Use Azure Operator Service Manager (AOSM) CLI extension
In this how-to guide, Network Function Publishers and Service Designers learn how to use the Azure CLI extension to get started with Network Function Definitions (NFDs) and Network Service Designs (NSDs).
The az aosm
CLI extension is intended to provide support for publishing Azure Operator Service Manager designs and definitions. The CLI extension aids in the process of publishing Network Function Definitions (NFDs) and Network Service Designs (NSDs) to use with Azure Operator Service Manager.
Prerequisites
Contact your Microsoft account team to register your Azure subscription for access to Azure Operator Service Manager (AOSM) or express your interest through the partner registration form.
Download and install Azure CLI
Use the Bash environment in the Azure cloud shell. For more information, see Start the Cloud Shell to use Bash environment in Azure Cloud Shell.
For users that prefer to run CLI reference commands locally refer to How to install the Azure CLI.
If you're running on Window or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign into the Azure CLI using the az login
command and complete the prompts displayed in your terminal to finish authentication. For more sign-in options, refer to Sign in with Azure CLI.
Install Azure Operator Service Manager (AOSM) CLI extension
Install the Azure Operator Service Manager (AOSM) CLI extension using this command:
az extension add --name aosm
- Run
az version
to see the version and dependent libraries that are installed. - Run
az upgrade
to upgrade to the current version of Azure CLI.
Register and verify required resource providers
Before you begin using the Azure Operator Service Manager, make sure to register the required resource provider. Execute the following commands. This registration process can take up to 5 minutes.
# Register Resource Provider
az provider register --namespace Microsoft.HybridNetwork
az provider register --namespace Microsoft.ContainerRegistry
Verify the registration status of the resource providers. Execute the following commands.
# Query the Resource Provider
az provider show -n Microsoft.HybridNetwork --query "{RegistrationState: registrationState, ProviderName: namespace}"
az provider show -n Microsoft.ContainerRegistry --query "{RegistrationState: registrationState, ProviderName: namespace}"
Note
It may take a few minutes for the resource provider registration to complete. Once the registration is successful, you can proceed with using the Azure Operator Service Manager (AOSM).
Containerized Network Function (CNF) requirements
For those utilizing Containerized Network Functions, it's essential to ensure that the following packages are installed on the machine from which you're executing the CLI:
- Install Helm, refer to Install Helm CLI.
- In some circumstances, install docker, refer to Install the Docker Engine. Only needed if the source image is in your local docker repository, or you don't have subscription-wide permissions required to push charts and images.
Permissions
An Azure account with an active subscription is required. If you don't have an Azure subscription, follow the instructions here Start free to create an account before you begin.
You require the Contributor role over this subscription in order to create a Resource Group, or an existing Resource Group where you have the Contributor role.
Permissions for publishing CNFs
If sourcing the CNF images from an existing ACR, you need to have Reader
/AcrPull
permissions from this ACR, and ideally, Contributor
role + AcrPush
role (or a custom role that allows the importImage
action and AcrPush
) over the whole subscription in order to be able to import to the new Artifact store. If you have these, you don't need docker to be installed locally, and the image copy is quick.
If you don't have the subscription-wide permissions then you can run the az aosm nfd publish
command using the --no-subscription-permissions
flag to pull the image to your local machine and then push it to the Artifact Store using manifest credentials scoped only to the store. Requires docker to be installed locally.
Azure Operator Service Manager (AOSM) CLI extension overview
Network Function Publishers and Service Designers use the Azure CLI extension to help with the publishing of Network Function Definitions (NFDs) and Network Service Designs (NSDs).
As explained in Roles and Interfaces, a Network Function Publisher has various responsibilities. The CLI extension assists with the items shown in bold:
- Create the network function.
- Encode that in a Network Function Design (NFD).
- Determine the deployment parameters to expose to the Service Designer.
- Onboard the Network Function Design (NFD) to Azure Operator Service Manager (AOSM).
- Upload the associated artifacts.
- Validate the Network Function Design (NFD).
A Service Designer also has various responsibilities, of which the CLI extension assists with the items in bold:
- Choose which Network Function Definitions are included in the Service Design.
- Encode that into a Network Service Design.
- Combine Azure infrastructure into the Network Service Design.
- Determine how to parametrize the service by defining one or more Configuration Group Schemas (CGSs).
- Determine how inputs from the Service Operator map down to parameters required by the Network Function Definitions and the Azure infrastructure.
- Onboard the Network Service Design (NSD) to Azure Operator Service Manager (AOSM).
- Upload the associated artifacts.
- Validate the Network Service Design (NSD).
Workflow summary
A generic workflow of using the CLI extension is:
Find the prerequisite items you require for your use-case.
Run a
generate-config
command to output an example JSON config file for subsequent commands.Fill in the config file.
Run a
build
command to output one or more bicep templates for your Network Function Definition or Network Service Design.Review the output of the build command, edit the output as necessary for your requirements.
Run a
publish
command to:- Create all prerequisite resources such as Resource Group, Publisher, Artifact Stores, Groups.
- Deploy those bicep templates.
- Upload artifacts to the artifact stores.
VNF start point
For VNFs, you need a single ARM template that would create the Azure resources for your VNF, for example a Virtual Machine, disks and NICs. The ARM template must be stored on the machine from which you're executing the CLI.
For Virtualized Network Function Definition Versions (VNF NFDVs), the networkFunctionApplications list must contain one VhdImageFile and one ARM template. It's unusual to include more than one VhdImageFile and more than one ARM template. Unless you have a strong reason not to, the ARM template should deploy a single VM. The Service Designer should include numerous copies of the Network Function Definition (NFD) with the Network Service Design (NSD) if you want to deploy multiple VMs. The ARM template (for both AzureCore and Nexus) can only deploy ARM resources from the following Resource Providers:
Microsoft.Compute
Microsoft.Network
Microsoft.NetworkCloud
Microsoft.Storage
Microsoft.NetworkFabric
Microsoft.Authorization
Microsoft.ManagedIdentity
You also need a VHD image that would be used for the VNF Virtual Machine. The VHD image can be stored on the machine from which you're executing the CLI, or in Azure blob storage accessible via a SAS URI.
CNF start point
For deployments of Containerized Network Functions (CNFs), it's crucial to have the following stored on the machine from which you're executing the CLI:
Helm Packages with Schema - These packages should be present on your local storage and referenced within the
input.json
configuration file. When following this quickstart, you download the required helm package.Creating a Sample Configuration File - Generate an example configuration file for defining a CNF deployment. Issue this command to generate an
input.json
file that you need to populate with your specific configuration.az aosm nfd generate-config
Images for your CNF - Here are the options:
- A reference to an existing Azure Container Registry that contains the images for your CNF. Currently, only one ACR and namespace are supported per CNF. The images to be copied from this ACR are populated automatically based on the helm package schema. You must have Reader/AcrPull permissions on this ACR. To use this option, fill in
source_registry
and optionallysource_registry_namespace
in the input.json file. - The image name of the source docker image from local machine. This image name is for a limited use case where the CNF only requires a single docker image that exists in the local docker repository. To use this option, fill in
source_local_docker_image
in the input.json file. Requires docker to be installed. This quickstart guides you through downloading an nginx docker image to use for this option.
- A reference to an existing Azure Container Registry that contains the images for your CNF. Currently, only one ACR and namespace are supported per CNF. The images to be copied from this ACR are populated automatically based on the helm package schema. You must have Reader/AcrPull permissions on this ACR. To use this option, fill in
Optional: Mapping File (path_to_mappings): Optionally, you can provide a file (on disk) named path_to_mappings. This file should mirror
values.yaml
, with your selected values replaced by deployment parameters. Doing so exposes them as parameters to the CNF. Or, you can leave this blank ininput.json
and the CLI generates the file. By default in this case, every value withinvalues.yaml
is exposed as a deployment parameter. Alternatively use the--interactive
CLI argument to interactively make choices. This quickstart guides you through creation of this file.
When configuring the input.json
file, ensure that you list the Helm packages in the order they should be deployed. For instance, if package "A" must be deployed before package "B," your input.json
should resemble the following structure:
"helm_packages": [
{
"name": "A",
"path_to_chart": "Path to package A",
"path_to_mappings": "Path to package A mappings",
"depends_on": [
"Names of the Helm packages this package depends on"
]
},
{
"name": "B",
"path_to_chart": "Path to package B",
"path_to_mappings": "Path to package B mappings",
"depends_on": [
"Names of the Helm packages this package depends on"
]
}
]
Following these guidelines ensures a well organized and structured approach to deploy Containerized Network Functions (CNFs) with Helm packages and associated configurations.
NSD start point
For NSDs, you need to know the details of the Network Function Definitions (NFDs) to incorporate into your design:
- the NFD Publisher resource group
- the NFD Publisher name and scope
- the name of the Network Function Definition Group
- the location, type and version of the Network Function Definition Version
You can use the az aosm nfd
commands to create all of these resources.
Azure Operator Service Manager (AOSM) commands
Use these commands before you begin:
az login
used to sign in to the Azure CLI.az account set --subscription <subscription>
used to choose the subscription you want to work on.
NFD commands
Get help on command arguments:
az aosm -h
az aosm nfd -h
az aosm nfd build -h
Definition type commands
All these commands take a --definition-type
argument of vnf
or cnf
.
Create an example config file for building a definition:
az aosm nfd generate-config
This command outputs a file called input.json
, which must be filled in. Once the config file is filled in the following commands can be run.
Build an NFD definition locally:
az aosm nfd build --config-file input.json
More options on building an NFD definition locally:
Choose which of the VNF ARM template parameters you want to expose as NFD deploymentParameters, with the option of interactively choosing each one:
az aosm nfd build --config-file input.json --definition_type vnf --order_params
az aosm nfd build --config-file input.json --definition_type vnf --order_params --interactive
Choose which of the CNF Helm values parameters you want to expose as NFD deploymentParameters:
az aosm nfd build --config-file input.json --definition_type cnf --interactive
Publish a prebuilt definition:
az aosm nfd publish --config-file input.json
Delete a published definition:
az aosm nfd delete --config-file input.json
Delete a published definition and the publisher, artifact stores and NFD group:
az aosm nfd delete --config-file input.json --clean
NSD commands
Get help on command arguments:
az aosm -h
az aosm nsd -h
az aosm nsd build -h
Create an example config file for building a definition:
az aosm nsd generate-config
This command outputs a file called input.json
, which must be filled in. Once the config file is filled in the following commands can be run.
Build an NSD locally:
az aosm nsd build --config-file input.json
Publish a prebuilt design:
az aosm nsd publish --config-file input.json
Delete a published design:
az aosm nsd delete --config-file input.json
Delete a published design and the publisher, artifact stores and NSD group:
az aosm nsd delete --config-file input.json --clean
Edit the build output before publishing
The az aosm
CLI extension is intended to provide support for publishing Azure Operator Service Manager designs and definitions. It provides the building blocks for creating complex custom designs and definitions. You can edit the files output by the build
command before running the publish
command, to add more complex or custom features.
The full API reference for Azure Operator Service Manager is here: Azure Hybrid Network REST API.
The following sections describe some common ways that you can use to edit the built files before publishing.
Network Function Definitions (NFDs)
- Change the
versionState
of thenetworkfunctiondefinitionversions
resource fromPreview
toActive
. Active NFDVs are immutable whereas Preview NFDVs are mutable and in draft state. - For CNFs, change the
releaseNamespace
of thehelmMappingRuleProfile
to change the kubernetes namespace that the chart is deployed to.
Network Service Designs (NSDs)
- Add Azure Infrastructure to your Network Service Design (NSD). Adding Azure infrastructure to your can involve:
- Writing ARM templates to deploy the infrastructure.
- Adding Configuration Group Schemas(CGSs) for these ARM templates.
- Adding
ResourceElementTemplates
(RETs) of typeArmResourceDefinition
to your NSD. The RETs look the same asNetworkFunctionDefinition
RETs apart from thetype
field. - Adding the infrastructure ARM templates to the
artifact_manifest.bicep
file. - Editing the
configMappings
files to incorporate any outputs from the infrastructure templates as inputs to theNetworkFunctionDefinition
ResourceElementTemplates. For example:"customLocationId": "{outputparameters('infraretname').infraretname.customLocationId.value}"
- Editing the
dependsOnProfile
for theNetworkFunctionDefinition
ResourceElementTemplates (RETs) to ensure that infrastructure RETs are deployed before NF RETs.
- Change the
versionState
of thenetworkservicedesignversions
resource fromPreview
toActive
. Active NSDs are immutable whereas Preview NSDs are mutable and in draft state.
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for