diff options
Diffstat (limited to 'kubernetes/policy')
37 files changed, 1904 insertions, 80 deletions
diff --git a/kubernetes/policy/resources/config/drools/settings.xml b/kubernetes/policy/resources/config/drools/settings.xml new file mode 100755 index 0000000000..2a9e2a0b24 --- /dev/null +++ b/kubernetes/policy/resources/config/drools/settings.xml @@ -0,0 +1,99 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ============LICENSE_START======================================================= + Base Package + ================================================================================ + Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + ================================================================================ + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + ============LICENSE_END========================================================= + --> + +<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 http://maven.apache.org/xsd/settings-1.0.0.xsd"> + +<!-- + <proxies> + <proxy> + <id>http-proxy</id> + <active>true</active> + <protocol>http</protocol> + <host>fastweb.int.bell.ca</host> + <port>80</port> + <nonProxyHosts>localhost|127.0.0.1|*.svc.cluster.local|nexus</nonProxyHosts> + </proxy> + <proxy> + <id>https-proxy</id> + <active>true</active> + <protocol>https</protocol> + <host>fastweb.int.bell.ca</host> + <port>80</port> + <nonProxyHosts>localhost|127.0.0.1|*.svc.cluster.local|nexus</nonProxyHosts> + </proxy> + </proxies> +--> + <profiles> + <profile> + <id>policy-profile</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + + <repositories> + <repository> + <id>policy-nexus-snapshots</id> + <url>http://nexus:8081/nexus/content/repositories/snapshots/</url> + <releases> + <enabled>false</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + + <repository> + <id>policy-nexus-releases</id> + <url>http://nexus:8081/nexus/content/repositories/releases/</url> + <releases> + <enabled>true</enabled> + <updatePolicy>always</updatePolicy> + </releases> + <snapshots> + <enabled>false</enabled> + <updatePolicy>always</updatePolicy> + </snapshots> + </repository> + </repositories> + + </profile> + </profiles> + + <activeProfiles> + <activeProfile>policy-profile</activeProfile> + </activeProfiles> + + <servers> + <server> + <id>policy-nexus-snapshots</id> + <username>admin</username> + <password>admin123</password> + </server> + <server> + <id>policy-nexus-releases</id> + <username>admin</username> + <password>admin123</password> + </server> + </servers> + +</settings> diff --git a/kubernetes/policy/resources/config/log/drools/logback.xml b/kubernetes/policy/resources/config/log/drools/logback.xml new file mode 100644 index 0000000000..daecf97850 --- /dev/null +++ b/kubernetes/policy/resources/config/log/drools/logback.xml @@ -0,0 +1,107 @@ +<!--
+ ============LICENSE_START=======================================================
+ policy-management
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+
+<configuration scan="true" scanPeriod="30 seconds" debug="false">
+
+ <property name="logDir" value="/var/log/onap" />
+
+ <property name="errorLog" value="error" />
+ <property name="debugLog" value="debug" />
+ <property name="networkLog" value="network" />
+
+ <property name="debugPattern" value="[%date|%level|%logger{0}|%thread] %msg%n" />
+ <property name="errorPattern" value="${debugPattern}" />
+ <property name="networkPattern" value="[%d|%t]%m%n" />
+
+ <appender name="ErrorOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDir}/${errorLog}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDir}/${errorLog}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>5</maxIndex>
+ </rollingPolicy>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+ <triggeringPolicy
+ class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>15MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${errorPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncErrorOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="ErrorOut" />
+ </appender>
+
+ <appender name="DebugOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDir}/${debugLog}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDir}/${debugLog}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>20MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${debugPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncDebugOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="DebugOut" />
+ </appender>
+
+ <appender name="NetworkOut" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDir}/${networkLog}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <fileNamePattern>${logDir}/${networkLog}.%i.log.zip</fileNamePattern>
+ <minIndex>1</minIndex>
+ <maxIndex>9</maxIndex>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <maxFileSize>15MB</maxFileSize>
+ </triggeringPolicy>
+ <encoder>
+ <pattern>${networkPattern}</pattern>
+ </encoder>
+ </appender>
+
+ <appender name="AsyncNetworkOut" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="NetworkOut" />
+ </appender>
+
+ <logger name="network" level="INFO" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ </logger>
+
+ <logger name="org.eclipse.jetty.server.RequestLog" level="info" additivity="false">
+ <appender-ref ref="AsyncNetworkOut" />
+ </logger>
+
+ <root level="INFO">
+ <appender-ref ref="AsyncDebugOut" />
+ <appender-ref ref="AsyncErrorOut" />
+ </root>
+
+</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml new file mode 100644 index 0000000000..d0871bdb4a --- /dev/null +++ b/kubernetes/policy/resources/config/log/ep_sdk_app/logback.xml @@ -0,0 +1,190 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ================================================================================
+ eCOMP Portal SDK
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ================================================================================
+ -->
+<configuration debug="true" scan="true" scanPeriod="3 seconds">
+ <!--
+ Logback files for the ECOMP SDK Application "ecomp_app"
+ are created in directory ${catalina.base}/logs/ecomp_app;
+ e.g., apache-tomcat-8.0.35/logs/ecomp_app/application.log
+ -->
+ <!--<jmxConfigurator /> -->
+ <!-- specify the base path of the log directory -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- specify the component name -->
+ <property name="componentName" value="policy" />
+ <!-- specify the sub component name -->
+ <property name="subComponentName" value="ep_sdk_app" />
+ <!-- The directories where logs are written -->
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <!-- log file names -->
+ <property name="generalLogName" value="application" />
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="queueSize" value="256" />
+ <property name="maxFileSize" value="50MB" />
+ <property name="maxHistory" value="30" />
+ <property name="totalSizeCap" value="10GB" />
+ <!--
+ These loggers are not used in code (yet).
+ <property name="securityLogName" value="security" />
+ <property name="policyLogName" value="policy" />
+ <property name="performanceLogName" value="performance" />
+ <property name="serverLogName" value="server" />
+ -->
+ <!-- Example evaluator filter applied against console appender -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELF">
+ <file>${logDirectory}/${generalLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${generalLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ <filter class="org.openecomp.portalapp.util.CustomLoggingFilter" />
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELF">
+ <queueSize>${queueSize}</queueSize>
+ <!-- Class name is part of caller data -->
+ <includeCallerData>true</includeCallerData>
+ <appender-ref ref="EELF" />
+ </appender>
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFError" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <!-- daily rollover -->
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger additivity="false" level="info" name="com.att.eelf.audit">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.metrics">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.error">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <logger additivity="false" level="debug" name="com.att.eelf.debug">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/log/filebeat/filebeat.yml b/kubernetes/policy/resources/config/log/filebeat/filebeat.yml new file mode 100644 index 0000000000..f316b866af --- /dev/null +++ b/kubernetes/policy/resources/config/log/filebeat/filebeat.yml @@ -0,0 +1,41 @@ +filebeat.prospectors: +#it is mandatory, in our case it's log +- input_type: log + #This is the canolical path as mentioned in logback.xml, *.* means it will monitor all files in the directory. + paths: + - /var/log/onap/*/*/*/*.log + - /var/log/onap/*/*/*.log + - /var/log/onap/*/*.log + #Files older than this should be ignored.In our case it will be 48 hours i.e. 2 days. It is a helping flag for clean_inactive + ignore_older: 48h + # Remove the registry entry for a file that is more than the specified time. In our case it will be 96 hours, i.e. 4 days. It will help to keep registry records with in limit + clean_inactive: 96h + + +# Name of the registry file. If a relative path is used, it is considered relative to the +# data path. Else full qualified file name. +#filebeat.registry_file: ${path.data}/registry + + +output.logstash: + #List of logstash server ip addresses with port number. + #But, in our case, this will be the loadbalancer IP address. + #For the below property to work the loadbalancer or logstash should expose 5044 port to listen the filebeat events or port in the property should be changed appropriately. + hosts: ["logstash.onap-log:5044"] + #If enable will do load balancing among availabe Logstash, automatically. + loadbalance: true + + #The list of root certificates for server verifications. + #If certificate_authorities is empty or not set, the trusted + #certificate authorities of the host system are used. + #ssl.certificate_authorities: $ssl.certificate_authorities + + #The path to the certificate for SSL client authentication. If the certificate is not specified, + #client authentication is not available. + #ssl.certificate: $ssl.certificate + + #The client certificate key used for client authentication. + #ssl.key: $ssl.key + + #The passphrase used to decrypt an encrypted key stored in the configured key file + #ssl.key_passphrase: $ssl.key_passphrase diff --git a/kubernetes/policy/resources/config/log/pypdpserver/logback.xml b/kubernetes/policy/resources/config/log/pypdpserver/logback.xml new file mode 100644 index 0000000000..c4b596b6d5 --- /dev/null +++ b/kubernetes/policy/resources/config/log/pypdpserver/logback.xml @@ -0,0 +1,154 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP Policy Engine
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+<configuration debug="true" scan="true" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- specify the base path of the log directory -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- specify the component name -->
+ <property name="componentName" value="policy" />
+ <!-- specify the sub component name -->
+ <property name="subComponentName" value="pypdpserver" />
+ <!-- The directories where logs are written -->
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="queueSize" value="256" />
+ <property name="maxFileSize" value="50MB" />
+ <property name="maxHistory" value="30" />
+ <property name="totalSizeCap" value="10GB" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFError" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger additivity="false" level="info" name="com.att.eelf.audit">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.metrics">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.error">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <logger additivity="false" level="debug" name="com.att.eelf.debug">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ <appender-ref ref="asyncEELFError" />
+ </root>
+</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml new file mode 100644 index 0000000000..77068bb9aa --- /dev/null +++ b/kubernetes/policy/resources/config/log/xacml-pap-rest/logback.xml @@ -0,0 +1,153 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP-PAP-REST
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+<configuration debug="true" scan="true" scanPeriod="3 seconds">
+ <!--<jmxConfigurator /> -->
+ <!-- specify the base path of the log directory -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- specify the component name -->
+ <property name="componentName" value="policy" />
+ <!-- specify the sub component name -->
+ <property name="subComponentName" value="xacml-pap-rest" />
+ <!-- The directories where logs are written -->
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="queueSize" value="256" />
+ <property name="maxFileSize" value="50MB" />
+ <property name="maxHistory" value="30" />
+ <property name="totalSizeCap" value="10GB" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender class="ch.qos.logback.core.ConsoleAppender" name="STDOUT">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFAudit">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFAudit">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFMetrics">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFMetrics">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFError">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFError">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFError" />
+ </appender>
+ <appender class="ch.qos.logback.core.rolling.RollingFileAppender" name="EELFDebug">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender class="ch.qos.logback.classic.AsyncAppender" name="asyncEELFDebug">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger additivity="false" level="info" name="com.att.eelf.audit">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.metrics">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger additivity="false" level="info" name="com.att.eelf.error">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <logger additivity="false" level="debug" name="com.att.eelf.debug">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/log/xacml-pdp-rest/logback.xml b/kubernetes/policy/resources/config/log/xacml-pdp-rest/logback.xml new file mode 100644 index 0000000000..c9c05d922d --- /dev/null +++ b/kubernetes/policy/resources/config/log/xacml-pdp-rest/logback.xml @@ -0,0 +1,153 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ============LICENSE_START=======================================================
+ ECOMP-PDP-REST
+ ================================================================================
+ Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ ================================================================================
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ ============LICENSE_END=========================================================
+ -->
+<configuration scan="true" scanPeriod="3 seconds" debug="true">
+ <!--<jmxConfigurator /> -->
+ <!-- specify the base path of the log directory -->
+ <property name="logDir" value="/var/log/onap" />
+ <!-- specify the component name -->
+ <property name="componentName" value="policy" />
+ <!-- specify the sub component name -->
+ <property name="subComponentName" value="xacml-pdp-rest" />
+ <!-- The directories where logs are written -->
+ <property name="logDirectory" value="${logDir}/${componentName}/${subComponentName}" />
+ <property name="pattern" value="%d{&quot;yyyy-MM-dd'T'HH:mm:ss.SSSXXX&quot;, UTC}\t[%thread]\t%-5level\t%logger{36}\t%replace(%replace(%replace(%mdc){'\t','\\\\t'}){', ','\t'}){'\n', '\\\\n'}\t%replace(%replace(%msg){'\n', '\\\\n'}){'\t','\\\\t'}%n" />
+ <!-- log file names -->
+ <property name="errorLogName" value="error" />
+ <property name="metricsLogName" value="metrics" />
+ <property name="auditLogName" value="audit" />
+ <property name="debugLogName" value="debug" />
+ <property name="queueSize" value="256" />
+ <property name="maxFileSize" value="50MB" />
+ <property name="maxHistory" value="30" />
+ <property name="totalSizeCap" value="10GB" />
+ <!-- Example evaluator filter applied against console appender -->
+ <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF Appenders -->
+ <!-- ============================================================================ -->
+ <!-- The EELFAppender is used to record events to the general application
+ log -->
+ <!-- EELF Audit Appender. This appender is used to record audit engine
+ related logging events. The audit logger and appender are specializations
+ of the EELF application root logger and appender. This can be used to segregate
+ Policy engine events from other components, or it can be eliminated to record
+ these events as part of the application root log. -->
+ <appender name="EELFAudit" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${auditLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${auditLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFAudit" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFAudit" />
+ </appender>
+ <appender name="EELFMetrics" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${metricsLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${metricsLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <!-- <pattern>"%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} -
+ %msg%n"</pattern> -->
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFMetrics" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFMetrics" />
+ </appender>
+ <appender name="EELFError" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${errorLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${errorLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>INFO</level>
+ </filter>
+ </appender>
+ <appender name="asyncEELFError" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFError" />
+ </appender>
+ <appender name="EELFDebug" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <file>${logDirectory}/${debugLogName}.log</file>
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${logDirectory}/${debugLogName}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
+ <timeBasedFileNamingAndTriggeringPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+ <maxFileSize>${maxFileSize}</maxFileSize>
+ </timeBasedFileNamingAndTriggeringPolicy>
+ <maxHistory>${maxHistory}</maxHistory>
+ <totalSizeCap>${totalSizeCap}</totalSizeCap>
+ </rollingPolicy>
+ <encoder>
+ <pattern>${pattern}</pattern>
+ </encoder>
+ </appender>
+ <appender name="asyncEELFDebug" class="ch.qos.logback.classic.AsyncAppender">
+ <queueSize>${queueSize}</queueSize>
+ <appender-ref ref="EELFDebug" />
+ <includeCallerData>true</includeCallerData>
+ </appender>
+ <!-- ============================================================================ -->
+ <!-- EELF loggers -->
+ <!-- ============================================================================ -->
+ <logger name="com.att.eelf.audit" level="info" additivity="false">
+ <appender-ref ref="asyncEELFAudit" />
+ </logger>
+ <logger name="com.att.eelf.metrics" level="info" additivity="false">
+ <appender-ref ref="asyncEELFMetrics" />
+ </logger>
+ <logger name="com.att.eelf.error" level="info" additivity="false">
+ <appender-ref ref="asyncEELFError" />
+ </logger>
+ <logger name="com.att.eelf.debug" level="debug" additivity="false">
+ <appender-ref ref="asyncEELFDebug" />
+ </logger>
+ <root level="INFO">
+ <appender-ref ref="asyncEELFDebug" />
+ </root>
+</configuration>
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/opt/policy/config/drools/base.conf b/kubernetes/policy/resources/config/opt/policy/config/drools/base.conf new file mode 100755 index 0000000000..4f904444f7 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/drools/base.conf @@ -0,0 +1,100 @@ +### +# ============LICENSE_START======================================================= +# ONAP POLICY +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + + +# SYSTEM software configuration + +POLICY_HOME=/opt/app/policy +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +KEYSTORE_PASSWD=PolicyR0ck$ + +# Telemetry credentials + +ENGINE_MANAGEMENT_PORT=9696 +ENGINE_MANAGEMENT_HOST=0.0.0.0 +ENGINE_MANAGEMENT_USER=@1b3rt +ENGINE_MANAGEMENT_PASSWORD=31nst31n + +# nexus repository + +snapshotRepositoryID=policy-nexus-snapshots +snapshotRepositoryUrl=http://nexus:8081/nexus/content/repositories/snapshots/ +releaseRepositoryID=policy-nexus-releases +releaseRepositoryUrl=http://nexus:8081/nexus/content/repositories/releases/ +repositoryUsername=admin +repositoryPassword=admin123 + +# Relational (SQL) DB access + +SQL_HOST=mariadb.onap-policy +SQL_USER=policy_user +SQL_PASSWORD=policy_user + +# PDP-D DMaaP configuration channel + +PDPD_CONFIGURATION_TOPIC=PDPD-CONFIGURATION +PDPD_CONFIGURATION_SERVERS=dmaap.onap-message-router +PDPD_CONFIGURATION_API_KEY= +PDPD_CONFIGURATION_API_SECRET= +PDPD_CONFIGURATION_CONSUMER_GROUP= +PDPD_CONFIGURATION_CONSUMER_INSTANCE= +PDPD_CONFIGURATION_PARTITION_KEY= + +# PAP + +PAP_HOST=pap.onap-policy +PAP_USERNAME=testpap +PAP_PASSWORD=alpha123 + +# PDP-X + +PDP_HOST=pdp.onap-policy +PDP_USERNAME=testpdp +PDP_PASSWORD=alpha123 +PDP_CLIENT_USERNAME=python +PDP_CLIENT_PASSWORD=test +PDP_ENVIRONMENT=TEST + +# DCAE DMaaP + +DCAE_TOPIC=unauthenticated.DCAE_CL_OUTPUT +DCAE_SERVERS=dmaap.onap-message-router + +# Open DMaaP + +DMAAP_SERVERS=dmaap.onap-message-router + +# AAI + +AAI_URL=https://aai.api.simpledemo.openecomp.org:8443 +AAI_USERNAME=POLICY +AAI_PASSWORD=POLICY + +# MSO + +SO_URL=http://mso.onap-mso:8080/ecomp/mso/infra +SO_USERNAME=InfraPortalClient +SO_PASSWORD=password1$ + +# VFC + +VFC_URL= +VFC_USERNAME= +VFC_PASSWORD=
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/opt/policy/config/drools/drools-tweaks.sh b/kubernetes/policy/resources/config/opt/policy/config/drools/drools-tweaks.sh new file mode 100755 index 0000000000..8bff59c2e7 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/drools/drools-tweaks.sh @@ -0,0 +1,23 @@ +#! /bin/bash + +### +# ============LICENSE_START======================================================= +# ONAP +# ================================================================================ +# Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END========================================================= +### + +${POLICY_HOME}/bin/features enable healthcheck diff --git a/kubernetes/policy/resources/config/opt/policy/config/drools/feature-healthcheck.conf b/kubernetes/policy/resources/config/opt/policy/config/drools/feature-healthcheck.conf new file mode 100644 index 0000000000..31baed21e3 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/drools/feature-healthcheck.conf @@ -0,0 +1,2 @@ +HEALTHCHECK_USER=healthcheck +HEALTHCHECK_PASSWORD=zb!XztG34 diff --git a/kubernetes/policy/resources/config/opt/policy/config/drools/policy-keystore b/kubernetes/policy/resources/config/opt/policy/config/drools/policy-keystore Binary files differnew file mode 100644 index 0000000000..ab25c3a341 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/drools/policy-keystore diff --git a/kubernetes/policy/resources/config/opt/policy/config/drools/policy-management.conf b/kubernetes/policy/resources/config/opt/policy/config/drools/policy-management.conf new file mode 100755 index 0000000000..843b832ea7 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/drools/policy-management.conf @@ -0,0 +1,5 @@ +CONTROLLER_ARTIFACT_ID=policy-management +CONTROLLER_NAME=policy-management-controller +CONTROLLER_PORT=9696 +RULES_ARTIFACT=not-used:not-used:1.0.0-SNAPSHOT +UEB_TOPIC=policyengine-develop diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/base.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/base.conf new file mode 100755 index 0000000000..9c87d9ca72 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/base.conf @@ -0,0 +1,24 @@ +JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 +POLICY_HOME=/opt/app/policy +KEYSTORE_PASSWD=PolicyR0ck$ + +JDBC_DRIVER=org.mariadb.jdbc.Driver +JDBC_URL=jdbc:mariadb://mariadb.onap-policy:3306/onap_sdk?failOverReadOnly=false&autoReconnect=true +JDBC_LOG_URL=jdbc:mariadb://mariadb.onap-policy:3306/log?failOverReadOnly=false&autoReconnect=true +JDBC_USER=policy_user +JDBC_PASSWORD=policy_user + +site_name=site_1 +fp_monitor_interval=30 +failed_counter_threshold=3 +test_trans_interval=20 +write_fpc_interval=5 +max_fpc_update_interval=60 +test_via_jmx=false +jmx_fqdn= + +ENVIRONMENT=TEST + +#Micro Service Model Properties +policy_msOnapName= +policy_msPolicyName=
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw-tweaks.sh b/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw-tweaks.sh new file mode 100755 index 0000000000..daa3596e6e --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw-tweaks.sh @@ -0,0 +1,38 @@ +#! /bin/bash + +PROPS_BUILD="${POLICY_HOME}/etc/build.info" + +PROPS_RUNTIME="${POLICY_HOME}/servers/brmsgw/config.properties" +PROPS_INSTALL="${POLICY_HOME}/install/servers/brmsgw/config.properties" + + +if [ ! -f "${PROPS_BUILD}" ]; then + echo "error: version information does not exist: ${PROPS_BUILD}" + exit 1 +fi + +source "${POLICY_HOME}/etc/build.info" + +if [ -z "${version}" ]; then + echo "error: no version information present" + exit 1 +fi + +for CONFIG in ${PROPS_RUNTIME} ${PROPS_INSTALL}; do + if [ ! -f "${CONFIG}" ]; then + echo "warning: configuration does not exist: ${CONFIG}" + else + sed -i -e "s/brms.dependency.version=.*/brms.dependency.version=${version}/g" "${CONFIG}" + fi +done + +DEPS_JSON_RUNTIME="${POLICY_HOME}/servers/brmsgw/dependency.json" +DEPS_JSON_INSTALL="${POLICY_HOME}/install/servers/brmsgw/dependency.json" + +for DEP in ${DEPS_JSON_RUNTIME} ${DEPS_JSON_INSTALL}; do + if [ ! -f "${DEP}" ]; then + echo "warning: configuration does not exist: ${DEP}" + else + sed -i -e "s/\"version\":.*-SNAPSHOT\"/\"version\": \"${version}\"/g" "${DEP}" + fi +done diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw.conf new file mode 100755 index 0000000000..ff4d2e487d --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/brmsgw.conf @@ -0,0 +1,53 @@ +# BRMSpep component installation configuration parameters +BRMSGW_JMX_PORT=9989 + +COMPONENT_X_MX_MB=1024 +COMPONENT_X_MS_MB=1024 + +REST_PAP_URL=http://pap.onap-policy:9091/pap/ +REST_PDP_ID=http://pdp.onap-policy:8081/pdp/ + +PDP_HTTP_USER_ID=testpdp +PDP_HTTP_PASSWORD=alpha123 +PDP_PAP_PDP_HTTP_USER_ID=testpap +PDP_PAP_PDP_HTTP_PASSWORD=alpha123 + +M2_HOME=/usr/share/maven +snapshotRepositoryID=policy-nexus-snapshots +snapshotRepositoryName=Snapshots +snapshotRepositoryURL=http://nexus.onap-policy:8081/nexus/content/repositories/snapshots +releaseRepositoryID=policy-nexus-releases +releaseRepositoryName=Releases +releaseRepositoryURL=http://nexus.onap-policy:8081/nexus/content/repositories/releases +repositoryUsername=admin +repositoryPassword=admin123 +UEB_URL=dmaap.onap-message-router +UEB_TOPIC=PDPD-CONFIGURATION +UEB_API_KEY= +UEB_API_SECRET= + +groupID=org.onap.policy-engine +artifactID=drlPDPGroup +AMSTERDAM_GROUP_ID=org.onap.policy-engine.drools.amsterdam +AMSTERDAM_ARTIFACT_ID=policy-amsterdam-rules + +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=brmsgw_1 +node_type=brms_gateway + +#Environment should be Set either DEV, TEST or PROD +ENVIRONMENT=TEST + +#Notification Properties... type can be either websocket, ueb, or dmaap +BRMS_NOTIFICATION_TYPE=websocket +BRMS_UEB_URL=dmaap.onap-message-router +BRMS_UEB_TOPIC=PDPD-CONFIGURATION +BRMS_UEB_DELAY= +BRMS_CLIENT_ID=python +BRMS_CLIENT_KEY=dGVzdA== +BRMS_UEB_API_KEY= +BRMS_UEB_API_SECRET= + +#Dependency.json file version +BRMS_DEPENDENCY_VERSION=1.2.0 + diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/console.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/console.conf new file mode 100755 index 0000000000..938543cb7e --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/console.conf @@ -0,0 +1,132 @@ +# configs component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9993 +TOMCAT_SHUTDOWN_PORT=8090 +SSL_HTTP_CONNECTOR_PORT=8443 +SSL_HTTP_CONNECTOR_REDIRECT_PORT=8443 +SSL_AJP_CONNECTOR_PORT=8383 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=2048 +TOMCAT_X_MX_MB=2048 + +# ------------------ console properties --------------------------- + +# +# Authorization Policy + +ROOT_POLICIES=admin +ADMIN_FILE=Policy-Admin.xml + + +# Set your domain here: + +REST_ADMIN_DOMAIN=com + +# +# Location where the GIT repository is located +# +REST_ADMIN_REPOSITORY=repository + +# +# Location where all the user workspaces are located. +# +REST_ADMIN_WORKSPACE=${{POLICY_HOME}}/servers/console/bin/workspace + +# +# These can be set so the Admin Console knows who is logged on. Ideally, you can run the console in a J2EE +# container and setup authentication as you please. Setting HttpSession attribute values will override these +# values set in the properties files. +# +# ((HttpServletRequest) request).getSession().setAttribute("xacml.rest.admin.user.name", "Homer"); +# +# The default policy: Policy-Admin.xml is extremely simple. +# +# You can test authorization within the Admin Console by changing the user id. +# There are 3 supported user ids: +# guest - Read only access +# editor - Read/Write access +# admin - Read/Write/Admin access +# +# An empty or null value for xacml.rest.admin.user.id results in no access to the application at all. +# +# This is for development/demonstration purposes only. A production environment should provide authentication which is +# outside the scope of this application. This application can be used to develop a XACML policy for user authorization +# within this application. +# + +REST_ADMIN_USER_NAME=Administrator +REST_ADMIN_USER_ID=super-admin + +# +# +# Property to declare the max time frame for logs. +# +LOG_TIMEFRAME=30 + +# Property to declare the number of visible rows for users in MicroService Policy +COLUMN_COUNT=3 + +# Dashboard refresh rate in miliseconds +REFRESH_RATE=40000 + +# +# URL location for the PAP servlet. +# + + +REST_PAP_URL=http://pap.onap-policy:9091/pap/ + +# +# Config/Action Properties location. +# + +REST_CONFIG_HOME=${{POLICY_HOME}}/servers/pap/webapps/Config/ +REST_ACTION_HOME=${{POLICY_HOME}}/servers/pap/webapps/Action/ +REST_CONFIG_URL=http://pap.onap-policy:9091/ +REST_CONFIG_WEBAPPS=${{POLICY_HOME}}/servers/pap/webapps/ + +# PAP account information +CONSOLE_PAP_HTTP_USER_ID=testpap +CONSOLE_PAP_HTTP_PASSWORD=alpha123 + + +node_type=pap_admin +resource_name=console_1 + +# The (optional) period of time in seconds between executions of the integrity audit. +# Value < 0 : Audit does not run (default value if property is not present = -1) +# Value = 0 : Audit runs continuously +# Value > 0 : The period of time in seconds between execution of the audit on a particular node +integrity_audit_period_seconds=-1 + +#Automatic Policy Distribution +automatic_push=false + +#Diff of policies for Firewall feature +FW_GETURL= +FW_AUTHOURL= +FW_PROXY= +FW_PORT= + +#SMTP Server Details for Java Mail +onap_smtp_host= +onap_smtp_port=25 +onap_smtp_userName= +onap_smtp_password= +onap_smtp_emailExtension= +onap_application_name= + +#-----------------------ONAP-PORTAL-Properties---------------------- + +ONAP_REDIRECT_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/login.htm +ONAP_REST_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/auxapi +ONAP_UEB_URL_LIST= +ONAP_PORTAL_INBOX_NAME= +ONAP_UEB_APP_KEY= +ONAP_UEB_APP_SECRET= +ONAP_UEB_APP_MAILBOX_NAME= +APP_DISPLAY_NAME=ONAP Policy +ONAP_SHARED_CONTEXT_REST_URL=http://portalapps.onap-portal:8989/ONAPPORTAL/context diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/elk.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/elk.conf new file mode 100644 index 0000000000..938954ce63 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/elk.conf @@ -0,0 +1,3 @@ +# elasticsearch + +ELK_JMX_PORT=9995
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/mysql.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/mysql.conf new file mode 100755 index 0000000000..28b9e3ca33 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/mysql.conf @@ -0,0 +1,5 @@ +# mysql scripts component installation configuration parameters + +# Path to mysql bin +MYSQL_BIN=/usr/local/mysql/bin + diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/pap-tweaks.sh b/kubernetes/policy/resources/config/opt/policy/config/pe/pap-tweaks.sh new file mode 100755 index 0000000000..36ac3689b1 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/pap-tweaks.sh @@ -0,0 +1 @@ +#! /bin/bash diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/pap.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/pap.conf new file mode 100755 index 0000000000..53c52aaceb --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/pap.conf @@ -0,0 +1,55 @@ +# pap component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9990 +TOMCAT_SHUTDOWN_PORT=9405 +SSL_HTTP_CONNECTOR_PORT=9091 +SSL_AJP_CONNECTOR_PORT=8380 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=1024 +TOMCAT_X_MX_MB=1024 + +# pap properties + +PAP_PDPS=${{POLICY_HOME}}/servers/pap/bin/pdps +PAP_URL=http://pap.onap-policy:9091/pap/ + +PAP_INITIATE_PDP=true +PAP_HEARTBEAT_INTERVAL=10000 +PAP_HEARTBEAT_TIMEOUT=10000 + +REST_ADMIN_DOMAIN=com +REST_ADMIN_REPOSITORY=repository +REST_ADMIN_WORKSPACE=workspace + +# PDP related properties + +PAP_PDP_URL=http://pdp.onap-policy:8081/pdp/ +PAP_PDP_HTTP_USER_ID=testpdp +PAP_PDP_HTTP_PASSWORD=alpha123 + +PAP_HTTP_USER_ID=testpap +PAP_HTTP_PASSWORD=alpha123 + +#new values added 10-21-2015 +PROP_PAP_TRANS_WAIT=500000 +PROP_PAP_TRANS_TIMEOUT=5000 +PROP_PAP_AUDIT_TIMEOUT=300000 +PROP_PAP_RUN_AUDIT_FLAG=true +PROP_PAP_AUDIT_FLAG=true + +PROP_PAP_INCOMINGNOTIFICATION_TRIES=4 + + +node_type=pap +resource_name=pap_1 +dependency_groups=paplp_1 +test_via_jmx=true + +# The (optional) period of time in seconds between executions of the integrity audit. +# Value < 0 : Audit does not run (default value if property is not present = -1) +# Value = 0 : Audit runs continuously +# Value > 0 : The period of time in seconds between execution of the audit on a particular node +integrity_audit_period_seconds=-1 diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/paplp.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/paplp.conf new file mode 100755 index 0000000000..d25f11be3b --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/paplp.conf @@ -0,0 +1,12 @@ +# JVM specific parameters +LOGPARSER_JMX_PORT=9996 +LOGPARSER_X_MS_MB=1024 +LOGPARSER_X_MX_MB=1024 + +SERVER=http://pap.onap-policy:9091/pap/ +LOGPATH=${{POLICY_HOME}}/servers/pap/logs/pap-rest.log +PARSERLOGPATH=IntegrityMonitor.log + +node_type=logparser +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=paplp_1 diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/pdp-tweaks.sh b/kubernetes/policy/resources/config/opt/policy/config/pe/pdp-tweaks.sh new file mode 100755 index 0000000000..f68253635a --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/pdp-tweaks.sh @@ -0,0 +1,2 @@ +#! /bin/bash + diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/pdp.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/pdp.conf new file mode 100755 index 0000000000..dba8af2e10 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/pdp.conf @@ -0,0 +1,56 @@ +# pdp component installation configuration parameters + +# tomcat specific parameters + +TOMCAT_JMX_PORT=9991 +TOMCAT_SHUTDOWN_PORT=8087 +SSL_HTTP_CONNECTOR_PORT=8081 +SSL_AJP_CONNECTOR_PORT=8381 +SSL_AJP_CONNECTOR_REDIRECT_PORT=8443 + +TOMCAT_X_MS_MB=1024 +TOMCAT_X_MX_MB=1024 + +# pdp properties + +UEB_CLUSTER=dmaap.onap-message-router + +REST_PAP_URL=http://pap.onap-policy:9091/pap/ +REST_PDP_ID=http://pdp.onap-policy:8081/pdp/ +REST_PDP_CONFIG=${{POLICY_HOME}}/servers/pdp/bin/config +REST_PDP_WEBAPPS=${{POLICY_HOME}}/servers/pdp/webapps +REST_PDP_REGISTER=true +REST_PDP_REGISTER_SLEEP=15 +REST_PDP_REGISTER_RETRIES=-1 +REST_PDP_MAXCONTENT=999999999 + +# PDP related properties +PDP_HTTP_USER_ID=testpdp +PDP_HTTP_PASSWORD=alpha123 +PDP_PAP_PDP_HTTP_USER_ID=testpap +PDP_PAP_PDP_HTTP_PASSWORD=alpha123 + +node_type=pdp_xacml +resource_name=pdp_1 +dependency_groups=pdplp_1;brmsgw_1 +test_via_jmx=true + +# +# Notification Properties +# Notification type: websocket, ueb or dmaap... if left blank websocket is the default +PDP_NOTIFICATION_TYPE=websocket +PDP_UEB_CLUSTER= +PDP_UEB_TOPIC= +PDP_UEB_DELAY= +PDP_UEB_API_KEY= +PDP_UEB_API_SECRET= +PDP_DMAAP_AAF_LOGIN= +PDP_DMAAP_AAF_PASSWORD= + +#AAF Policy Name space +#Required only, when we use AAF +POLICY_AAF_NAMESPACE= +POLICY_AAF_RESOURCE= + +# Indeterminate resolution +DECISION_INDETERMINATE_RESPONSE=PERMIT
\ No newline at end of file diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/pdplp.conf b/kubernetes/policy/resources/config/opt/policy/config/pe/pdplp.conf new file mode 100755 index 0000000000..8320caa56b --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/pdplp.conf @@ -0,0 +1,12 @@ +# JVM specific parameters +LOGPARSER_JMX_PORT=9997 +LOGPARSER_X_MS_MB=1024 +LOGPARSER_X_MX_MB=1024 + +SERVER=http://pdp.onap-policy:8081/pdp/ +LOGPATH=${{POLICY_HOME}}/servers/pdp/logs/pdp-rest.log +PARSERLOGPATH=IntegrityMonitor.log + +node_type=logparser +# the java property is RESOURCE_NAME (uppercase), but the conf parameter is lowercase +resource_name=pdplp_1 diff --git a/kubernetes/policy/resources/config/opt/policy/config/pe/push-policies.sh b/kubernetes/policy/resources/config/opt/policy/config/pe/push-policies.sh new file mode 100755 index 0000000000..0461731c16 --- /dev/null +++ b/kubernetes/policy/resources/config/opt/policy/config/pe/push-policies.sh @@ -0,0 +1,250 @@ +#! /bin/bash + +# forked from https://gerrit.onap.org/r/gitweb?p=policy/docker.git;a=blob;f=config/pe/push-policies.sh;h=555ab357e6b4f54237bf07ef5e6777d782564bc0;hb=refs/heads/amsterdam and adapted for OOM + +#########################################Upload BRMS Param Template########################################## + +echo "Upload BRMS Param Template" + +sleep 2 + +wget -O cl-amsterdam-template.drl https://git.onap.org/policy/drools-applications/plain/controlloop/templates/archetype-cl-amsterdam/src/main/resources/archetype-resources/src/main/resources/__closedLoopControlName__.drl + +sleep 2 + +curl -v --silent -X POST --header 'Content-Type: multipart/form-data' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -F "file=@cl-amsterdam-template.drl" -F "importParametersJson={\"serviceName\":\"ClosedLoopControlName\",\"serviceType\":\"BRMSPARAM\"}" 'http://pdp.onap-policy:8081/pdp/api/policyEngineImport' + +echo "PRELOAD_POLICIES is $PRELOAD_POLICIES" + +if [ "$PRELOAD_POLICIES" == "false" ]; then + exit 0 +fi + +#########################################Create BRMS Param policies########################################## + +echo "Create BRMSParam Operational Policies" + +sleep 2 + +echo "Create BRMSParamvFirewall Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvFirewall", + "policyDescription": "BRMS Param vFirewall policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller" : "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+Eace933104d443b496b8.nodes.heat.vpg%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + +sleep 2 + +echo "Create BRMSParamvDNS Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvDNS", + "policyDescription": "BRMS Param vDNS policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller" : "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3%0D%0A++trigger_policy%3A+unique-policy-id-1-scale-up%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-scale-up%0D%0A++++name%3A+Create+a+new+VF+Module%0D%0A++++description%3A%0D%0A++++actor%3A+SO%0D%0A++++recipe%3A+VF+Module+Create%0D%0A++++target%3A%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + +sleep 2 + +echo "Create BRMSParamVOLTE Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamVOLTE", + "policyDescription": "BRMS Param VOLTE policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller" : "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-VOLTE-2179b738-fd36-4843-a71a-a8c24c70c55b%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+VFC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + +sleep 2 + +echo "Create BRMSParamvCPE Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/html' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvCPE", + "policyDescription": "BRMS Param vCPE policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller" : "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e%0D%0A++trigger_policy%3A+unique-policy-id-1-restart%0D%0A++timeout%3A+3600%0D%0A++abatement%3A+true%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-restart%0D%0A++++name%3A+Restart+the+VM%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+Restart%0D%0A++++target%3A%0D%0A++++++type%3A+VM%0D%0A++++retry%3A+3%0D%0A++++timeout%3A+1200%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + +#########################################Create Micro Service Config policies########################################## + +echo "Create MicroService Config Policies" + +sleep 2 + +echo "Create MicroServicevFirewall Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevFirewall\", \"description\": \"MicroService vFirewall Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vFirewallBroadcastPackets\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"LESS_OR_EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ONSET\" }, { \"closedLoopControlName\": \"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 700, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" } ] }] } } }", + "policyConfigType": "MicroService", + "policyName": "com.MicroServicevFirewall", + "onapName": "DCAE" +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + + +sleep 2 + +echo "Create MicroServicevDNS Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevDNS\", \"description\": \"MicroService vDNS Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"vLoadBalancer\", \"controlLoopSchemaType\": \"VM\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.vNicUsageArray[*].receivedTotalPacketsDelta\", \"thresholdValue\": 300, \"direction\": \"GREATER_OR_EQUAL\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", + "policyConfigType": "MicroService", + "policyName": "com.MicroServicevDNS", + "onapName": "DCAE" +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + + +sleep 2 + +echo "Create MicroServicevCPE Policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "configBody": "{ \"service\": \"tca_policy\", \"location\": \"SampleServiceLocation\", \"uuid\": \"test\", \"policyName\": \"MicroServicevCPE\", \"description\": \"MicroService vCPE Policy\", \"configName\": \"SampleConfigName\", \"templateVersion\": \"OpenSource.version.1\", \"version\": \"1.1.0\", \"priority\": \"1\", \"policyScope\": \"resource=SampleResource,service=SampleService,type=SampleType,closedLoopControlName=ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"riskType\": \"SampleRiskType\", \"riskLevel\": \"1\", \"guard\": \"False\", \"content\": { \"tca_policy\": { \"domain\": \"measurementsForVfScaling\", \"metricsPerEventName\": [{ \"eventName\": \"Measurement_vGMUX\", \"controlLoopSchemaType\": \"VNF\", \"policyScope\": \"DCAE\", \"policyName\": \"DCAE.Config_tca-hi-lo\", \"policyVersion\": \"v0.0.1\", \"thresholds\": [{ \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"EQUAL\", \"severity\": \"MAJOR\", \"closedLoopEventStatus\": \"ABATED\" }, { \"closedLoopControlName\": \"ControlLoop-vCPE-48f0c2c3-a172-4192-9ae3-052274181b6e\", \"version\": \"1.0.2\", \"fieldPath\": \"$.event.measurementsForVfScalingFields.additionalMeasurements[*].arrayOfFields[0].value\", \"thresholdValue\": 0, \"direction\": \"GREATER\", \"severity\": \"CRITICAL\", \"closedLoopEventStatus\": \"ONSET\" }] }] } } }", + "policyConfigType": "MicroService", + "policyName": "com.MicroServicevCPE", + "onapName": "DCAE" +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + + +#########################################Creating Decision Guard policy######################################### + +sleep 2 + +echo "Creating Decision Guard policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyClass": "Decision", + "policyName": "com.AllPermitGuard", + "policyDescription": "Testing all Permit YAML Guard Policy", + "ecompName": "PDPD", + "ruleProvider": "GUARD_YAML", + "attributes": { + "MATCHING": { + "actor": ".*", + "recipe": ".*", + "targets": ".*", + "clname": ".*", + "limit": "10", + "timeWindow": "1", + "timeUnits": "minute", + "guardActiveStart": "00:00:01-05:00", + "guardActiveEnd": "00:00:00-05:00" + } + } +}' 'http://pdp.onap-policy:8081/pdp/api/createPolicy' + +#########################################Push Decision policy######################################### + +sleep 2 + +echo "Push Decision policy" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.AllPermitGuard", + "policyType": "DECISION" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +#########################################Pushing BRMS Param policies########################################## + +echo "Pushing BRMSParam Operational policies" + +sleep 2 + +echo "pushPolicy : PUT : com.BRMSParamvFirewall" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamvFirewall", + "policyType": "BRMS_Param" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +sleep 2 + +echo "pushPolicy : PUT : com.BRMSParamvDNS" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamvDNS", + "policyType": "BRMS_Param" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +sleep 2 + +echo "pushPolicy : PUT : com.BRMSParamVOLTE" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamVOLTE", + "policyType": "BRMS_Param" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +sleep 2 + +echo "pushPolicy : PUT : com.BRMSParamvCPE" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamvCPE", + "policyType": "BRMS_Param" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +#########################################Pushing MicroService Config policies########################################## + +echo "Pushing MicroService Config policies" + +sleep 2 + +echo "pushPolicy : PUT : com.MicroServicevFirewall" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.MicroServicevFirewall", + "policyType": "MicroService" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +sleep 10 + +echo "pushPolicy : PUT : com.MicroServicevDNS" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.MicroServicevDNS", + "policyType": "MicroService" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy' + +sleep 10 + +echo "pushPolicy : PUT : com.MicroServicevCPE" +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.MicroServicevCPE", + "policyType": "MicroService" +}' 'http://pdp.onap-policy:8081/pdp/api/pushPolicy'
\ No newline at end of file diff --git a/kubernetes/policy/scripts/update-vfw-op-policy.sh b/kubernetes/policy/scripts/update-vfw-op-policy.sh new file mode 100755 index 0000000000..39483a0fb7 --- /dev/null +++ b/kubernetes/policy/scripts/update-vfw-op-policy.sh @@ -0,0 +1,93 @@ +#!/bin/bash + +if [ "$#" -ne 4 ]; then + echo "Usage: $(basename $0) <k8s-host> <policy-pdp-node-port> <policy-drools-node-port> <resource-id>" + exit 1 +fi + +K8S_HOST=$1 +POLICY_PDP_PORT=$2 +POLICY_DROOLS_PORT=$3 +RESOURCE_ID=$4 + +echo +echo +echo "Removing the vFW Policy from PDP.." +echo +echo + +curl -v -X DELETE --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyComponent" : "PDP", + "policyName": "com.BRMSParamvFirewall", + "policyType": "BRMS_Param" +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/deletePolicy + +sleep 20 + +echo + +echo +echo "Updating vFW Operational Policy .." +echo + +curl -v -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "policyConfigType": "BRMS_PARAM", + "policyName": "com.BRMSParamvFirewall", + "policyDescription": "BRMS Param vFirewall policy", + "policyScope": "com", + "attributes": { + "MATCHING": { + "controller": "amsterdam" + }, + "RULE": { + "templateName": "ClosedLoopControlName", + "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", + "controlLoopYaml": "controlLoop%3A%0D%0A++version%3A+2.0.0%0D%0A++controlLoopName%3A+ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a%0D%0A++trigger_policy%3A+unique-policy-id-1-modifyConfig%0D%0A++timeout%3A+1200%0D%0A++abatement%3A+false%0D%0A+%0D%0Apolicies%3A%0D%0A++-+id%3A+unique-policy-id-1-modifyConfig%0D%0A++++name%3A+modify+packet+gen+config%0D%0A++++description%3A%0D%0A++++actor%3A+APPC%0D%0A++++recipe%3A+ModifyConfig%0D%0A++++target%3A%0D%0A++++++%23+TBD+-+Cannot+be+known+until+instantiation+is+done%0D%0A++++++resourceID%3A+'${RESOURCE_ID}'%0D%0A++++++type%3A+VNF%0D%0A++++retry%3A+0%0D%0A++++timeout%3A+300%0D%0A++++success%3A+final_success%0D%0A++++failure%3A+final_failure%0D%0A++++failure_timeout%3A+final_failure_timeout%0D%0A++++failure_retries%3A+final_failure_retries%0D%0A++++failure_exception%3A+final_failure_exception%0D%0A++++failure_guard%3A+final_failure_guard" + } + } +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/updatePolicy + +sleep 5 + +echo +echo +echo "Pushing the vFW Policy .." +echo +echo + +curl -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ + "pdpGroup": "default", + "policyName": "com.BRMSParamvFirewall", + "policyType": "BRMS_Param" +}' http://${K8S_HOST}:${POLICY_PDP_PORT}/pdp/api/pushPolicy + +sleep 20 + +echo +echo +echo "Restarting PDP-D .." +echo +echo + +POD=$(kubectl --namespace onap-policy get pods | sed 's/ .*//'| grep drools) +kubectl --namespace onap-policy exec -it ${POD} -- bash -c "source /opt/app/policy/etc/profile.d/env.sh && policy stop && sleep 5 && policy start" + +sleep 20 + +echo +echo +echo "PDP-D amsterdam maven coordinates .." +echo +echo + +curl -vvv --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools | python -m json.tool + + +echo +echo +echo "PDP-D control loop updated .." +echo +echo + +curl -v --silent --user @1b3rt:31nst31n -X GET http://${K8S_HOST}:${POLICY_DROOLS_PORT}/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params | python -m json.tool diff --git a/kubernetes/policy/templates/all-services.yaml b/kubernetes/policy/templates/all-services.yaml index a1c480458d..c6b633e98d 100644 --- a/kubernetes/policy/templates/all-services.yaml +++ b/kubernetes/policy/templates/all-services.yaml @@ -45,6 +45,9 @@ spec: - name: "drools-port" port: 6969 nodePort: {{ .Values.nodePortPrefix }}17 + - name: "drools-port2" + port: 9696 + nodePort: {{ .Values.nodePortPrefix }}21 selector: app: drools type: NodePort @@ -125,4 +128,4 @@ spec: selector: app: brmsgw type: NodePort -#{{ end }}
\ No newline at end of file +#{{ end }} diff --git a/kubernetes/policy/templates/dep-brmsgw.yaml b/kubernetes/policy/templates/dep-brmsgw.yaml index 7a1bcdec49..667ccc6251 100644 --- a/kubernetes/policy/templates/dep-brmsgw.yaml +++ b/kubernetes/policy/templates/dep-brmsgw.yaml @@ -20,13 +20,7 @@ spec: - /root/ready.py args: - --container-name - - mariadb - - --container-name - - nexus - - --container-name - pap - - --container-name - - pdp env: - name: NAMESPACE valueFrom: @@ -55,8 +49,9 @@ spec: hostPath: path: /etc/localtime - name: pe - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/pe/ + configMap: + name: policy-dep-pe-configmap + defaultMode: 0755 imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" #{{ end }} diff --git a/kubernetes/policy/templates/dep-drools.yaml b/kubernetes/policy/templates/dep-drools.yaml index 48ef16e3b2..afa044abe9 100644 --- a/kubernetes/policy/templates/dep-drools.yaml +++ b/kubernetes/policy/templates/dep-drools.yaml @@ -23,12 +23,6 @@ spec: - mariadb - --container-name - nexus - - --container-name - - pap - - --container-name - - pdp - - --container-name - - brmsgw env: - name: NAMESPACE valueFrom: @@ -38,6 +32,10 @@ spec: image: "{{ .Values.image.readiness }}:{{ .Values.image.readinessVersion }}" imagePullPolicy: {{ .Values.pullPolicy }} name: drools-readiness + hostAliases: + - ip: "{{ .Values.aaiServiceClusterIp }}" + hostnames: + - "aai.api.simpledemo.openecomp.org" containers: - command: - /bin/bash @@ -61,10 +59,12 @@ spec: name: drools - mountPath: /usr/share/maven/conf/settings.xml name: drools-settingsxml + subPath: settings.xml - mountPath: /var/log/onap name: policy-logs - mountPath: /tmp/logback.xml name: policy-logback + subPath: logback.xml lifecycle: postStart: exec: @@ -75,6 +75,7 @@ spec: volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf + subPath: filebeat.yml - mountPath: /var/log/onap name: policy-logs - mountPath: /usr/share/filebeat/data @@ -84,21 +85,37 @@ spec: hostPath: path: /etc/localtime - name: filebeat-conf - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/filebeat/logback/filebeat.yml + configMap: + name: policy-filebeat-configmap - name: policy-logs emptyDir: {} - name: policy-data-filebeat emptyDir: {} - name: policy-logback - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/policy/drools/logback.xml + configMap: + name: policy-drools-log-configmap - name: drools-settingsxml - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/drools/settings.xml + configMap: + name: policy-dep-drools-settings-configmap - name: drools - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/drools/ + secret: + secretName: policy-dep-drools-secret + items: + - key: policy-keystore + path: policy-keystore + mode: 0644 + - key: feature-healthcheck.conf + path: feature-healthcheck.conf + mode: 0644 + - key: base.conf + path: base.conf + mode: 0755 + - key: policy-management.conf + path: policy-management.conf + mode: 0755 + - key: drools-tweaks.sh + path: drools-tweaks.sh + mode: 0755 imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" #{{ end }} diff --git a/kubernetes/policy/templates/dep-maria.yaml b/kubernetes/policy/templates/dep-maria.yaml index c0f5060884..c921e8c890 100644 --- a/kubernetes/policy/templates/dep-maria.yaml +++ b/kubernetes/policy/templates/dep-maria.yaml @@ -24,8 +24,6 @@ spec: - mountPath: /etc/localtime name: localtime readOnly: true - - mountPath: /var/lib/mysql - name: policy-mariadb-data readinessProbe: tcpSocket: port: 3306 @@ -35,9 +33,6 @@ spec: - name: localtime hostPath: path: /etc/localtime - - name: policy-mariadb-data - persistentVolumeClaim: - claimName: policy-db imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" #{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/templates/dep-pap.yaml b/kubernetes/policy/templates/dep-pap.yaml index 523cfd35ff..d3d5ff3738 100644 --- a/kubernetes/policy/templates/dep-pap.yaml +++ b/kubernetes/policy/templates/dep-pap.yaml @@ -19,8 +19,6 @@ spec: - /root/ready.py args: - --container-name - - nexus - - --container-name - mariadb env: - name: NAMESPACE @@ -52,6 +50,9 @@ spec: image: "{{ .Values.image.policyPe }}:{{ .Values.image.policyPeVersion }}" imagePullPolicy: {{ .Values.pullPolicy }} name: pap + env: + - name: PRELOAD_POLICIES + value: "true" ports: - containerPort: 8443 - containerPort: 9091 @@ -70,8 +71,10 @@ spec: name: policy-logs - mountPath: /tmp/policy-install/logback.xml name: policy-sdk-logback + subPath: logback.xml - mountPath: /tmp/logback.xml name: policy-logback + subPath: logback.xml lifecycle: postStart: exec: @@ -82,6 +85,7 @@ spec: volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf + subPath: filebeat.yml - mountPath: /var/log/onap name: policy-logs - mountPath: /usr/share/filebeat/data @@ -91,21 +95,22 @@ spec: hostPath: path: /etc/localtime - name: filebeat-conf - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/filebeat/logback/filebeat.yml + configMap: + name: policy-filebeat-configmap - name: policy-logs emptyDir: {} - name: policy-data-filebeat emptyDir: {} - name: policy-logback - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/policy/xacml-pap-rest/logback.xml + configMap: + name: policy-pap-log-configmap - name: policy-sdk-logback - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/policy/ep_sdk_app/logback.xml + configMap: + name: policy-sdk-log-configmap - name: pe - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/pe/ + configMap: + name: policy-dep-pe-configmap + defaultMode: 0755 imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" #{{ end }} diff --git a/kubernetes/policy/templates/dep-pdp.yaml b/kubernetes/policy/templates/dep-pdp.yaml index 3763b95bb2..b62e280895 100644 --- a/kubernetes/policy/templates/dep-pdp.yaml +++ b/kubernetes/policy/templates/dep-pdp.yaml @@ -20,10 +20,6 @@ spec: - /root/ready.py args: - --container-name - - mariadb - - --container-name - - nexus - - --container-name - pap env: - name: NAMESPACE @@ -59,6 +55,7 @@ spec: name: policy-logs - mountPath: /tmp/logback.xml name: policy-logback + subPath: logback.xml lifecycle: postStart: exec: @@ -69,6 +66,7 @@ spec: volumeMounts: - mountPath: /usr/share/filebeat/filebeat.yml name: filebeat-conf + subPath: filebeat.yml - mountPath: /var/log/onap name: policy-logs - mountPath: /usr/share/filebeat/data @@ -78,18 +76,19 @@ spec: hostPath: path: /etc/localtime - name: filebeat-conf - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/filebeat/logback/filebeat.yml + configMap: + name: policy-filebeat-configmap - name: policy-logs emptyDir: {} - name: policy-data-filebeat emptyDir: {} - name: policy-logback - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/log/policy/xacml-pdp-rest/logback.xml + configMap: + name: policy-pdp-log-configmap - name: pe - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/opt/policy/config/pe/ + configMap: + name: policy-dep-pe-configmap + defaultMode: 0755 imagePullSecrets: - name: "{{ .Values.nsPrefix }}-docker-registry-key" #{{ end }} diff --git a/kubernetes/policy/templates/policy-deployment-configmap.yaml b/kubernetes/policy/templates/policy-deployment-configmap.yaml new file mode 100644 index 0000000000..b1db02bd20 --- /dev/null +++ b/kubernetes/policy/templates/policy-deployment-configmap.yaml @@ -0,0 +1,19 @@ +#{{ if not .Values.disablePolicyDrools }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-dep-drools-settings-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/drools/settings.xml").AsConfig | indent 2 }} +#{{ end }} +--- +#{{ if not .Values.disablePolicyPdp }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-dep-pe-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/opt/policy/config/pe/*").AsConfig | indent 2 }} +#{{ end }} diff --git a/kubernetes/policy/templates/policy-deployment-secret.yaml b/kubernetes/policy/templates/policy-deployment-secret.yaml new file mode 100644 index 0000000000..99a807bddf --- /dev/null +++ b/kubernetes/policy/templates/policy-deployment-secret.yaml @@ -0,0 +1,10 @@ +#{{ if not .Values.disablePolicyDrools }} +apiVersion: v1 +kind: Secret +metadata: + name: policy-dep-drools-secret + namespace: {{ .Values.nsPrefix }}-policy +type: Opaque +data: +{{ tpl (.Files.Glob "resources/config/opt/policy/config/drools/*").AsSecrets . | indent 2 }} +#{{ end }} diff --git a/kubernetes/policy/templates/policy-log-configmap.yaml b/kubernetes/policy/templates/policy-log-configmap.yaml new file mode 100644 index 0000000000..24ad45e5f7 --- /dev/null +++ b/kubernetes/policy/templates/policy-log-configmap.yaml @@ -0,0 +1,45 @@ +#{{ if not .Values.disablePolicyPap }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-pap-log-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/log/xacml-pap-rest/*").AsConfig | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-sdk-log-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/log/ep_sdk_app/*").AsConfig | indent 2 }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-filebeat-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/log/filebeat/*").AsConfig | indent 2 }} +#{{ end }} +#{{ if not .Values.disablePolicyPdp }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-pdp-log-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/log/xacml-pdp-rest/*").AsConfig | indent 2 }} +#{{ end }} +#{{ if not .Values.disablePolicyDrools }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: policy-drools-log-configmap + namespace: {{ .Values.nsPrefix }}-policy +data: +{{ (.Files.Glob "resources/config/log/drools/*").AsConfig | indent 2 }} +#{{ end }} diff --git a/kubernetes/policy/templates/policy-pv-pvc.yaml b/kubernetes/policy/templates/policy-pv-pvc.yaml deleted file mode 100644 index 5dc0c61c43..0000000000 --- a/kubernetes/policy/templates/policy-pv-pvc.yaml +++ /dev/null @@ -1,32 +0,0 @@ -#{{ if not .Values.disablePolicyMariadb }} -apiVersion: v1 -kind: PersistentVolume -metadata: - name: "{{ .Values.nsPrefix }}-policy-db" - namespace: "{{ .Values.nsPrefix }}-policy" - labels: - name: "{{ .Values.nsPrefix }}-policy-db" -spec: - capacity: - storage: 2Gi - accessModes: - - ReadWriteMany - persistentVolumeReclaimPolicy: Retain - hostPath: - path: /dockerdata-nfs/{{ .Values.nsPrefix }}/policy/mariadb/data/ ---- -kind: PersistentVolumeClaim -apiVersion: v1 -metadata: - name: policy-db - namespace: "{{ .Values.nsPrefix }}-policy" -spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 2Gi - selector: - matchLabels: - name: "{{ .Values.nsPrefix }}-policy-db" -#{{ end }}
\ No newline at end of file diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index ce037d896d..f52dc445e6 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -1,6 +1,11 @@ nsPrefix: onap pullPolicy: Always nodePortPrefix: 302 + +# POLICY hotfix - Note this must be temporary +# See https://jira.onap.org/browse/POLICY-510 +aaiServiceClusterIp: 10.43.255.254 + image: readiness: oomk8s/readiness-check readinessVersion: 1.0.0 |