From 823691fb0dbf7538b5d3319c1b3afdb051c001dd Mon Sep 17 00:00:00 2001 From: Jorge Hernandez Date: Mon, 30 Apr 2018 19:53:29 -0500 Subject: oom tweaks in pap configuration for pdp-x pooling paplp_1 process is unused and causes intermittent bad behavior when issuing healthchecks. Since it provides no apparent benefit integrity monitor usage has been disabled. preloading policies apis are executed when the PAP come up. The PDP-Xs take longer to come up, therefore the push-policies script causes bad interactions. This operation has to be triggered after all the PDP-Xs are up and properly running, which is difficult to predict. Therefore, it is moved to a manual step execution. In the future, we could think of'how perhaps execute autonomously by some other means. It does not currently work as is, so it is disabled, at least temporarily, there were a couple problems with pap.conf, first the pdps hostname need to be explicitly provided, as PAP keeps a white list of pdp hosts that can connect to it and be served policies. Another limitation is the format, note the change to ";" to separate pdps, instead of ",". Further the automatic configuration sequence is only made for 1 PDP-X, does not work well when multiple PDP-Xs are provided, so for the first PDP-X, the credentials need to be explicitly added, otherwise, it denies access to PDP-Xs. Change-Id: I5d4a9a39822c036db26e97edb594ecaaa27f80d8 Issue-ID: POLICY-768 Signed-off-by: Jorge Hernandez --- kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf | 4 ++-- kubernetes/policy/resources/config/pe/pap.conf | 2 +- kubernetes/policy/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'kubernetes/policy') diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf index 7b13116e34..8e0b88213d 100644 --- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf +++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf @@ -30,7 +30,7 @@ TOMCAT_X_MX_MB=1024 UEB_CLUSTER=message-router REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/ -REST_PDP_ID=http://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/ +REST_PDP_ID=http://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/ REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps REST_PDP_REGISTER=true @@ -46,7 +46,7 @@ PDP_PAP_PDP_HTTP_PASSWORD=alpha123 node_type=pdp_xacml resource_name=pdp_1 -dependency_groups=pdplp_1;brmsgw_1 +dependency_groups=brmsgw_1 test_via_jmx=true # diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf index 39199d7f1a..ae9d47c491 100644 --- a/kubernetes/policy/resources/config/pe/pap.conf +++ b/kubernetes/policy/resources/config/pe/pap.conf @@ -39,7 +39,7 @@ REST_ADMIN_REPOSITORY=repository REST_ADMIN_WORKSPACE=workspace # PDP related properties -PAP_PDP_URL=http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}:{{ .Values.config.pdpPort }}/pdp/,http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}:{{ .Values.config.pdpPort }}/pdp/ +PAP_PDP_URL=http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/ PAP_PDP_HTTP_USER_ID=testpdp PAP_PDP_HTTP_PASSWORD=alpha123 diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml index 4ab6e11ec7..c2c9747747 100644 --- a/kubernetes/policy/values.yaml +++ b/kubernetes/policy/values.yaml @@ -65,7 +65,7 @@ debugEnabled: false # application configuration config: - preloadPolicies: true + preloadPolicies: false pdpPort: 8081 # default number of instances -- cgit 1.2.3-korg