restart:
on-failure:3
environment:
+ RUNTIME_USER: runtimeUser
+ RUNTIME_PASSWORD: zb!XztG34
+ SQL_HOST: postgres
+ SQL_PORT: 5432
+ SQL_USER: policy_user
+ SQL_PASSWORD: policy_user
+ TOPIC_COMM_INFRASTRUCTURE: kafka
+ ALLOW_TRACING: true
+ PROMETHEUS_PORT: 6969
OTEL_SERVICE_NAME: acm-r
OTEL_EXPORTER_OTLP_PROTOCOL: http/protobuf
OTEL_EXPORTER_OTLP_TRACES_PROTOCOL: http/protobuf
OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4318
+ OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED: true
JAVA_TOOL_OPTIONS: >-
-Dlogging.config="/opt/app/policy/clamp/etc/logback.xml"
-Dcom.sun.management.jmxremote.rmi.port=9090
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.local.only=false
- -Dotel.java.global-autoconfigure.enabled=true
- SPRING_CONFIG_LOCATION: /opt/app/policy/clamp/etc/AcRuntimeParameters.yaml
- # Tracing can be configured for grpc or http - default is http
- #OTEL_EXPORTER_OTLP_PROTOCOL: grpc
- #OTEL_EXPORTER_OTLP_TRACES_PROTOCOL: grpc
- #OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4317
volumes:
- - ./config/clamp/AcRuntimeParameters.yaml:/opt/app/policy/clamp/etc/AcRuntimeParameters.yaml
- ./config/clamp/logback.xml:/opt/app/policy/clamp/etc/logback.xml:ro
healthcheck:
- test: "curl --fail --silent http://localhost:6969/onap/policy/clamp/acm/health/readiness | grep UP || exit 1"
+ test: "curl --fail --silent http://localhost:6969/onap/policy/clamp/acm/actuator/health/readiness | grep UP || exit 1"
interval: 30s
timeout: 10s
retries: 5
restart:
on-failure:3
environment:
+ RUNTIME_USER: runtimeUser
+ RUNTIME_PASSWORD: zb!XztG34
+ SQL_HOST: postgres
+ SQL_PORT: 5432
+ SQL_USER: policy_user
+ SQL_PASSWORD: policy_user
+ TOPIC_COMM_INFRASTRUCTURE: kafka
+ ALLOW_TRACING: true
+ PROMETHEUS_PORT: 6969
OTEL_SERVICE_NAME: acm-r
OTEL_EXPORTER_OTLP_PROTOCOL: http/protobuf
OTEL_EXPORTER_OTLP_TRACES_PROTOCOL: http/protobuf
OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4318
+ OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED: true
JAVA_TOOL_OPTIONS: >-
-Dlogging.config="/opt/app/policy/clamp/etc/logback.xml"
-Dcom.sun.management.jmxremote.rmi.port=9090
-Dcom.sun.management.jmxremote.local.only=false
-Dotel.java.global-autoconfigure.enabled=true
SPRING_PROFILES_ACTIVE: ${CLAMP_PROFILE:-default}
- SPRING_CONFIG_LOCATION: /opt/app/policy/clamp/etc/application.yaml
- # Tracing can be configured for grpc or http - default is http
- #OTEL_EXPORTER_OTLP_PROTOCOL: grpc
- #OTEL_EXPORTER_OTLP_TRACES_PROTOCOL: grpc
- #OTEL_EXPORTER_OTLP_ENDPOINT: http://jaeger:4317
volumes:
- - ./config/clamp/AcRuntimeParameters.yaml:/opt/app/policy/clamp/etc/application.yaml
- ./config/clamp/logback.xml:/opt/app/policy/clamp/etc/logback.xml:ro
healthcheck:
- test: "curl --fail --silent http://localhost:6969/onap/policy/clamp/acm/health/readiness | grep UP || exit 1"
+ test: "curl --fail --silent http://localhost:6969/onap/policy/clamp/acm/actuator/health/readiness | grep UP || exit 1"
interval: 30s
timeout: 10s
retries: 5
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2024-2025 OpenInfra Foundation Europe. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-spring:
- application:
- name: acm-r
- security:
- user:
- name: runtimeUser
- password: zb!XztG34
- http:
- converters:
- preferred-json-mapper: gson
- datasource:
- url: jdbc:postgresql://postgres:5432/clampacm
- driverClassName: org.postgresql.Driver
- username: policy_user
- password: policy_user
- hikari:
- connectionTimeout: 30000
- idleTimeout: 600000
- maxLifetime: 1800000
- maximumPoolSize: 10
- jpa:
- hibernate:
- ddl-auto: none
- naming:
- physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
- properties:
- hibernate:
- format_sql: true
-
-security:
- enable-csrf: false
-
-server:
- servlet:
- context-path: /onap/policy/clamp/acm
- port: 6969
- ssl:
- enabled: false
- error:
- path: /error
-
-runtime:
- topics:
- operationTopic: policy-acruntime-participant
- syncTopic: acm-ppnt-sync
- participantParameters:
- heartBeatMs: 20000
- maxStatusWaitMs: 150000
- maxOperationWaitMs: 200000
- topicParameterGroup:
- topicSources:
- -
- topic: ${runtime.topics.operationTopic}
- servers:
- - ${topicServer:kafka:9092}
- topicCommInfrastructure: kafka
- fetchTimeout: 15000
- useHttps: false
- additionalProps:
- group.id: policy-clamp-runtime-acm
- allowTracing: true
- topicSinks:
- -
- topic: ${runtime.topics.operationTopic}
- servers:
- - ${topicServer:kafka:9092}
- topicCommInfrastructure: kafka
- allowTracing: true
- useHttps: false
- -
- topic: ${runtime.topics.syncTopic}
- servers:
- - ${topicServer:kafka:9092}
- topicCommInfrastructure: kafka
- useHttps: false
- allowTracing: true
- acmParameters:
- toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
- toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
- enableEncryption: true
-
-management:
- tracing:
- propagation:
- produce: B3
- sampling:
- probability: 1.0
- endpoints:
- web:
- base-path: /
- exposure:
- include: health, metrics, prometheus
- endpoint:
- health:
- access: unrestricted
- show-details: always
- probes:
- enabled: true
- show-components: always
-
-metrics:
- security:
- disabled: false
-
-# Tracing can be configured for grpc or http - default is http
-tracing:
- enabled: true
- exporter:
- endpoint: http://jaeger:4318/v1/traces
- protocol: http
-# protocol: grpc
- sampler:
- jaeger-remote:
- endpoint: http://jaeger:14250
-
----
-# legacy config
-
-spring:
- config:
- activate:
- on-profile: legacy
-runtime:
- participantParameters:
- heartBeatMs: 20000
- maxStatusWaitMs: 150000
- topicParameterGroup:
- topicSources:
- -
- topic: policy-acruntime-participant
- servers:
- - ${topicServer:kafka:9092}
- topicCommInfrastructure: kafka
- fetchTimeout: 15000
- useHttps: false
- topicSinks:
- -
- topic: policy-acruntime-participant
- servers:
- - ${topicServer:kafka:9092}
- topicCommInfrastructure: kafka
- useHttps: false
- acmParameters:
- toscaElementName: org.onap.policy.clamp.acm.AutomationCompositionElement
- toscaCompositionName: org.onap.policy.clamp.acm.AutomationComposition
password: "zb!XztG34"
- job_name: "acm-metrics"
- metrics_path: "/onap/policy/clamp/acm/prometheus"
+ metrics_path: "/onap/policy/clamp/acm/actuator/prometheus"
static_configs:
- targets:
- "compose-policy-clamp-runtime-acm-replica-1:6969"
HealthcheckAcm
[Documentation] Healthcheck on Clamp Acm
${auth}= ClampAuth
- ${resp}= MakeGetRequest ACM ${POLICY_RUNTIME_ACM_IP} onap/policy/clamp/acm/health ${auth}
+ ${resp}= MakeGetRequest ACM ${POLICY_RUNTIME_ACM_IP} onap/policy/clamp/acm/actuator/health ${auth}
Should Be Equal As Strings ${resp.status_code} 200
HealthcheckParticipantSim
${session}= Create Session policy http://${POLICY_RUNTIME_ACM_IP} auth=${auth}
${resp}= PUT On Session policy /onap/policy/clamp/acm/v2/participants
Log Received response from runtime acm ${resp.text}
- Should Be Equal As Strings ${resp.status_code} 202
\ No newline at end of file
+ Should Be Equal As Strings ${resp.status_code} 202
ValidateResponseTimeForHealthcheck
[Documentation] Validate component healthcheck response time
- ValidateResponseTimeForClamp /health GET
+ ValidateResponseTimeForClamp /actuator/health GET
ValidateResponseTimeQueryAcDefinition
[Documentation] Validate query AC Definitions response time
+++ /dev/null
-# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024-2025 OpenInfra Foundation Europe. All rights reserved.
-# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-# SPDX-License-Identifier: Apache-2.0
-# ============LICENSE_END=========================================================
-
-spring:
- application:
- name: {{ .Values.applicationName }}
- security:
- user:
- name: ${RUNTIME_USER}
- password: ${RUNTIME_PASSWORD}
- http:
- converters:
- preferred-json-mapper: gson
- datasource:
- url: jdbc:postgresql://{{ .Values.db.service.name }}:{{ .Values.db.service.internalPort }}/clampacm
- driverClassName: org.postgresql.Driver
- username: ${SQL_USER}
- password: ${SQL_PASSWORD}
- hikari:
- connectionTimeout: 30000
- idleTimeout: 600000
- maxLifetime: 1800000
- maximumPoolSize: 10
- jpa:
- hibernate:
- ddl-auto: none
- naming:
- physical-strategy: org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl
- properties:
- hibernate:
- format_sql: true
-
-security:
- enable-csrf: false
-
-metrics:
- security:
- disabled: false
-
-server:
- port: 6969
- servlet:
- context-path: /onap/policy/clamp/acm
- error:
- path: /error
- ssl:
- enabled: false
-
-runtime:
- topics:
- operationTopic: policy-acruntime-participant
- syncTopic: acm-ppnt-sync
- participantParameters:
- heartBeatMs: {{ .Values.runtime.participantParameters.heartBeatMs }}
- maxStatusWaitMs: {{ .Values.runtime.participantParameters.maxStatusWaitMs }}
- maxOperationWaitMs: {{ .Values.runtime.participantParameters.maxOperationWaitMs }}
- topicParameterGroup:
- topicSources:
- -
- topic: policy-acruntime-participant
- servers:
- - {{ .Values.global.kafkaServer }}:9092
- topicCommInfrastructure: kafka
- useHttps: false
- fetchTimeout: 15000
- allowTracing: {{ include "policy-clamp-runtime-acm.jaeger-enabled" . }}
- additionalProps:
- group.id: policy-clamp-runtime-acm
- topicSinks:
- -
- topic: ${runtime.topics.operationTopic}
- servers:
- - {{ .Values.global.kafkaServer }}:9092
- topicCommInfrastructure: kafka
- useHttps: false
- allowTracing: {{ include "policy-clamp-runtime-acm.jaeger-enabled" . }}
- -
- topic: ${runtime.topics.syncTopic}
- servers:
- - {{ .Values.global.kafkaServer }}:9092
- topicCommInfrastructure: kafka
- allowTracing: {{ include "policy-clamp-runtime-acm.jaeger-enabled" . }}
- useHttps: false
- acmParameters:
- toscaElementName: {{ .Values.customNaming.toscaElementName }}
- toscaCompositionName: {{ .Values.customNaming.toscaCompositionName }}
- enableEncryption: true
-
-management:
- tracing:
- propagation:
- produce: [{{ .Values.jaeger.producer.type }}]
- sampling:
- probability: {{ .Values.jaeger.sampling.probability }}
- endpoints:
- web:
- base-path: /
- exposure:
- include: health, metrics, prometheus
- endpoint:
- health:
- access: unrestricted
- show-details: always
- probes:
- enabled: true
- show-components: always
-
-tracing:
- enabled: {{ .Values.jaeger.enabled }}
- exporter:
- endpoint: "{{ .Values.jaeger.collector.host }}:{{ include "policy-clamp-runtime-acm.exporter-port" . }}"
- protocol: {{ .Values.jaeger.collector.protocol }}
- sampler:
- jaeger-remote:
- endpoint: "{{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}"
#!/usr/bin/env sh
#
# ============LICENSE_START=======================================================
-# Copyright (C) 2024 Nordix Foundation.
+# Copyright (C) 2024,2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# ============LICENSE_END=========================================================
#
-KEYSTORE="${KEYSTORE:-$POLICY_HOME/etc/ssl/policy-keystore}"
-TRUSTSTORE="${TRUSTSTORE:-$POLICY_HOME/etc/ssl/policy-truststore}"
-KEYSTORE_PASSWD="${KEYSTORE_PASSWD:-Pol1cy_0nap}"
-TRUSTSTORE_PASSWD="${TRUSTSTORE_PASSWD:-Pol1cy_0nap}"
-
-if [ "$#" -eq 1 ]; then
- CONFIG_FILE=$1
-fi
-
-if [ -z "$CONFIG_FILE" ]; then
- CONFIG_FILE="${POLICY_HOME}/etc/AcRuntimeParameters.yaml"
-fi
-
-echo "Policy clamp runtime acm config file: $CONFIG_FILE"
-
-if [ -f "${POLICY_HOME}/etc/mounted/policy-truststore" ]; then
- echo "overriding policy-truststore"
- cp -f "${POLICY_HOME}"/etc/mounted/policy-truststore "${TRUSTSTORE}"
-fi
-
-if [ -f "${POLICY_HOME}/etc/mounted/policy-keystore" ]; then
- echo "overriding policy-keystore"
- cp -f "${POLICY_HOME}"/etc/mounted/policy-keystore "${KEYSTORE}"
-fi
-
if [ -f "${POLICY_HOME}/etc/mounted/logback.xml" ]; then
echo "overriding logback xml file"
cp -f "${POLICY_HOME}"/etc/mounted/logback.xml "${POLICY_HOME}"/etc/
$JAVA_HOME/bin/java \
-Dlogging.config="${POLICY_HOME}/etc/logback.xml" \
- -Dserver.ssl.keyStore="${KEYSTORE}" \
- -Dserver.ssl.keyStorePassword="${KEYSTORE_PASSWD}" \
- -Djavax.net.ssl.trustStore="${TRUSTSTORE}" \
- -Djavax.net.ssl.trustStorePassword="${TRUSTSTORE_PASSWD}" \
-Dcom.sun.management.jmxremote.rmi.port=9090 \
-Dcom.sun.management.jmxremote=true \
-Dcom.sun.management.jmxremote.port=9090 \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.local.only=false \
-Dotel.java.global-autoconfigure.enabled=true \
- -jar /app/app.jar \
- --spring.config.location="${CONFIG_FILE}"
+ -jar /app/app.jar
+++ /dev/null
-#!/bin/sh
-{{/*
-# Copyright © 2022 Nordix Foundation
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-*/}}
-
-mysql() { /usr/bin/mysql -h ${MYSQL_HOST} -P ${MYSQL_USER} "$@"; };
-
-for db in migration pooling policyadmin policyclamp operationshistory clampacm
-do
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "CREATE DATABASE IF NOT EXISTS ${db};"
- mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "GRANT ALL PRIVILEGES ON \`${db}\`.* TO '${MYSQL_USER}'@'%' ;"
-done
-
-mysql -uroot -p"${MYSQL_ROOT_PASSWORD}" --execute "FLUSH PRIVILEGES;"
{{/*
# ============LICENSE_START=======================================================
-# Copyright (C) 2022-2025 Nordix Foundation.
+# Copyright (C) 2022-2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
name: {{ .Chart.Name }}-db-secret
key: password
- - name: RUNTIME_USER
- valueFrom:
- secretKeyRef:
- name: {{ .Chart.Name }}-runtime-secret
- key: login
-
- - name: RUNTIME_PASSWORD
- valueFrom:
- secretKeyRef:
- name: {{ .Chart.Name }}-runtime-secret
- key: password
-
volumeMounts:
- mountPath: /config-input
name: ac-runtime-config
image: {{ .Values.global.repository }}/{{ .Values.global.image.runtimeacm }}
imagePullPolicy: {{ .Values.global.pullPolicy }}
command: ["/opt/app/policy/clamp/bin/acm-runtime.sh"]
- args: ["/opt/app/policy/clamp/etc/mounted/acRuntimeParameters.yaml"]
- {{- $jaegerEnabled := tpl "policy-clamp-ac-a1pms-ppnt.jaeger-enabled" . | trimSuffix "\n" -}}
- {{- if $jaegerEnabled }}
env:
+ - name: RUNTIME_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-runtime-secret
+ key: login
+ - name: RUNTIME_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-runtime-secret
+ key: password
+ - name: SQL_HOST
+ value: {{ .Values.db.service.name }}
+ - name: SQL_PORT
+ value: {{ .Values.db.service.internalPort | quote }}
+ - name: SQL_USER
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: login
+ - name: SQL_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Chart.Name }}-db-secret
+ key: password
+ - name: SERVER_PORT
+ value: {{ .Values.service.ports.port | quote }}
+ - name: TOPIC_COMM_INFRASTRUCTURE
+ value: kafka
+ - name: KAFKA_SERVER
+ value: "{{ .Values.global.kafkaServer }}:9092"
+ - name: TOSCA_ELEMENT_NAME
+ value: {{ .Values.customNaming.toscaElementName }}
+ - name: TOSCA_COMPOSITION_NAME
+ value: {{ .Values.customNaming.toscaCompositionName }}
+ - name: PROMETHEUS_PORT
+ value: {{ .Values.service.ports.port | quote }}
+ {{- $jaegerEnabled := tpl "policy-clamp-runtime-acm.jaeger-enabled" . | trimSuffix "\n" -}}
+ {{- if $jaegerEnabled }}
+ - name: ALLOW_TRACING
+ value: "true"
+ - name: JAEGER_PRODUCER_TYPE
+ value: {{ .Values.jaeger.producer.type | quote }}
+ - name: JAEGER_SAMPLING_PROBABILITY
+ value: {{ .Values.jaeger.sampling.probability | quote }}
+ - name: TRACING_EXPORTER_ENDPOINT
+ value: {{ .Values.jaeger.collector.host }}:{{ include "policy-clamp-runtime-acm.exporter-port" . }}
+ - name: TRACING_EXPORTER_PROTOCOL
+ value: {{ .Values.jaeger.collector.protocol }}
+ - name: TRACING_SAMPLER_ENDPOINT
+ value: "{{ .Values.jaeger.collector.host }}:{{ .Values.jaeger.collector.portJaegerGrpc }}"
- name: OTEL_SERVICE_NAME
value: {{ .Values.applicationName }}
- name: OTEL_EXPORTER_OTLP_PROTOCOL
value: {{ include "policy-clamp-runtime-acm.jaeger-protocol" . }}
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: {{ printf "%s:%s" (.Values.jaeger.collector.host) (include "policy-clamp-runtime-acm.exporter-port" .) }}
+ - name: OTEL_JAVA_GLOBAL_AUTOCONFIGURE_ENABLED
+ value: "true"
{{- end }}
ports:
- containerPort: {{ .Values.service.ports.port }}
- name: http-api
+ name: runtime-api
# disable liveness probe when breakpoints set in debugger
# so K8s doesn't restart unresponsive container
{{- if eq .Values.liveness.enabled true }}
# ============LICENSE_START=======================================================
-# Copyright (C) 2022,2024-2025 OpenInfra Foundation Europe. All rights reserved.
+# Copyright (C) 2022,2024-2026 OpenInfra Foundation Europe. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# necessary to disable liveness probe when setting breakpoints
# in debugger so K8s doesn't restart unresponsive container
enabled: true
- port: http-api
+ port: runtime-api
readiness:
initialDelaySeconds: 120
periodSeconds: 10
failureThreshold: 10
- port: http-api
+ port: runtime-api
service:
type: NodePort
name: policy-clamp-runtime-acm
useNodePortExt: true
ports:
- name: http-api
+ name: runtime-api
port: 6969
nodePort: 30442
sampling:
probability: "1.0"
producer:
- type: B3,W3C,B3_MULTI
+ type: "[B3,W3C,B3_MULTI]"
collector:
protocol: grpc
host: "http://jaeger"
#
# ===========LICENSE_START====================================================
-# Copyright (C) 2023 Nordix Foundation.
+# Copyright (C) 2023,2026 OpenInfra Foundation Europe. All rights reserved.
# Modifications Copyright 2025 Deutsche Telekom
# ============================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
password: "zb!XztG34"
- job_name: "acm-metrics"
- metrics_path: "/onap/policy/clamp/acm/prometheus"
+ metrics_path: "/onap/policy/clamp/acm/actuator/prometheus"
static_configs:
- targets:
- "policy-clamp-runtime-acm:6969"
Code Review / policy / docker.git / commitdiff