1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
.. This work is licensed under a Creative Commons Attribution 4.0 International License.
.. _gui-server-label:
The Policy Framework GUI Server
###############################
The **gui-server** microservice serves the GUI code to the browser for Policy Framework UI. In addition, it acts as
a single point of reference for the REST interfaces provided by **policy-api**, **policy-pap**, and **acm-runtime**.
It can also be used as a HTTPS gatewy for REST references into a Policy Framework deployment in a Kubernetes cluster.
.. contents::
:depth: 2
The **gui-server** is a regular microservice, and it is packaged, delivered and configured as a docker image. It is
a Spring application and therefore uses a normal Spring-style *applciation.yaml* approach to configuration.
Definitive example configurations are available in the codebase:
- `application_http.yaml <https://github.com/onap/policy-gui/blob/master/gui-server/src/test/resources/application_http.yaml>`_
showing how to configure gui-server for HTTP access
- `application_https.yaml <https://github.com/onap/policy-gui/blob/master/gui-server/src/test/resources/application_https.yaml>`_
showing how to configure gui-server for HTTPS access
The configuration parameters are explained in the sections below
Server Configuration
--------------------
Configuration for HTTP access to gui-server::
server:
port: 2443
ssl:
enabled: false
Start gui-server on port 2443 and disable SSL.
Configuration for HTTPS access to gui-server::
server:
port: 2443
ssl:
enabled: true
enabled-protocols: TLSv1.2
client-auth: want
key-store: file:./src/test/resources/helloworld-keystore.jks
key-store-password: changeit
trust-store: file:./src/test/resources/helloworld-truststore.jks
trust-store-password: changeit
Start gui-server on port 2443 and enable SSL with the parameters specified above
Note that other standard Spring **server** configuraiton parameters as
documented
`on the Spring website <https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html>`_
are supported.
Runtime Adaptation Configuration
--------------------------------
You can configure the adaptation for **policy-api**, **policy-pap**, and **runtime-acm**. In other words, you can map
the URL that the GUI produced or that you want to use in a REST tool such as *postman* or *curl* in the **runtime-ui**
part of the aaplication.yaml file::
runtime-ui:
policy-api:
mapping-path: "/runtime-ui/policy-api/restservices/"
url: http://localhost:30440
disable-ssl-validation: true
disable-ssl-hostname-check: true
policy-pap:
mapping-path: "/runtime-ui/policy-pap/restservices/"
url: http://localhost:30442
disable-ssl-validation: true
disable-ssl-hostname-check: true
acm:
mapping-path: "/runtime-ui/acm/restservices/"
url: http://localhost:30258
disable-ssl-validation: true
disable-ssl-hostname-check: true
The parameters under the **policy-api**, **policy-pap**, and **acm** sections are identical.
mapping-path and url
++++++++++++++++++++
The **mapping-path** is the root part of the path that will be replaced by the **url**, the **url** replaces the
**mapping-path**.
Therefore, using the configuration above for policy-api, the following mapping occurs::
http://localhost:2443/runtime-ui/policy-api/restservices/policy/api/v1/healthcheck
maps to
http://localhost:30440/policy/api/v1/healthcheck
and::
https://localhost:2443/runtime-ui/acm/restservices/onap/policy/clamp/acm/v2/commission
maps to
http://localhost:30258/onap/policy/clamp/acm/v2/commission
disable-ssl-validation and disable-ssl-hostname-check
+++++++++++++++++++++++++++++++++++++++++++++++++++++
The **disable-ssl-validation** **disable-ssl-hostname-check** are boolean values. If the target server (policy-api,
policy-pap, or runtime-acm) is using http, these values should be set to **false**. If the target server is using
HTTPS, set the values as **true** so that the **gui-server** transfers and forwards certificates to target servers.
Spring Boot Acuator Monitoring
------------------------------
The **gui-server** supports regular
`Spring Boot Actuator monitoring <https://docs.spring.io/spring-boot/docs/1.4.0.M2/reference/html/production-ready-monitoring.html>`_
and monitoring over `prometheus <https://prometheus.io/>`_.
The following section of the *application.yaml** file is an example of how to enable monitoring::
management:
endpoints:
web:
base-path: /
exposure:
include: health,metrics,prometheus
path-mapping.metrics: plain-metrics
path-mapping.prometheus: metrics
The configuration above enables the following URLs::
# Health Check
http://localhost:2443/health
# Plain Metrics
http://localhost:2443/plain-metrics
# Prometheus Metrics
http://localhost:2443/metrics
|
