X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Finstallation%2Foom.rst;h=30efdbe76df059686b770af8138c1f54ba2bba7c;hb=688a2dd3a681c28ac48ad737316c2dc1dff08526;hp=8e7c585d6049840a5565972b205a6b59e6f88b8d;hpb=5d8ec37d9f42cd1249cfc3a48cf1f9f9fd5fe8d2;p=policy%2Fparent.git diff --git a/docs/installation/oom.rst b/docs/installation/oom.rst index 8e7c585d..30efdbe7 100644 --- a/docs/installation/oom.rst +++ b/docs/installation/oom.rst @@ -42,6 +42,8 @@ Accessing the policy docker containers is the same as for any kubernetes contain kubectl -n onap exec -it dev-policy-policy-xacml-pdp-584844b8cf-9zptx bash +.. _install-upgrade-policy-label: + Installing or Upgrading Policy ****************************** The assumption is you have cloned the charts from the OOM repository into a local directory. @@ -52,9 +54,8 @@ From your local copy, edit any of the values.yaml files in the policy tree to ma The policy schema will be installed automatically as part of the database configuration using ``db-migrator``. By default the policy schema is upgraded to the latest version. -For more information on how to change the ``db-migrator`` setup please see: `Using Policy DB Migrator`_. - -.. _Using Policy DB Migrator: ../db-migrator/policy-db-migrator.html +For more information on how to change the ``db-migrator`` setup please see +:ref:`Using Policy DB Migrator `. **Step 2** Build the charts @@ -128,7 +129,7 @@ For security reasons, the ports for the policy containers are configured as Clus kubectl -n onap expose service policy-api --port=7171 --target-port=6969 --name=api-public --type=NodePort Overriding certificate stores -******************************* +***************************** Policy components package default key and trust stores that support https based communication with other AAF-enabled ONAP components. Each store can be overridden at installation. @@ -161,11 +162,11 @@ When the keystore passwords are changed, the corresponding component configurati This procedure is applicable to an installation that requires either AAF or non-AAF derived certificates. The reader is refered to the AAF documentation when new AAF-compliant keystores are desired: -* `AAF automated configuration and Certificates `_. +* `AAF automated configuration and Certificates `_. * `AAF Certificate Management for Dummies `_. * `Instructional Videos `_. -After these changes, follow the procedures in the :ref:`Installing or Upgrading Policy` section to make usage of +After these changes, follow the procedures in the :ref:`install-upgrade-policy-label` section to make usage of the new stores effective. Additional PDP-D Customizations @@ -180,7 +181,7 @@ information is secured appropriately before using in production. Additional customization can be applied to the PDP-D. Custom configuration goes under the "resources" directory of the drools subchart (oom/kubernetes/policy/charts/drools/resources). This requires rebuilding the policy subchart -(see section :ref:`Installing or Upgrading Policy`). +(see section :ref:`install-upgrade-policy-label`). Configuration is done by adding or modifying configmaps and/or secrets. Configmaps are placed under "drools/resources/configmaps", and @@ -209,7 +210,7 @@ To *disable AAF*, simply override the "aaf.enabled" value when deploying the hel To *override the PDP-D keystore or trustore*, add a suitable replacement(s) under "drools/resources/secrets". Modify the drools chart values.yaml with new credentials, and follow the procedures described at -:ref:`Installing or Upgrading Policy` to redeploy the chart. +:ref:`install-upgrade-policy-label` to redeploy the chart. To *disable https* for the DMaaP configuration topic, add a copy of `engine.properties `_