summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore5
-rw-r--r--dcae-services-policy-sync/Changelog.md14
-rw-r--r--dcae-services-policy-sync/README.md24
-rw-r--r--dcae-services-policy-sync/policysync/cmd.py1
-rw-r--r--dcae-services-policy-sync/resources/slicems-policy-examples/deploy.json8
-rw-r--r--dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy.json23
-rw-r--r--dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy_type.json34
-rw-r--r--dcae-services-policy-sync/resources/son-handler-policy-examples/deploy.json8
-rw-r--r--dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy.json27
-rw-r--r--dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy_type.json33
10 files changed, 171 insertions, 6 deletions
diff --git a/.gitignore b/.gitignore
index 1d74e21..7769e4a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,6 @@
+### VS Code ###
.vscode/
+
+### IntelliJ IDEA ###
+.idea/
+*.iml
diff --git a/dcae-services-policy-sync/Changelog.md b/dcae-services-policy-sync/Changelog.md
new file mode 100644
index 0000000..45b3571
--- /dev/null
+++ b/dcae-services-policy-sync/Changelog.md
@@ -0,0 +1,14 @@
+# Change Log
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](http://keepachangelog.com/)
+and this project adheres to [Semantic Versioning](http://semver.org/).
+
+## [1.0.1] - 2022-08-02
+ - [DCAEGEN2-3195] Add readme instructions for policy sync usage and policy examples.
+ - [DCAEGEN2-2739] Fix output file permssion.
+ - [DCAEGEN2-2735] Fix cert issue on policy sync.
+
+## [1.0.0] - 2021-02-18
+ - [DCAEGEN2-2556] For use by helm microservices to receive policy.
+
diff --git a/dcae-services-policy-sync/README.md b/dcae-services-policy-sync/README.md
index 519aea6..7dfa09e 100644
--- a/dcae-services-policy-sync/README.md
+++ b/dcae-services-policy-sync/README.md
@@ -1,11 +1,13 @@
# Policy Sync
This page serves as an implementation for the Policy sync container described in the [wiki](https://wiki.onap.org/display/DW/Policy+function+as+Sidecar)
-
Policy Sync utility is a python based utility that interfaces with the ONAP/ECOMP policy websocket and REST APIs. It is designed to keep a local listing of policies in sync with an environment's policy distribution point (PDP). It functions well as a Kubernetes sidecar container which can pull down the latest policies for consumption by an application container.
The sync utility primarily utilizes the PDP's websocket notification API to receive policy update notifications. It also includes a periodic check of the PDP for resilliency purposes in the event of websocket API issues.
+Policy Sync provides a way to realize runtime configuration for DCAE microservices through Policy Module.
+
+Currently, SON-Handler and SliceMS is utilizing policy sync.
## Build and Run
Easiest way to use is via docker by building the provided docker file
@@ -39,7 +41,7 @@ General configuration that is used regardless of which PDP API you are using.
| POLICY_SYNC_PDP_URL | --pdp-url | PDP URL to query | None (must be set in env or flag) |
| POLICY_SYNC_FILTER | --filters | yaml list of regex of policies to match | [] |
| POLICY_SYNC_ID | --ids | yaml list of ids of policies to match | [] |
-| POLICY_SYNC_DURATION | --duration | duration in seconds for periodic checks | 2600 |
+| POLICY_SYNC_DURATION | --duration | duration in seconds for periodic checks | 1200 |
| POLICY_SYNC_OUTFILE | --outfile | File to output policies to | ./policies.json |
| POLICY_SYNC_PDP_USER | --pdp-user | Set user if you need basic auth for PDP | None |
| POLICY_SYNC_PDP_PASS | --pdp-password | Set pass if you need basic auth for PDP | None |
@@ -85,7 +87,7 @@ docker run
--env POLICY_SYNC_V1_DMAAP_USER='<pass>' \
--env POLICY_SYNC_ID=['DCAE.Config_MS_AGING_UVERSE_PROD'] \
-v $(pwd)/policy-volume:/etc/policy \
- nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.0
+ nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.1
```
Or on Kubernetes:
@@ -125,7 +127,7 @@ spec:
# Sample app that uses inotifyd (part of busybox/alpine). For demonstration purposes only...
- name: main
- image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.0
+ image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.1
volumeMounts:
- name: policy-shared
mountPath: /etc/policies.json
@@ -137,7 +139,7 @@ spec:
# The sidecar app which keeps the policies in sync
- name: policy-sync
- image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.0
+ image: nexus3.onap.org:10001/onap/org.onap.dcaegen2.deployments.policy-sync:1.0.1
envFrom:
- configMapRef:
name: special-config
@@ -147,4 +149,14 @@ spec:
mountPath: /etc/policies
```
-
+## How to apply
+Steps to utilize policy sync as a way to do runtime configuration:
+1. Create policy Type: curl -k -v --user '<policyApiUserName>:<policyApiPassword>' -X POST "https://{{Policy-API-IP}}:6969/policy/api/v1/policytypes" -H "Content-Type:application/json" -H "Accept: application/json" -d @policy_type.json
+2. Create xcaml policy: curl -v -k --silent --user '<policyApiUserName>:<policyApiPassword>' -X POST "https://{{Policy-API-IP}}:6969/policy/api/v1/policytypes/{{PolicyType}}}/versions/{PolicyVersion}/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @policy.json
+ * URL param "PolicyType" value is used to tell policy api which policy type should the current policy belongs to
+ * URL param "PolicyType" value should refer to Policy Type Name you define in policy_type.json
+ * URL param "PolicyVersion" value should refer to Version you define in policy.json
+ * "Policy Id" defines in policy.json should be consistent with the "policyID" in /oom/kubernetes/dcaegen2-services/components/dcae-slice-analysis-ms/values.yaml
+3. Deploy policy to xacml pdp engine: curl --silent -k --user '<policyApiUserName>:<policyApiPassword>' -X POST "https://{{Policy-PAP-IP}}:6969/policy/pap/v1/pdps/policies" -H "Accept: application/json" -H "Content-Type: application/json" -d @deploy.json
+4. Example policy_type.json, policy.json, deploy.json can be found in resources
+Notice: Default '<policyApiUserName>:<policyApiPassword>' & '<policyApiUserName>:<policyApiPassword>' value is 'policyadmin:zb!XztG34'
diff --git a/dcae-services-policy-sync/policysync/cmd.py b/dcae-services-policy-sync/policysync/cmd.py
index 9055674..6a944cc 100644
--- a/dcae-services-policy-sync/policysync/cmd.py
+++ b/dcae-services-policy-sync/policysync/cmd.py
@@ -1,5 +1,6 @@
# ============LICENSE_START=======================================================
# Copyright (c) 2021 AT&T Intellectual Property. All rights reserved.
+# Copyright (C) 2022 Huawei Technologies Co., Ltd. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
diff --git a/dcae-services-policy-sync/resources/slicems-policy-examples/deploy.json b/dcae-services-policy-sync/resources/slicems-policy-examples/deploy.json
new file mode 100644
index 0000000..1e22ce4
--- /dev/null
+++ b/dcae-services-policy-sync/resources/slicems-policy-examples/deploy.json
@@ -0,0 +1,8 @@
+{
+ "policies": [
+ {
+ "policy-id": "onap.dcae.slicems.config",
+ "policy-version": 1
+ }
+ ]
+}
diff --git a/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy.json b/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy.json
new file mode 100644
index 0000000..ec9b273
--- /dev/null
+++ b/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy.json
@@ -0,0 +1,23 @@
+{
+ "tosca_definitions_version": "tosca_simple_yaml_1_1_0",
+ "topology_template": {
+ "policies": [
+ {
+ "onap.dcae.slicems.config": {
+ "type": "onap.policies.monitoring.docker.slicems.app",
+ "type_version": "1.0.0",
+ "version": "1.0.0",
+ "metadata": {
+ "policy-id": "onap.dcae.slicems.config",
+ "policy-version": 1
+ },
+ "properties": {
+ "ves_ccvpn_notification_topic": "on",
+ "ccvpnThreshold": "0.8",
+ "isPeriodicOn": "true"
+ }
+ }
+ }
+ ]
+ }
+}
diff --git a/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy_type.json b/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy_type.json
new file mode 100644
index 0000000..7fb9e43
--- /dev/null
+++ b/dcae-services-policy-sync/resources/slicems-policy-examples/slicems_config_policy_type.json
@@ -0,0 +1,34 @@
+{
+ "tosca_definitions_version": "tosca_simple_yaml_1_1_0",
+ "policy_types": {
+ "onap.policies.monitoring.docker.slicems.app": {
+ "version": "1.0.0",
+ "description": "son handler policy type",
+ "derived_from": "onap.policies.Monitoring:1.0.0",
+ "description": "Runtime Configuration of Slice MS",
+ "properties": {
+ "ves_ccvpn_notification_topic": {
+ "type": "string",
+ "required": false,
+ "description": "set ccvpn dmaap topic listening or not"
+ },
+ "ccvpnThreshold": {
+ "type": "string",
+ "required": false,
+ "description": "ccvpn threshold"
+ },
+ "isPeriodicOn": {
+ "type": "string",
+ "required": false,
+ "description": "close loop bw adjust on"
+ },
+ "cllId": {
+ "type": "string",
+ "required": false,
+ "description": "cloud leased line service id"
+ }
+ }
+ }
+ }
+}
+
diff --git a/dcae-services-policy-sync/resources/son-handler-policy-examples/deploy.json b/dcae-services-policy-sync/resources/son-handler-policy-examples/deploy.json
new file mode 100644
index 0000000..3e12908
--- /dev/null
+++ b/dcae-services-policy-sync/resources/son-handler-policy-examples/deploy.json
@@ -0,0 +1,8 @@
+{
+ "policies": [
+ {
+ "policy-id": "com.Config_PCIMS_CONFIG_POLICY",
+ "policy-version": 1
+ }
+ ]
+}
diff --git a/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy.json b/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy.json
new file mode 100644
index 0000000..4f7066f
--- /dev/null
+++ b/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy.json
@@ -0,0 +1,27 @@
+{
+ "tosca_definitions_version": "tosca_simple_yaml_1_0_0",
+ "topology_template": {
+ "policies": [
+ {
+ "onap.sonhms": {
+ "type": "onap.policies.monitoring.docker.sonhandler.app",
+ "type_version": "1.0.0",
+ "version": "1.0.0",
+ "metadata": {
+ "policy-id": "onap.sonhms",
+ "policy-version": "1"
+ },
+ "properties": {
+ "PCI_SDNR_TARGET_NAME": "SDNR",
+ "PCI_MODCONFIG_POLICY_NAME": "ControlLoop-vPCI-fb41f388-a5f2-11e8-98d0-529269fb1459",
+ "PCI_MODCONFIGANR_POLICY_NAME": "ControlLoop-vSONH-7d4baf04-8875-4d1f-946d-06b874048b61",
+ "PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF": "OOF-PCI-OPTIMIZATION",
+ "PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS": 60
+ }
+ }
+ }
+ ]
+ },
+ "name": "ToscaServiceTemplateSimple",
+ "version": "1.0.0"
+}
diff --git a/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy_type.json b/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy_type.json
new file mode 100644
index 0000000..a36e0da
--- /dev/null
+++ b/dcae-services-policy-sync/resources/son-handler-policy-examples/son_policy_type.json
@@ -0,0 +1,33 @@
+{
+ "tosca_definitions_version": "tosca_simple_yaml_1_0_0",
+ "policy_types":
+ {
+ "onap.policies.monitoring.docker.sonhandler.app": {
+ "version": "1.0.0",
+ "description": "son handler policy type",
+ "derived_from": "onap.policies.Monitoring:1.0.0",
+ "properties": {
+ "PCI_NEIGHBOR_CHANGE_CLUSTER_TIMEOUT_IN_SECS": {
+ "required": true,
+ "type": "string"
+ },
+ "PCI_MODCONFIG_POLICY_NAME": {
+ "required": true,
+ "type": "string"
+ },
+ "PCI_MODCONFIGANR_POLICY_NAME": {
+ "required": true,
+ "type": "string"
+ },
+ "PCI_OPTMIZATION_ALGO_CATEGORY_IN_OOF": {
+ "required": true,
+ "type": "string"
+ },
+ "PCI_SDNR_TARGET_NAME": {
+ "required": true,
+ "type": "string"
+ }
+ }
+ }
+ }
+}