From 193da6518b19c37599f1114a4da901aa00b3048d Mon Sep 17 00:00:00 2001 From: Saryu Shah Date: Fri, 10 Nov 2017 22:28:49 +0000 Subject: Doc for sa pap; sa pdp-x, activestdby mgmt Documentation for swarch pap; swarch pdp-x, activestdby mgmt ------------------------------------------------------------- Change-Id: I537e512ce4d743f9e448ac22db8e728c20b93db3 Issue-Id: POLICY-335 Signed-off-by: Saryu Shah --- docs/platform/feature_activestdbymgmt.rst | 116 ++++++++++++++++++++++++++++++ docs/platform/index.rst | 6 +- docs/platform/swarch_pap.rst | 60 ++++++++++++++++ docs/platform/swarch_pdpx.rst | 64 +++++++++++++++++ 4 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 docs/platform/feature_activestdbymgmt.rst create mode 100644 docs/platform/swarch_pap.rst create mode 100644 docs/platform/swarch_pdpx.rst diff --git a/docs/platform/feature_activestdbymgmt.rst b/docs/platform/feature_activestdbymgmt.rst new file mode 100644 index 000000000..a7c3fb97b --- /dev/null +++ b/docs/platform/feature_activestdbymgmt.rst @@ -0,0 +1,116 @@ + +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +********************************** +Feature: Active/Standby Management +********************************** + +.. contents:: + :depth: 3 + +Summary +^^^^^^^ +When the Feature Session Persistence is enabled, there can only be one active/providing service Drools PDP due to the behavior of Drools persistence. The Active/Standby Management Feature controls the selection of the Drools PDP that is providing service. It utilizes its own database and the State Management Feature database in the election algorithm. All Drools PDP nodes periodically run the election algorithm and, since they all use the same data, all nodes come to the same conclusion with the "elected" node assuming an active/providingservice state. Thus, the algorithm is distributed and has no single point of failure - assuming the database is configured for high availability. + +When the algorithm selects a Drools PDP to be active/providing service the controllers and topic endpoints are unlocked and allowed to process transactions. When a Drools PDP transitions to a hotstandby or coldstandby state, the controllers and topic endpoints are locked, preventing the Drools PDP from handling transactions. + + +Usage +^^^^^ + +Enabling and Disabling Feature State Management +----------------------------------------------- + +The Active/Standby Management Feature is enabled from the command line when logged in as policy after configuring the feature properties file (see Description Details section). From the command line: + +- > features status - Lists the status of features +- > features enable active-standby-management - Enables the Active-Standby Management Feature +- > features disable active-standby-management - Disables the Active-Standby Management Feature + +The Drools PDP must be stopped prior to enabling/disabling features and then restarted after the features have been enabled/disabled. + + .. code-block:: bash + :caption: Enabling Active/Standby Management Feature + + policy@hyperion-4:/opt/app/policy$ policy stop + [drools-pdp-controllers] + L []: Stopping Policy Management... Policy Management (pid=354) is stopping... Policy Management has stopped. + policy@hyperion-4:/opt/app/policy$ features enable active-standby-management + name version status + ---- ------- ------ + controlloop-utils 1.1.0-SNAPSHOT disabled + healthcheck 1.1.0-SNAPSHOT disabled + test-transaction 1.1.0-SNAPSHOT disabled + eelf 1.1.0-SNAPSHOT disabled + state-management 1.1.0-SNAPSHOT disabled + active-standby-management 1.1.0-SNAPSHOT enabled + session-persistence 1.1.0-SNAPSHOT disabled + + +Description Details +^^^^^^^^^^^^^^^^^^^ + +Election Algorithm +------------------ + +The election algorithm selects the active/providingservice Drools PDP. The algorithm on each node reads the *standbystatus* from the *StateManagementEntity* table for all other nodes to determine if they are providingservice or in a hotstandby state and able to assume an active status. It uses the *DroolsPdpEntity* table to verify that other node election algorithms are currently functioning and when the other nodes were last designated as the active Drools PDP. + +In general terms, the election algorithm periodically gathers the standbystatus and designation status for all the Drools PDPs. If the node which is currently designated as providingservice is "current" in updating its status, no action is required. If the designated node is either not current or has a standbystatus other than providingservice, it is time to choose another designated *DroolsPDP*. The algorithm will build a list of all DroolsPDPs that are current and have a *standbystatus* of *hotstandby*. It will then give preference to DroolsPDPs within the same site, choosing the DroolsPDP with the lowest lexicographic value to the droolsPdpId (resourceName). If the chosen DroolsPDP is itself, it will promote its standbystatus from hotstandby to providingservice. If the chosen DroolsPDP is other than itself, it will do nothing. + +When the DroolsPDP promotes its *standbystatus* from hotstandby to providing service, a state change notification will occur and the Standby State Change Handler will take appropriate action. + + +Standby State Change Handler +---------------------------- + +The Standby State Change Handler (*PMStandbyStateChangeHandler* class) extends the IntegrityMonitor StateChangeNotifier class which implements the Observer class. When the DroolsPDP is constructed, an instance of the handler is constructed and registered with StateManagement. Whenever StateManagement implements a state transition, it calls the *handleStateChange()* method of the handler. If the StandbyStatus transitions to hot or cold standby, the handler makes a call into the lower level management layer to lock the application controllers and topic endpoints, preventing it from handling transactions. If the StandbyStatus transitions to providingservice, the handler makes a call into the lower level management layer to unlock the application controllers and topic endpoints, allowing it to handle transactions. + + +Database +-------- + +The Active/Standby Feature creates a database named activestandbymanagement with a single table, **droolspdpentity**. The election handler uses that table to determine which DroolsPDP was/is designated as the active DroolsPDP and which DroolsPDP election handlers are healthy enough to periodically update their status. + +The **droolspdpentity** table has the following columns: + - **pdpId** - The unique indentifier for the DroolsPDP. It is the same as the resourceName + - **designated** - Has a value of 1 if the DroolsPDP is designated as active/providingservice. It has a value of 0 otherwise + - **priority** - Indicates the priority level of the DroolsPDP for the election handler. In general, this is ignore and all have the same priority. + - **updatedDate** - This is the timestamp for the most recent update of the record. + - **designatedDate** - This is the timestamp that indicates when the designated column was most recently set to a value of 1 + - **site** - This is the name of the site + +Properties +---------- + +The properties are found in the feature-active-standby-management.properties file. In general, the properties are adequately described in the properties file. Parameters which must be replaced prior to usage are indicated thus: ${{parameter to be replaced}} + + .. code-block:: bash + :caption: feature-active-standby-mangement.properties + + # DB properties + javax.persistence.jdbc.driver=org.mariadb.jdbc.Driver + javax.persistence.jdbc.url=jdbc:mariadb://${{SQL_HOST}}:3306/activestandbymanagement + javax.persistence.jdbc.user=${{SQL_USER}} + javax.persistence.jdbc.password=${{SQL_PASSWORD}} + + # Must be unique across the system + resource.name=pdp1 + # Name of the site in which this node is hosted + site_name=site1 + + # Needed by DroolsPdpsElectionHandler + pdp.checkInterval=1500 # The interval in ms between updates of the updatedDate + pdp.updateInterval=1000 # The interval in ms between executions of the election handler + #pdp.timeout=3000 + # Need long timeout, because testTransaction is only run every 10 seconds. + pdp.timeout=15000 + #how long do we wait for the pdp table to populate on initial startup + pdp.initialWait=20000 + + +End of Document + +.. SSNote: Wiki page ref. https://wiki.onap.org/pages/viewpage.action?pageId=16005790 + + diff --git a/docs/platform/index.rst b/docs/platform/index.rst index 787bc8fba..0f3db7fbf 100644 --- a/docs/platform/index.rst +++ b/docs/platform/index.rst @@ -10,12 +10,14 @@ Policy Engine Platform offeredapis.rst installation.rst policygui.rst - guardpolicy.rst + swarch_pap.rst + swarch_pdpx.rst deployPDPPAP.rst + guardpolicy.rst guardpdp.rst + feature_eelf.rst feature_testtransaction.rst feature_healthcheck.rst - feature_eelf.rst feature_statemgmt.rst feature_activestdbymgmt.rst tutorial_vDNS.rst diff --git a/docs/platform/swarch_pap.rst b/docs/platform/swarch_pap.rst new file mode 100644 index 000000000..7904c27ed --- /dev/null +++ b/docs/platform/swarch_pap.rst @@ -0,0 +1,60 @@ + +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +************************* +PAP Software Architecture +************************* + +.. contents:: + :depth: 3 + +Overview +^^^^^^^^ +PAP (Policy Administration Point) is the component of POLICY that is used to administer both Drools and XACML related policies. The core underlying technology used is XACML and the component itself belongs to the XACML architecture family. This component, as the name suggests, manages the configurations for PDP's and is responsible for the Create, Update and Delete operations of policies. + +Context +^^^^^^^ +The purpose of PAP is to: + +- Manage groups. create, delete or edit a group. By default "*default*" is created at startup. +- Manage PDP's. PDP's are assigned to single group at any given point of time. They can be changed or even removed. By default, at the time of startup PDP's are registered to the default group. +- Manage Policies. Create, update and remove policies which are stored in the database. +- Assign Policies to Group. Policies can be added or removed from group(s). +- Group changes updates all PDP's present in the group. +- Manage PIP (Policy Information Point) configuration to groups. +- Provide RESTful API interface for PDP's to communicate with PAP to register and be able to update their properties. +- Provide RESTful API interface for PDP/ POLICY-SDK-APP (policy GUI) to call the PAP and utilize its services. Clients would either use the GUI or PDP API to communicate with PAP. + +PAP Application Software +^^^^^^^^^^^^^^^^^^^^^^^^ +- PAP application software can run as a standalone application. But, to utilize its full features it needs at-least one running PDP instance connected to the PAP. The urls can be defined in the properties file of PDP component. +- This application can run as single container, or can support multiple instances of PAP's running. Each instance runs the same software. The differences are defined in the properties file used by the PAP software. +- The software is maintained using this project. + ONAP-PAP-REST → https://git.onap.org/policy/engine/tree/ONAP-PAP-REST +- Tomcat 8 is used as the web server to host PAP. +- A PDP update thread is used to update all PDP's upon any change to the group. +- MariaDB is used as the database behind to store the policies. +- File system and Properties file are used to cache and store the group information data. +- Elastic search database is used to store the policy data for index and search. + +Core components +^^^^^^^^^^^^^^^ +- XACMLPapServlet is the core servlet module handling the RESTful calls from PDP and Policy GUI. Apart from the servlet, PAP co hosts spring rest controller to host special API calls to serve Policy GUI. +- Each policy type is comprised as a different component type and are all under components package. In order to add any new extension to the Policy, it can be done by extending Policy. +- Spring controllers are present under the controller package which have the controller logic for different dictionaries as well as policy creation controller. +- Threads are used to update PDP's about any new updates in the group. There are also other threads which are used to monitor the status of PDP's. + +Configuration +^^^^^^^^^^^^^ +- All configurations related to the PAP are presesnt in xacml.pap.properties file. This can be changed if required in the docker setup or policy installation setup. +- pip.properties file is used as the PIP properties file. At the time of writing this document the PIP configuration can be changed via this file and applies for all groups. + +.. seealso:: The XACML PAP implementation mainly references the AT&T XACML https://github.com/att/XACML project. + + +End of Document + +.. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/PAP+Software+Architecture + + diff --git a/docs/platform/swarch_pdpx.rst b/docs/platform/swarch_pdpx.rst new file mode 100644 index 000000000..1d9c611bd --- /dev/null +++ b/docs/platform/swarch_pdpx.rst @@ -0,0 +1,64 @@ + +.. This work is licensed under a Creative Commons Attribution 4.0 International License. +.. http://creativecommons.org/licenses/by/4.0 + +*************************** +PDP-X Software Architecture +*************************** + +.. contents:: + :depth: 3 + +Overview +^^^^^^^^ +The PDP (Policy Decision Point) is the main decision engine of POLICY. The decisions taken are based on the policy set which has been assigned by PAP. **PDP** is a part of **XACML** family and, hence, referred to as **PDP-X**. The PDP-X receives XACML requests and returns XACML responses which are either Permit, Deny or Indeterminate. The software contains wrapper code to wrap the internal XACML structures with a request and response structure that is commonly used in ONAP. + +PDP Application container +^^^^^^^^^^^^^^^^^^^^^^^^^ +- PDP Application containers run as standalone containers which when requested for decision give appropriate responses. +- If configured with PAP it would be able to modify the PDP's policy set. In absence of PAP the PDP would utilize its existing set of policies to take decisions. +- In order to scale up and handle multiple requests, Multiple PDP's can be started and used to serve the requests. + +Core Software +^^^^^^^^^^^^^ +- The core software of PDP-X is the divided into two projects: + - ONAP-PDP (core PDP decision components) + - ONAP-PDP-REST (Rest wrapper around PDP to support communications with PAP and take in requests from clients) + +- ONAP-PDP-REST is the project which has the wrapper code and hosts the Policy APIs, which also acts as a proxy for Policy administration related APIs. +- ONAP-PDP-REST project comprises of: + - Servlet code implementation which handles the requests from PAP's and legacy XACML requests from clients. + - Spring REST controller implementation handles the Policy API's that are widely used within ONAP. Swagger documentation is tied with the API code which are available with the PDP container when executed. + - Notification server which sends notification to the connected clients via Websocket, DMaaP or UEB. Policy Internal components use Websocket as the notification medium. + - Runs a thread to communicate with PAP about any updates in policy configurations. + +- ONAP-PDP project is an extension of XACML implementation of PDP which contains the core XACML function and definition which are used in the policy decision process. +- Tomcat 8 is used as the web server to host PDP-X. +- File system and properties file are used to store policy information so that PDP can recover in case of failure. +- In memory cache is used by PDP to store policy information after startup in order to serve requests quickly. + +Package Overview +^^^^^^^^^^^^^^^^ +- ONAP-PDP-REST package structure is discussed here: + - rest is the main package which contains servlet code. + - controller package consists of the spring rest controller which handles the API requests from clients. + - service package consists of the service layer code for different policy API services. + - notifications package consists of the notification service that is offered by PDP-X. + - config package consists of the spring and swagger configurations. + +- Extensions + - Any new addition to the service can be added to the service layer and appropriate API call can be added to the controller code. + +Configuration +^^^^^^^^^^^^^ +- All configurations related to PDP are present in xacml.pdp.properties file. This can be changed if required in the docker setup or policy installation setup. + + +.. seealso:: The PDP implementation references the XACML AT&T https://github.com/att/XACML project. + + +End of Document + +.. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/PDP-X+Software+Architecture + + -- cgit 1.2.3-korg