oom tweaks in pap configuration for pdp-x pooling

paplp_1 process is unused and causes intermittent bad
behavior when issuing healthchecks.   Since it provides
no apparent benefit integrity monitor usage has been
disabled.

preloading policies apis are executed when the PAP come up.
The PDP-Xs take longer to come up, therefore the
push-policies script causes bad interactions.   This operation
has to be triggered after all the PDP-Xs are up and properly
running, which is difficult to predict.   Therefore, it is moved
to a manual step execution. In the future, we could think of'how
perhaps execute autonomously by some other means.   It does not
currently work as is, so it is disabled, at least temporarily,

there were a couple problems with pap.conf, first the pdps hostname
need to be explicitly provided, as PAP keeps a white list of pdp hosts
that can connect to it and be served policies.   Another limitation
is the format, note the change to ";" to separate pdps, instead of ",".
Further the automatic configuration sequence is only made for 1 PDP-X,
does not work well when multiple PDP-Xs are provided, so for the first
PDP-X, the credentials need to be explicitly added, otherwise, it
denies access to PDP-Xs.

Change-Id: I5d4a9a39822c036db26e97edb594ecaaa27f80d8
Issue-ID: POLICY-768
Signed-off-by: Jorge Hernandez <jh1730@att.com>

diff --git a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
index 7b13116..8e0b882 100644 (file)
--- a/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
+++ b/kubernetes/policy/charts/pdp/resources/config/pe/pdp.conf
@@ -30,7 +30,7 @@ TOMCAT_X_MX_MB=1024
 UEB_CLUSTER=message-router
 
 REST_PAP_URL=http://{{ .Values.global.pap.nameOverride }}:{{.Values.config.papPort}}/pap/
-REST_PDP_ID=http://{{ include "common.servicename" . }}:{{.Values.service.externalPort}}/pdp/
+REST_PDP_ID=http://${{"{{"}}FQDN{{"}}"}}:{{.Values.service.externalPort}}/pdp/
 REST_PDP_CONFIG=/opt/app/policy/servers/pdp/bin/config
 REST_PDP_WEBAPPS=/opt/app/policy/servers/pdp/webapps
 REST_PDP_REGISTER=true
@@ -46,7 +46,7 @@ PDP_PAP_PDP_HTTP_PASSWORD=alpha123
 
 node_type=pdp_xacml
 resource_name=pdp_1
-dependency_groups=pdplp_1;brmsgw_1
+dependency_groups=brmsgw_1
 test_via_jmx=true
 
 #

diff --git a/kubernetes/policy/resources/config/pe/pap.conf b/kubernetes/policy/resources/config/pe/pap.conf
index 39199d7..ae9d47c 100644 (file)
--- a/kubernetes/policy/resources/config/pe/pap.conf
+++ b/kubernetes/policy/resources/config/pe/pap.conf
@@ -39,7 +39,7 @@ REST_ADMIN_REPOSITORY=repository
 REST_ADMIN_WORKSPACE=workspace
 
 # PDP related properties
-PAP_PDP_URL=http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}:{{ .Values.config.pdpPort }}/pdp/,http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}:{{ .Values.config.pdpPort }}/pdp/
+PAP_PDP_URL=http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-0.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/,testpdp,alpha123;http://{{ .Release.Name }}-{{ .Values.global.pdp.nameOverride }}-1.{{ .Values.global.pdp.nameOverride }}.{{ include "common.namespace" . }}.svc.cluster.local:{{ .Values.config.pdpPort }}/pdp/
 PAP_PDP_HTTP_USER_ID=testpdp
 PAP_PDP_HTTP_PASSWORD=alpha123
 

diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 4ab6e11..c2c9747 100644 (file)
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -65,7 +65,7 @@ debugEnabled: false
 
 # application configuration
 config:
-  preloadPolicies: true
+  preloadPolicies: false
   pdpPort: 8081
 
 # default number of instances