From 48846f1ed9dc3506a37b218dc208d2522f4786fd Mon Sep 17 00:00:00 2001 From: Rashmi Pujar Date: Sun, 21 Mar 2021 23:39:27 -0400 Subject: Update CDS doc to remove legacy operational policy Issue-ID: POLICY-3137 Signed-off-by: Rashmi Pujar Change-Id: Ibe71b0c806f0efa12306133ee48a416657b610dc (cherry picked from commit b75020e56e277557616f99ccfdf33520a522e40a) --- docs/development/actors/cds/cds.rst | 218 ++++++++++++++++-------------------- 1 file changed, 95 insertions(+), 123 deletions(-) diff --git a/docs/development/actors/cds/cds.rst b/docs/development/actors/cds/cds.rst index 04b74261..36eaf0d6 100644 --- a/docs/development/actors/cds/cds.rst +++ b/docs/development/actors/cds/cds.rst @@ -268,154 +268,126 @@ Sample CBA execute request generated by Policy for VNF target type when "data" f 4. Operational Policy configuration to use CDS as an actor ========================================================== -TODO: Update the documentation once Operational Policy is made TOSCA compliant as per: -https://wiki.onap.org/display/DW/TOSCA+Compliant+Policy+Types +4.1 TOSCA compliant Control Loop Operational Policy to support CDS actor +------------------------------------------------------------------------ -Until then below is how to configure the Operational Policy to use CDS as an actor using the Policy API. +A common base TOSCA policy type for defining an operational policy is documented below: -For integration testing use CLAMP UI to configure the Operational Policy +* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.Common.yaml;h=fe6f974bb98a90e2e41639621ba35cc853679ee5;hb=refs/heads/guilin -4.1 Background --------------- -For detailed description of the Operational Policy YAML specification refer to: +APEX PDP specific operational policy is derived from the common operational TOSCA policy type as defined in the link below: +* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Apex.yaml;h=54b69c2d8a78ab7fd8d41d3f7c05632c4d7e433d;hb=refs/heads/guilin -* https://gerrit.onap.org/r/gitweb?p=policy/drools-applications.git;a=blob;f=controlloop/common/policy-yaml/README-v2.0.0.md;h=eadaf658a52eac0d0cf6603025ef8b4c760f553b;hb=refs/heads/guilin -* https://wiki.onap.org/display/DW/Control+Loop+Operational+Policy +Drools PDP specific operational policy is also derived from the common operational TOSCA policy type and is defined in the link below: +* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Drools.yaml;h=69d73db5827cb6743172f9e0b1930eca8ba4ec0c;hb=refs/heads/guilin -4.2 Control Loop Operational Policy YAML to use the CDS actor -------------------------------------------------------------- +For integration testing CLAMP UI can be used to configure the Operational Policy. -Below is a template for configuring the Operational Policy to use CDS as an actor. +E.g. Sample Operational Policy definition for vFW usecase to use CDS as an actor: .. code-block:: bash - controlLoop: - version: 2.0.0 - controlLoopName: {{Unique ID for the Control Loop, must match one of the IDs defined in the list of policies below}} - trigger_policy: {{ID of operation policy defined below to specify which policy to trigger first}} - timeout: {{Overall timeout for the Control loop Operational policy}} - abatement: false - policies: - - id: {{ID of the Operation policy}} - name: {{Name of the Operation policy}} - description: {{Description of the Operation policy}} - actor: {{Identifies the actor of choice for remediation, in this case: CDS}} - recipe: {{Identifies the CDS action-name}} - target: - resourceID: {{SDC resource ID: E.g. modelInvariant ID of the vFW generic VNF; empty for PNF}} - type: {{Identifies the type of target, possible values: VNF, PNF}} - payload: - artifact_name: {{Name of the blueprint to execute if CDS is the actor}} - artifact_version: {{Version of the blueprint to execute if CDS is the actor}} - mode: async - data: {{Additional static data required by the blueprint if CDS is the actor}} - retry: 0 - timeout: {{Timeout in seconds for the actor to perform the operation}} - success: final_success - failure: final_failure - failure_timeout: final_failure_timeout - failure_retries: final_failure_retries - failure_exception: final_failure_exception - failure_guard: final_failure_guard - -E.g. Sample Operational Policy YAML for vFW usecase: - -.. code-block:: bash - - controlLoop: - version: 2.0.0 - controlLoopName: ControlLoop-vFirewall-7e4fbe9c-d612-4ec5-bbf8-605aeabdb677 - trigger_policy: unique-policy-id-1-modifyConfig - timeout: 60 - abatement: false - policies: - - id: unique-policy-id-1-modifyConfig - name: modifyconfig-cds-actor - description: - actor: CDS - recipe: modify-config - target: - resourceID: 7e4fbe9c-d612-4ec5-bbf8-605aeabdb677 - type: VNF - payload: - artifact_name: vFW-CDS - artifact_version: 1.0.0 - data: '{"active-streams":"7"}' - retry: 0 - timeout: 30 - success: final_success - failure: final_failure - failure_timeout: final_failure_timeout - failure_retries: final_failure_retries - failure_exception: final_failure_exception - failure_guard: final_failure_guard - -4.3 API to configure the Control Loop Operational policy + tosca_definitions_version: tosca_simple_yaml_1_1_0 + topology_template: + policies: + - operational.modifyconfig.cds: + type: onap.policies.controlloop.operational.common.Drools + type_version: 1.0.0 + version: 1.0.0 + metadata: + policy-id: operational.modifyconfig.cds + properties: + id: ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a + timeout: 1200 + abatement: false + trigger: unique-policy-id-1-modifyConfig + operations: + - id: unique-policy-id-1-modifyConfig + description: Modify the packet generator + operation: + actor: CDS + operation: ModifyConfig + target: + targetType: VNF + entityId: + resourceID: bbb3cefd-01c8-413c-9bdd-2b92f9ca3d38 + payload: + artifact_name: vfw-cds + artifact_version: 1.0.0 + mode: async + data: '{"active-streams":"7"}' + timeout: 300 + retries: 0 + success: final_success + failure: final_failure + failure_timeout: final_failure_timeout + failure_retries: final_failure_retries + failure_exception: final_failure_exception + failure_guard: final_failure_guard + controllerName: usecases + +4.2 API to configure the Control Loop Operational policy -------------------------------------------------------- -Once the YAML is built, we need to encode it in order to embed it into the payload to configure the operational policy. -Assuming the YAML is saved into a file by name "policy.yaml", use the below script to encode the spaces and tabs: - -.. code-block:: bash - - #!/usr/env/bin python3 - import urllib - with open('policy.yaml') as f: - v = f.read() - v = urllib.quote_plus(v) - print(v) +4.2.1 Policy creation +********************* -The encoded YAML data from the above step needs to be substituted into the following payload template to create -the operational policy. +Policy API endpoint is used to create policy i.e. an instance of the TOSCA compliant Operational policy type. +E.g. For vFW usecase the policy-type is "onap.policies.controlloop.operational.common.Drools". -Note: In the below rest endpoint, the hostname points to K8S service "policy-api" and internal port 6969. +In the below rest endpoint, the hostname points to K8S service "policy-api" and internal port 6969. .. code-block:: bash - curl -X POST \ - https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies \ - -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \ - -H 'Accept: application/json' \ - -H 'Content-Type: application/json' \ - -d '{ - "policy-id" : "operational.modifyconfig", - "content" : "$encoded_yaml_data" - }' - -The response to this rest endpoint returns something like below: + curl POST 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \ + -H 'Accept: application/json' \ + -H 'Content-Type: application/json' \ + -H 'Authorization: Basic aGVhbHRoY2hlY2s6ZmlyZWFudHNfZGV2QHBvbGljeSE=' \ + -d '{$vfw-tosca-policy} -.. code-block:: bash +Note: In order to create an operational policy when using APEX PDP use the policy-type: +"onap.policies.controlloop.operational.common.Apex". - { - "policy-id": "operational.modifyconfig", - "policy-version": "1", - "content": "$data" - } +4.2.2 Policy deployment to PDP +****************************** -To run the below request, for policy-version use the response above into the format "${policy-version_from_last_call}.0.0") -Note: In the rest endpoint URI, the hostname points to the service "policy-pap" and internal port 6969. +Policy PAP endpoint is used in order to deploy the policy to the appropriate PDP instance. +In the rest endpoint URI, the hostname points to the service "policy-pap" and internal port 6969. .. code-block:: bash - curl -X POST \ - https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps/policies \ - -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \ - -H 'Accept: application/json' \ - -H 'Content-Type: application/json' \ - -d '{ - "policies": [ - { - "policy-id": "operational.modifyconfig", - "policy-version": "1.0.0" - } - ] + curl POST 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps/deployments/batch' \ + -H 'Content-Type: application/json' \ + -H 'Accept: application/json' \ + -H 'Authorization: Basic {$auth}' \ + -d '{ + "groups": [ + { + "name": "defaultGroup", + "deploymentSubgroups": [ + { + "pdpType": "drools", + "action": "POST", + "policies": [{ + "name": "operational.modifyconfig.cds", + "version": "1.0.0" + }] + } + ] + } + ] }' To view the configured policies use the below REST API. .. code-block:: bash - curl -X GET \ - https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig \ - -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \ - -H 'Content-Type: application/json' \ + curl GET 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \ + -H 'Accept: application/json' \ + -H 'Authorization: Basic {$auth}' + +.. code-block:: bash + + curl --location --request GET 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps' \ + -H 'Accept: application/json' \ + -H 'Authorization: Basic {$auth}' -- cgit 1.2.3-korg