X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=docs%2Finstallation%2Foom.rst;h=cccc716eed557724e4955f2eba073f41968cf53d;hb=4d7388b182bc076cc8cf88fae27938d0724271c2;hp=748a37bcb10641c087057f5fe07cc17057005f52;hpb=75ec6e95b3791c07c511ae396e0e37db6652cf42;p=policy%2Fparent.git diff --git a/docs/installation/oom.rst b/docs/installation/oom.rst index 748a37bc..cccc716e 100644 --- a/docs/installation/oom.rst +++ b/docs/installation/oom.rst @@ -61,8 +61,8 @@ Accessing the policy docker containers is the same as for any kubernetes contain kubectl -n onap exec -it dev-policy-policy-xacml-pdp-584844b8cf-9zptx bash -Rebuilding and/or modifying the Policy Charts -********************************************* +Installing or Upgrading Policy +****************************** The assumption is you have cloned the charts from the OOM repository into a local directory. **Step 1** Go into local copy of OOM charts @@ -99,6 +99,12 @@ After deploying policy, loop on monitoring the policy pods until they come up. helm deploy dev-policy local/onap --namespace onap kubectl get pods -n onap +Restarting a faulty component +***************************** +Each policy component can be restarted independently by issuing the following command: + +kubectl delete pod -n onap + Exposing ports ************** For security reasons, the ports for the policy containers are configured as ClusterIP and thus not exposed. If you find you need those ports in a development environment, then the following will expose them. @@ -107,7 +113,36 @@ For security reasons, the ports for the policy containers are configured as Clus kubectl -n onap expose service policy-api --port=7171 --target-port=6969 --name=api-public --type=NodePort -Customizing PDP-D Installations +Overriding certificate stores +******************************* +Each policy component keystore and or truststore can be overriden. The procedure will be applicable +to an installation that requires certificates other than the pre-packaged AAF derived ones +that come with the official ONAP distribution. + +To override a default keystore, the new certificate store (policy-keystore) file should be placed at the +appropriate helm chart locations below: + +* **oom/kubernetes/policy/charts/drools/resources/secrets/policy-keystore** drools pdp keystore override. +* **oom/kubernetes/policy/charts/policy-apex-pdp/resources/config/policy-keystore** apex pdp keystore override. +* **oom/kubernetes/policy/charts/policy-api/resources/config/policy-keystore** api keystore override. +* **oom/kubernetes/policy/charts/policy-distribution/resources/config/policy-keystore** distribution keystore override. +* **oom/kubernetes/policy/charts/policy-pap/resources/config/policy-keystore** pap keystore override. +* **oom/kubernetes/policy/charts/policy-xacml-pdp/resources/config/policy-keystore** xacml pdp keystore override. + +In the event that the truststore (policy-truststore) needs to be overriden as well, place it at the appropriate +location below: + +* **oom/kubernetes/policy/charts/drools/resources/configmaps/policy-truststore** drools pdp truststore override. +* **oom/kubernetes/policy/charts/policy-apex-pdp/resources/config/policy-truststore** apex pdp truststore override. +* **oom/kubernetes/policy/charts/policy-api/resources/config/policy-truststore** api truststore override. +* **oom/kubernetes/policy/charts/policy-distribution/resources/config/policy-truststore** distribution truststore override. +* **oom/kubernetes/policy/charts/policy-pap/resources/config/policy-truststore** pap truststore override. +* **oom/kubernetes/policy/charts/policy-xacml-pdp/resources/config/policy-truststore** xacml pdp truststore override. + +After these changes, follow the procedures in the :ref:`Installing or Upgrading Policy` section to make usage of +the new stores effective. + +Additional PDP-D Customizations ******************************* Credentials and other configuration parameters can be set as values @@ -119,7 +154,7 @@ information is secured appropriately before using in production. Additional customization can be applied to the PDP-D. Custom configuration goes under the "resources" directory of the drools subchart (oom/kubernetes/policy/charts/drools/resources). This requires rebuilding the policy subchart -(see section :ref:`Rebuilding and/or modifying the Policy Charts`). +(see section :ref:`Installing or Upgrading Policy`). Configuration is done by adding or modifying configmaps and/or secrets. Configmaps are placed under "drools/resources/configmaps", and @@ -145,7 +180,7 @@ To *disable AAF*, simply override the "aaf.enabled" value when deploying the hel To *override the PDP-D keystore or trustore*, add a suitable replacement(s) under "drools/resources/secrets". Modify the drools chart values.yaml with new credentials, and follow the procedures described at -:ref:`Rebuilding and/or modifying the Policy Charts` to redeploy the chart. +:ref:`Installing or Upgrading Policy` to redeploy the chart. To *disable https* for the DMaaP configuration topic, add a copy of `engine.properties `_