package CSAR Format Tal Halfon Amdocs AndreiVNF Package CSAR Format Tal Halfon Amdocs Andrei