diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/design/design.rst | 100 | ||||
-rw-r--r-- | docs/installation/installation.rst | 2 | ||||
-rw-r--r-- | docs/installation/oom.rst | 47 | ||||
-rw-r--r-- | docs/xacml/decision.affinity.json | 5 | ||||
-rw-r--r-- | docs/xacml/xacml.rst | 15 |
5 files changed, 157 insertions, 12 deletions
diff --git a/docs/design/design.rst b/docs/design/design.rst index cceba0fc..da0c3dc3 100644 --- a/docs/design/design.rst +++ b/docs/design/design.rst @@ -449,7 +449,12 @@ action R String The action that the ONAP component is performing These sub metadata structures are used to scope the resource the ONAP component is performing an action upon. At least one must be specified in order for Policy to return a decision. Multiple structures may be utilized to help define a -precise scope for a decision. +precise scope for a decision. + +4.4.1 Policy Decision API - DCAE configuration examples +------------------------------------------------------- + +These resource fields are examples on how DCAE implements its "configure" application to make Decision API calls. ================= ======= ======== ================================================================== **Field** **R/O** **Type** **Description** @@ -795,5 +800,96 @@ This example below shows the JSON body of a query to return all the deployed pol } } -End of Document +4.4.2 Policy Decision API - Guard Decision API examples +------------------------------------------------------- + +These resource fields are examples on how Drools-PDP implements its "guard" application to make Decision API calls. This +structure is a transition from the legacy guard API calls. So each of these resources are contained under a "guard" object +in the "resource" object of the JSON structure. + +================= ======= ======== ================================================================== +**Field** **R/O** **Type** **Description** +================= ======= ======== ================================================================== +actor O String The actor (eg APPC, SO) that is performing a recipe +recipe O String The recipe (eg Restart, Reboot) that the actor going to execute +clname O String The unique ID for the Control Loop +target O String The target VNF the actor is executing the recipe on +vfCount O String Specific to SO "VF Module Create" - the current count of VNFs + +================= ======= ======== ================================================================== + +This example below shows the JSON body of a guard Decision API call. + +.. code-block:: json + :caption: Decision API Call - Guard + :linenos: + + { + "ONAPName": "Policy", + "ONAPComponent": "drools-pdp", + "ONAPInstance": "usecase-template", + "requestId": "unique-request-id-1", + "action": "guard", + "resource": { + "guard": { + "actor": "SO", + "recipe": "VF Module Create", + "clname": "ControlLoop-vDNS-6f37f56d-a87d-4b85-b6a9-cc953cf779b3", + "target": "vLoadBalancer-00", + "vfCount": "1" + } + } + } + +.. code-block:: json + :caption: Decision Response - Guard + :linenos: + {"status":"Permit"} + +4.4.3 Policy Decision API - Optimize Decision API examples +---------------------------------------------------------- + +These resource fields are examples on how OOF project will make Decision API calls. NOTE: The OOF project +has not yet upgraded to the API. This work is scheduled for Frankfurt. + +================= ======= ============== ================================================================== +**Field** **R/O** **Type** **Description** +================= ======= ============== ================================================================== +scope O List of String Optional scope for the policy. +services O List of String One or more services the policy applies to. +resources O List of String The unique ID for the Control Loop +geography O List of String The target VNF the actor is executing the recipe on + +================= ======= ======== ================================================================== + +This example below shows the JSON body of an Optimize Decision API call. + +.. code-block:: json + :caption: Decision API Call - Optimize vCPE service in US + :linenos: + + { + "ONAPName": "OOF", + "ONAPComponent": "OOF-component", + "ONAPInstance": "OOF-component-instance", + "action": "optimize", + "resource": { + "scope": [], + "services": ["vCPE"], + "resources": [], + "geography": ["US"] + } + } + +.. code-block:: json + :caption: Decision Response - + :linenos: + + { + "policies:" { + ### Omitted for brevity + } + } + +End of Document diff --git a/docs/installation/installation.rst b/docs/installation/installation.rst index 627ffd68..40cd342e 100644 --- a/docs/installation/installation.rst +++ b/docs/installation/installation.rst @@ -7,7 +7,7 @@ Policy Component Installation ----------------------------- .. toctree:: - :maxdepth: 1 + :maxdepth: 2 oom.rst docker.rst diff --git a/docs/installation/oom.rst b/docs/installation/oom.rst index 1bdaa240..748a37bc 100644 --- a/docs/installation/oom.rst +++ b/docs/installation/oom.rst @@ -96,7 +96,7 @@ After deploying policy, loop on monitoring the policy pods until they come up. .. code-block:: bash - helm deploy dev-policy local/onap --namespace onap + helm deploy dev-policy local/onap --namespace onap kubectl get pods -n onap Exposing ports @@ -107,3 +107,48 @@ For security reasons, the ports for the policy containers are configured as Clus kubectl -n onap expose service policy-api --port=7171 --target-port=6969 --name=api-public --type=NodePort +Customizing PDP-D Installations +******************************* + +Credentials and other configuration parameters can be set as values +when deploying the policy (drools) subchart. Please refer to +`PDP-D Default Values <https://git.onap.org/oom/tree/kubernetes/policy/charts/drools/values.yaml>`_ +for the current default values. It is strongly recommended that sensitive +information is secured appropriately before using in production. + +Additional customization can be applied to the PDP-D. Custom configuration goes under the +"resources" directory of the drools subchart (oom/kubernetes/policy/charts/drools/resources). +This requires rebuilding the policy subchart +(see section :ref:`Rebuilding and/or modifying the Policy Charts`). + +Configuration is done by adding or modifying configmaps and/or secrets. +Configmaps are placed under "drools/resources/configmaps", and +secrets under "drools/resources/secrets". + +Custom configuration supportes these types of files: + +* **\*.conf** files to support additional environment configuration. +* **features\*.zip** to add additional custom features. +* **\*.pre.sh** scripts to be executed before starting the PDP-D process. +* **\*.post.sh** scripts to be executed after starting the PDP-D process. +* **policy-keystore** to override the PDP-D policy-keystore. +* **policy-truststore** to override the PDP-D policy-truststore. +* **aaf-cadi.keyfile** to override the PDP-D AAF key. +* **\*.properties** to override or add properties files. + +Examples +^^^^^^^^ + +To *disable AAF*, simply override the "aaf.enabled" value when deploying the helm chart +(see the OOM installation instructions mentioned above). + +To *override the PDP-D keystore or trustore*, add a suitable replacement(s) under +"drools/resources/secrets". Modify the drools chart values.yaml with +new credentials, and follow the procedures described at +:ref:`Rebuilding and/or modifying the Policy Charts` to redeploy the chart. + +To *disable https* for the DMaaP configuration topic, add a copy of +`engine.properties <https://git.onap.org/policy/drools-pdp/tree/policy-management/src/main/server/config/engine.properties>`_ +with "dmaap.source.topics.PDPD-CONFIGURATION.https" set to "false", or alternatively +create a ".pre.sh" script (see above) that edits this file before the PDP-D is +started. diff --git a/docs/xacml/decision.affinity.json b/docs/xacml/decision.affinity.json index 78785135..45da0403 100644 --- a/docs/xacml/decision.affinity.json +++ b/docs/xacml/decision.affinity.json @@ -4,7 +4,10 @@ "ONAPInstance": "OOF-component-instance", "action": "optimize", "resource": { - "policyScope": ["vCPE", "US", "INTERNATIONAL", "ip", "vGMuxInfra", "vG"], + "scope": [], + "services": ["vCPE"], + "resources": ["vGMuxInfra", "vG"], + "geography": ["US", "INTERNATIONAL"], "policyType": "zone" } } diff --git a/docs/xacml/xacml.rst b/docs/xacml/xacml.rst index 7c67723a..6d74ce6a 100644 --- a/docs/xacml/xacml.rst +++ b/docs/xacml/xacml.rst @@ -13,7 +13,7 @@ The ONAP XACML Policy PDP Engine uses an `open source implementation <https://gi ONAP Supported Policy Types *************************** -In ONAP the following Policy Types are supported. Each Policy Type is implemented as an application that extends the **XacmlApplicationServiceProvider**. For details on each implementation, please refer to the `applications submodule of the onap/xacml-pdp project <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=tree;f=applications;h=047878fe14851d8a51998e065b8aca583ed8c994;hb=refs/heads/dublin>`__. +In ONAP the following Policy Types are supported. Each Policy Type is implemented as an application that extends the **XacmlApplicationServiceProvider**. For details on each implementation, please refer to the `applications submodule of the onap/xacml-pdp project <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=tree;f=applications;h=047878fe14851d8a51998e065b8aca583ed8c994;hb=refs/heads/elalto>`__. By cloning the policy/xacml-pdp repository, one can run the JUnit tests to get a better understanding on how applications are built using translators and the XACML Policies that are generated for each Policy Type. Each application supports one or more Policy Types and an associated "action" used by the Decision API when making these calls. @@ -27,7 +27,7 @@ These Policy Types are used by Control Loop DCAE microservice components to supp "onap.policies.monitoring.cdap.tca.hi.lo.app", "configure", "TCA DCAE microservice component" "onap.policies.monitoring.dcaegen2.collectors.datafile.datafile-app-server", "configure", "REST Collector" -The translator used to translate these TOSCA Policy Types is the `StdCombinedPolicyResultsTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java;h=2d7386d99f97ccee828b665a46b46531495cdfcd;hb=refs/heads/dublin>`__. +The translator used to translate these TOSCA Policy Types is the `StdCombinedPolicyResultsTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdCombinedPolicyResultsTranslator.java;h=2d7386d99f97ccee828b665a46b46531495cdfcd;hb=refs/heads/elalto>`__. This is an example Decision API payload made to retrieve a decision for a Monitoring Policy Type. @@ -36,7 +36,7 @@ This is an example Decision API payload made to retrieve a decision for a Monito Guard Policy Types ================== -These Policy Types are used by Control Loop Drools Engine to support guarding of Control Loops during runtime control loop execution. NOTE: For Dublin, these policy types are not TOSCA compliant but rather a simple variation of the Casablanca legacy guard policy. +These Policy Types are used by Control Loop Drools Engine to support guarding of Control Loops during runtime control loop execution. NOTE: For El Alto, these policy types are not TOSCA compliant but rather a simple variation of the Casablanca legacy guard policy. .. csv-table:: :header: "Policy Type", "Action", "Description" @@ -45,7 +45,7 @@ These Policy Types are used by Control Loop Drools Engine to support guarding of "onap.policies.controlloop.guard.Blacklist", "guard", "Blacklists a regexp of VNF IDs" "onap.policies.controlloop.guard.MinMax", "guard", "For scaling, enforces a min/max number of VNFS" -The translator used to translate these legacy Policy Types is the `LegacyGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java;h=2917aab26dfbcf805dd00fead66ef68439561a11;hb=refs/heads/dublin>`__ which implements a more fine grained approach to translating the properties into a XACML policy. +The translator used to translate these legacy Policy Types is the `LegacyGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/LegacyGuardTranslator.java;h=2917aab26dfbcf805dd00fead66ef68439561a11;hb=refs/heads/elalto>`__ which implements a more fine grained approach to translating the properties into a XACML policy. This is an example Decision API payload made to retrieve a decision for a Guard Policy Type. @@ -62,17 +62,18 @@ These Policy Types are similar to the guard Policy Types and are called by the C "onap.policies.controlloop.guard.coordination.FirstBlocksSecond", "guard", "Gives priority to one control loop vs another" -The translator used to translate the coordination Policy Types is the `CoordinationGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java;h=41c1428e3da4cc5b6c1bb091d0c16a6618a036ae;hb=refs/heads/dublin>`__ which uses a XACML Policy Template in its implementation. For example, when a new policy is loaded the translator copies the template to a new policy and replaces the CONTROL_LOOP_ONE and CONTROL_LOOP_TWO values with the specified control loops. See the `XAMCL Coordination Template for more details <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml;h=bea05f264be5e422eb2da448d40057f736b7555c;hb=refs/heads/dublin>`__. +The translator used to translate the coordination Policy Types is the `CoordinationGuardTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/java/org/onap/policy/xacml/pdp/application/guard/CoordinationGuardTranslator.java;h=41c1428e3da4cc5b6c1bb091d0c16a6618a036ae;hb=refs/heads/elalto>`__ which uses a XACML Policy Template in its implementation. For example, when a new policy is loaded the translator copies the template to a new policy and replaces the CONTROL_LOOP_ONE and CONTROL_LOOP_TWO values with the specified control loops. See the `XAMCL Coordination Template for more details <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/guard/src/main/resources/coordination/function/onap.policies.controlloop.guard.coordination.FirstBlocksSecond.xml;h=bea05f264be5e422eb2da448d40057f736b7555c;hb=refs/heads/elalto>`__. The same Decision API payload example for guard applies to this Policy Type. Optimization Policy Types ========================= -These Policy Types are used by the OOF Project support placement in ONAP. The OOF Platform makes a call to the Decision API to request these Policies based on the values specified in the **policyScope** and **policyType** properties. Please refer to the OOF Project for more details on how these Policy Types are using in their platform. +These Policy Types are designed to be used by the OOF Project support placement in ONAP. The OOF Platform makes a call to the Decision API to request these Policies based on the values specified in the onap.policies.Optimization properties that have a metadata property called "matchable" and its value is set to "true". NOTE: For El Alto, this is dark code and OOF has not yet upgraded to the new Decision API to support this. Please refer to the OOF Project for more details on how it currently uses the Legacy API and policy models in their platform. .. csv-table:: :header: "Policy Type", "Action" + "onap.policies.Optimization", "optimize" "onap.policies.optimization.AffinityPolicy", "optimize" "onap.policies.optimization.DistancePolicy", "optimize" "onap.policies.optimization.HpaPolicy", "optimize" @@ -83,7 +84,7 @@ These Policy Types are used by the OOF Project support placement in ONAP. The OO "onap.policies.optimization.Vim_fit", "optimize" "onap.policies.optimization.VnfPolicy", "optimize" -The translator used to translate the optimization Policy Types is the `StdMatchableTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdMatchableTranslator.java;h=dd44af7aa4ab2ef70b216f8a3a6a02c6f1fddf56;hb=refs/heads/dublin>`__. +The translator used to translate the optimization Policy Types is the `StdMatchableTranslator <https://gerrit.onap.org/r/gitweb?p=policy/xacml-pdp.git;a=blob;f=applications/common/src/main/java/org/onap/policy/pdp/xacml/application/common/std/StdMatchableTranslator.java;h=dd44af7aa4ab2ef70b216f8a3a6a02c6f1fddf56;hb=refs/heads/elalto>`__. This is an example Decision API payload made to retrieve a decision for an Optimization Policy Type. |