Age | Commit message (Collapse) | Author | Files | Lines |
|
- in R4 Dublin the policy-engine introduced a totally new API
- policy-handler now has a startup option to either use
= the new PDP API (default)
= or the old PDP API that was created-updated before the end of 2018
- to use the old PDP API requires changing either the etc/config.json
or setting up a non-empty env var PDP_API_VERSION on startup:
export PDP_API_VERSION=2018
docker run ... -e PDP_API_VERSION ...
Change-Id: I92941e908849baa94454ae6b094754965a37d470
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-1128
|
|
DCAEGEN2-932:
- mode_of_operation: active or passive
= active is as before this change
= in passive mode the policy-handler
* closes the web-socket to PDP
* skips the periodic catch_ups
* still periodically checks for reconfigure
* still allows usig the web-server to retrieve policies from PDP
- default is active
- when mode_of_operation changes from passive to active,
the policy-handler invokes the catch_up right away
- config-kv contains the optional override field mode_of_operation
= changing the mode_of_operation in config-kv and invoking
POST /reconfigure will bring the new value and change the
mode of operation of the policy-handler if no service_activator
section is provided in consul-kv record
- reduced the default web-socket ping interval from 180 to 30
seconds because PDP changed its default timeout on the web-socket
from 400 seconds to 50 seconds
Change-Id: Iae93746336a38af4248a1c77fdcf98e31ce956bd
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-932
|
|
DCAEGEN2-853:
- stop reporting the absence of policies or updates
as error - this is an expected result == INFO or WARNING
DCAEGEN2-930:
- configurable timeouts for http requests from policy-handler
- added configurable pinging on the web-socket to PDP
Change-Id: I5104eb6c7c044a3bdaf111839593a7e96fa04fa2
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-853
Issue-ID: DCAEGEN2-930
|
|
- reverted changes intended for k8s installation
- apparently, phinputs.yaml is not used by k8s installation,
but by the docker based installation
- related oom change for k8s installtion is
at https://gerrit.onap.org/r/#/c/67795/
Change-Id: Ibf776a020d9851dc296436d964e685ed2c943fb4
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
|
|
- k8s specific routing to policy-engine by hostname "pdp"
- relying on dns to resolve hostname "pdp" to ip address
- expecting to find "pdp" as the hostname in server cert from pdp
policy_engine :
url : "https://pdp:8081"
Change-Id: Ib6b7acfdf1faf26a6e2c86cf8a4f004bbbfd4121
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
|
|
- tls on https and web-socket to policy-engine
- not enabling tls to deployment-handler until that is ready
Change-Id: I6d14204d912bd622891e276093f2d1bb732162fc
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
|
|
- set up tls on policy-handler
- policy-handler expecting the deployment process
to mount certs at /opt/app/policy_handler/etc/tls/certs/
= cert_directory : /opt/app/policy_handler/etc/tls/certs/
= cacert : cacert.pem
- new optional fields tls_ca_mode in config on consul that
specify where to find the cacert.pem for tls per each https/web-socket
values are:
"cert_directory" - use the cacert.pem stored locally in cert_directory
this is the default if cacert.pem file is found
"os_ca_bundle" - use the public ca_bundle provided by linux system.
this is the default if cacert.pem file not found
"do_not_verify" - special hack to turn off the verification by cacert
and hostname
- config on consul now has 2 new fields for policy_engine
= "tls_ca_mode" : "cert_directory"
= "tls_wss_ca_mode" : "cert_directory"
- config on consul now has 1 new field for deploy_handler
= "tls_ca_mode" : "cert_directory"
Change-Id: Ida2d058cad93ddd1a583e1922bc5dc33c145fcba
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-611
|
|
- new interval for reconfigure of policy-handler
Change-Id: Ice1d944f7772ecc06312715b3009c9b0e03413a2
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-470
|
|
- pass cfy_tenant_name in query from policy-handler
to deployment-handler
- new config "query":{"cfy_tenant_name": "default_tenant"}
- limits the single policy-handler to a single cfy_tenant_name
in cloudify under the deployment-handler
Change-Id: I75a79a769a15a53f000c907ed6ab88778b0080a4
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-704
|
|
- inputs:
= removed scope_prefixes as obsolete with 4.0.0
= removed catch_up.max_skips - obsolete with 4.0.0
= added max_msg_length_mb for data segmentation from
policy-handler to deployment handler
Change-Id: I555fdbb8a765d77c2cd0437e8729c0249f8062e3
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-492
|
|
- change application_config of policy-handler to have CLAMP
as a valid scope_prefix
scope_prefixes : ["DCAE.Config_", "CLAMP"]
- config for periodic catch_up
- new config for deployment_handler discovery and url
- removed the duplicate input file for policy-handler
== blueprints/policy_handler_sample_app_config.yaml
Change-Id: Ifcc97cc73c8da398943d8d7bb90fdcadcafdbf8c
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-449
|
|
Change-Id: If7d9149e613bf34d9e8bb183ff5921bc402d3c8e
Signed-off-by: Lusheng Ji <lji@research.att.com>
Issue-ID: DCAEGEN2-325
|
|
Change-Id: I8e5e97640e092b2f27b2103d4e8a1a151a9f80db
Issue-ID: DCAEGEN2-181
Signed-off-by: Vijay <vv770d@att.com>
|
|
Change-Id: I08e3900282570d7ad7a8203fba4f5580573921f7
Issue-Id: DCAEGEN2-128
Signed-off-by: Alex Shatov <alexs@att.com>
|
|
Issue-Id: DCAEGEN2-127
Change-Id: I6d54c3dbb638994587db0ae4d57e8f54f4f6d813
Signed-off-by: Lusheng Ji <lji@research.att.com>
|
|
Issue-Id: DCAEGEN2-128
Change-Id: I0f7de519b6c327b421f4d47f8cf6ee6d819c618a
Signed-off-by: Lusheng Ji <lji@research.att.com>
|