diff options
Diffstat (limited to 'kubernetes/policy/charts/drools/resources')
9 files changed, 501 insertions, 0 deletions
diff --git a/kubernetes/policy/charts/drools/resources/config/drools/settings.xml b/kubernetes/policy/charts/drools/resources/config/drools/settings.xml new file mode 100755 index 0000000000..8b110bddd3 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/drools/settings.xml @@ -0,0 +1,95 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + +<!-- + <proxies> + <proxy> + <id>http-proxy</id> + <active>true</active> + <protocol>http</protocol> + <host>fastweb.int.bell.ca</host> + <port>80</port> + <nonProxyHosts>localhost|127.0.0.1|*.svc.cluster.local|nexus</nonProxyHosts> + </proxy> + <proxy> + <id>https-proxy</id> + <active>true</active> + <protocol>https</protocol> + <host>fastweb.int.bell.ca</host> + <port>80</port> + <nonProxyHosts>localhost|127.0.0.1|*.svc.cluster.local|nexus</nonProxyHosts> + </proxy> + </proxies> +--> + <profiles> + <profile> + <id>policy-profile</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + + <repositories> + <repository> + <id>policy-nexus-snapshots</id> + <url>http://{{.Release.Name}}-{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/</url> + <releases> + <enabled>false</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + + <repository> + <id>policy-nexus-releases</id> + <url>http://{{.Release.Name}}-{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + </profiles> + + <activeProfiles> + <activeProfile>policy-profile</activeProfile> + </activeProfiles> + + <servers> + <server> + <id>policy-nexus-snapshots</id> + <username>admin</username> + <password>admin123</password> + </server> + <server> + <id>policy-nexus-releases</id> + <username>admin</username> + <password>admin123</password> + </server> + </servers> + +</settings> diff --git a/kubernetes/policy/charts/drools/resources/config/log/drools/logback.xml b/kubernetes/policy/charts/drools/resources/config/log/drools/logback.xml new file mode 100644 index 0000000000..4b058f1e4b --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/log/drools/logback.xml @@ -0,0 +1,103 @@ +<!-- +# Copyright © 2017 Amdocs, Bell Canada,AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +--> + +<configuration scan="true" scanPeriod="30 seconds" debug="false"> + + <property name="logDir" value="/var/log/onap" /> + + <property name="errorLog" value="error" /> + <property name="debugLog" value="debug" /> + <property name="networkLog" value="network" /> + + <property name="debugPattern" value="[%date|%level|%logger{0}|%thread] %msg%n" /> + <property name="errorPattern" value="${debugPattern}" /> + <property name="networkPattern" value="[%d|%t]%m%n" /> + + <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${errorLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDir}/${errorLog}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>5</maxIndex> + </rollingPolicy> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + <triggeringPolicy + class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>15MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${errorPattern}</pattern> + </encoder> + </appender> + + <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="ErrorOut" /> + </appender> + + <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${debugLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDir}/${debugLog}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>20MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${debugPattern}</pattern> + </encoder> + </appender> + + <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="DebugOut" /> + </appender> + + <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <file>${logDir}/${networkLog}.log</file> + <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy"> + <fileNamePattern>${logDir}/${networkLog}.%i.log.zip</fileNamePattern> + <minIndex>1</minIndex> + <maxIndex>9</maxIndex> + </rollingPolicy> + <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy"> + <maxFileSize>15MB</maxFileSize> + </triggeringPolicy> + <encoder> + <pattern>${networkPattern}</pattern> + </encoder> + </appender> + + <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="NetworkOut" /> + </appender> + + <logger name="network" level="INFO" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + </logger> + + <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false"> + <appender-ref ref="AsyncNetworkOut" /> + </logger> + + <root level="INFO"> + <appender-ref ref="AsyncDebugOut" /> + <appender-ref ref="AsyncErrorOut" /> + </root> + +</configuration> diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf new file mode 100644 index 0000000000..127a483da5 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/base.conf @@ -0,0 +1,94 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# SYSTEM software configuration + +POLICY_HOME=/opt/app/policy +POLICY_LOGS=/var/log/ONAP/policy +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +KEYSTORE_PASSWD=PolicyR0ck$ + +# Telemetry credentials + +ENGINE_MANAGEMENT_PORT=9696 +ENGINE_MANAGEMENT_HOST=0.0.0.0 +ENGINE_MANAGEMENT_USER=@1b3rt +ENGINE_MANAGEMENT_PASSWORD=31nst31n + +# nexus repository + +snapshotRepositoryID=policy-nexus-snapshots +snapshotRepositoryUrl=http://{{.Release.Name}}-{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/snapshots/ +releaseRepositoryID=policy-nexus-releases +releaseRepositoryUrl=http://{{.Release.Name}}-{{.Values.global.nexus.nameOverride}}:{{.Values.config.nexusPort}}/nexus/content/repositories/releases/ +repositoryUsername=admin +repositoryPassword=admin123 + +# Relational (SQL) DB access + +SQL_HOST={{.Release.Name}}-{{.Values.global.mariadb.nameOverride}} +SQL_USER=policy_user +SQL_PASSWORD=policy_user + +# PDP-D DMaaP configuration channel + +PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION +PDPD_CONFIGURATION_SERVERS=dmaap +PDPD_CONFIGURATION_API_KEY= +PDPD_CONFIGURATION_API_SECRET= +PDPD_CONFIGURATION_CONSUMER_GROUP= +PDPD_CONFIGURATION_CONSUMER_INSTANCE= +PDPD_CONFIGURATION_PARTITION_KEY= + +# PAP + +PAP_HOST={{.Release.Name}}-{{.Values.global.pap.nameOverride}} +PAP_USERNAME=testpap +PAP_PASSWORD=alpha123 + +# PDP-X + +PDP_HOST={{.Release.Name}}-{{.Values.global.pdp.nameOverride}} +PDP_USERNAME=testpdp +PDP_PASSWORD=alpha123 +PDP_CLIENT_USERNAME=python +PDP_CLIENT_PASSWORD=test +PDP_ENVIRONMENT=TEST + +# DCAE DMaaP + +DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT +DCAE_SERVERS=dmaap + +# Open DMaaP + +DMAAP_SERVERS=dmaap + +# AAI + +AAI_URL=https://aai.api.simpledemo.openecomp.org:8443 +AAI_USERNAME=POLICY +AAI_PASSWORD=POLICY + +# MSO + +SO_URL=http://mso:8080/ecomp/mso/infra +SO_USERNAME=InfraPortalClient +SO_PASSWORD=password1$ + +# VFC + +VFC_URL= +VFC_USERNAME= +VFC_PASSWORD= diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/drools-tweaks.sh b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/drools-tweaks.sh new file mode 100644 index 0000000000..62822ac824 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/drools-tweaks.sh @@ -0,0 +1,17 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#! /bin/bash + +${POLICY_HOME}/bin/features enable healthcheck diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf new file mode 100644 index 0000000000..cbb45a5828 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/feature-healthcheck.conf @@ -0,0 +1,16 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +HEALTHCHECK_USER=healthcheck +HEALTHCHECK_PASSWORD=zb!XztG34 diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore Binary files differnew file mode 100644 index 0000000000..ab25c3a341 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/keys/policy-keystore diff --git a/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf new file mode 100644 index 0000000000..c2ccefe4e3 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/config/opt/policy/config/drools/policy-management.conf @@ -0,0 +1,19 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +CONTROLLER_ARTIFACT_ID=policy-management +CONTROLLER_NAME=policy-management-controller +CONTROLLER_PORT=9696 +RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT +UEB_TOPIC=policyengine-develop diff --git a/kubernetes/policy/charts/drools/resources/scripts/do-start.sh b/kubernetes/policy/charts/drools/resources/scripts/do-start.sh new file mode 100644 index 0000000000..1c40e11b16 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/scripts/do-start.sh @@ -0,0 +1,50 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +# skip installation if build.info file is present (restarting an existing container) +if [[ -f /opt/app/policy/etc/build.info ]]; then + echo "Found existing installation, will not reinstall" + . /opt/app/policy/etc/profile.d/env.sh +else + # replace conf files from installer with environment-specific files + # mounted from the hosting VM + if [[ -d config ]]; then + cp config/*.conf . + fi + + ./docker-install.sh + + . /opt/app/policy/etc/profile.d/env.sh + + # install policy keystore + mkdir -p $POLICY_HOME/etc/ssl + cp config/policy-keystore $POLICY_HOME/etc/ssl + + if [[ -x config/drools-tweaks.sh ]] ; then + echo "Executing tweaks" + # file may not be executable; running it as an + # argument to bash avoids needing execute perms. + bash config/drools-tweaks.sh + fi + + # sql provisioning scripts should be invoked here. +fi + +echo "Starting processes" + +policy start + +sleep 1000d diff --git a/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh new file mode 100644 index 0000000000..a6c054dbc1 --- /dev/null +++ b/kubernetes/policy/charts/drools/resources/scripts/update-vfw-op-policy.sh @@ -0,0 +1,107 @@ +# Copyright © 2017 Amdocs, Bell Canada, AT&T +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#!/bin/bash + +if [ "$#" -ne 4 ]; then + echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>" + exit 1 +fi + +K8S_HOST=$1 +POLICY_PDP_PORT=$2 +POLICY_DROOLS_PORT=$3 +RESOURCE_ID=$4 + +echo +echo +echo "Removing the vFW Policy from PDP.." +echo +echo + +curl -v -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyComponent" : "PDP", + "policyName": "com.BRMSParamvFirewall", + "policyType": "BRMS_Param" +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy + +sleep 20 + +echo + +echo +echo "Updating vFW Operational Policy .." +echo + +curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvFirewall", + "policyDescription": "BRMS Param vFirewall policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller": "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy + +sleep 5 + +echo +echo +echo "Pushing the vFW Policy .." +echo +echo + +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamvFirewall", + "policyType": "BRMS_Param" +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy + +sleep 20 + +echo +echo +echo "Restarting PDP-D .." +echo +echo + +POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools) +kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" + +sleep 20 + +echo +echo +echo "PDP-D amsterdam maven coordinates .." +echo +echo + +curl -vvv --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool + + +echo +echo +echo "PDP-D control loop updated .." +echo +echo + +curl -v --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool |