Removing label reference for section not available.

[policy/parent.git] / docs / installation / oom.rst

diff --git a/docs/installation/oom.rst b/docs/installation/oom.rst
index 748a37b..cccc716 100644 (file)
--- a/docs/installation/oom.rst
+++ b/docs/installation/oom.rst
@@ -61,8 +61,8 @@ Accessing the policy docker containers is the same as for any kubernetes contain
 
   kubectl -n onap exec -it dev-policy-policy-xacml-pdp-584844b8cf-9zptx bash
 
-Rebuilding and/or modifying the Policy Charts
-*********************************************
+Installing or Upgrading Policy
+******************************
 The assumption is you have cloned the charts from the OOM repository into a local directory.
 
 **Step 1** Go into local copy of OOM charts
@@ -99,6 +99,12 @@ After deploying policy, loop on monitoring the policy pods until they come up.
   helm deploy dev-policy local/onap --namespace onap
   kubectl get pods -n onap
 
+Restarting a faulty component
+*****************************
+Each policy component can be restarted independently by issuing the following command:
+
+kubectl delete pod <policy-pod> -n onap
+
 Exposing ports
 **************
 For security reasons, the ports for the policy containers are configured as ClusterIP and thus not exposed. If you find you need those ports in a development environment, then the following will expose them.
@@ -107,7 +113,36 @@ For security reasons, the ports for the policy containers are configured as Clus
 
   kubectl -n onap expose service policy-api --port=7171 --target-port=6969 --name=api-public --type=NodePort
 
-Customizing PDP-D Installations
+Overriding certificate stores
+*******************************
+Each policy component keystore and or truststore can be overriden.   The procedure will be applicable
+to an installation that requires certificates other than the pre-packaged AAF derived ones
+that come with the official ONAP distribution.
+
+To override a default keystore, the new certificate store (policy-keystore) file should be placed at the
+appropriate helm chart locations below:
+
+* **oom/kubernetes/policy/charts/drools/resources/secrets/policy-keystore** drools pdp keystore override.
+* **oom/kubernetes/policy/charts/policy-apex-pdp/resources/config/policy-keystore** apex pdp keystore override.
+* **oom/kubernetes/policy/charts/policy-api/resources/config/policy-keystore** api keystore override.
+* **oom/kubernetes/policy/charts/policy-distribution/resources/config/policy-keystore** distribution keystore override.
+* **oom/kubernetes/policy/charts/policy-pap/resources/config/policy-keystore** pap keystore override.
+* **oom/kubernetes/policy/charts/policy-xacml-pdp/resources/config/policy-keystore** xacml pdp keystore override.
+
+In the event that the truststore (policy-truststore) needs to be overriden as well, place it at the appropriate
+location below:
+
+* **oom/kubernetes/policy/charts/drools/resources/configmaps/policy-truststore** drools pdp truststore override.
+* **oom/kubernetes/policy/charts/policy-apex-pdp/resources/config/policy-truststore** apex pdp truststore override.
+* **oom/kubernetes/policy/charts/policy-api/resources/config/policy-truststore** api truststore override.
+* **oom/kubernetes/policy/charts/policy-distribution/resources/config/policy-truststore** distribution truststore override.
+* **oom/kubernetes/policy/charts/policy-pap/resources/config/policy-truststore** pap truststore override.
+* **oom/kubernetes/policy/charts/policy-xacml-pdp/resources/config/policy-truststore** xacml pdp truststore override.
+
+After these changes, follow the procedures in the :ref:`Installing or Upgrading Policy` section to make usage of
+the new stores effective.
+
+Additional PDP-D Customizations
 *******************************
 
 Credentials and other configuration parameters can be set as values
@@ -119,7 +154,7 @@ information is secured appropriately before using in production.
 Additional customization can be applied to the PDP-D.  Custom configuration goes under the
 "resources" directory of the drools subchart (oom/kubernetes/policy/charts/drools/resources).
 This requires rebuilding the policy subchart
-(see section :ref:`Rebuilding and/or modifying the Policy Charts`).
+(see section :ref:`Installing or Upgrading Policy`).
 
 Configuration is done by adding or modifying configmaps and/or secrets.
 Configmaps are placed under "drools/resources/configmaps", and
@@ -145,7 +180,7 @@ To *disable AAF*, simply override the "aaf.enabled" value when deploying the hel
 To *override the PDP-D keystore or trustore*, add a suitable replacement(s) under
 "drools/resources/secrets".  Modify the drools chart values.yaml with
 new credentials, and follow the procedures described at
-:ref:`Rebuilding and/or modifying the Policy Charts` to redeploy the chart.
+:ref:`Installing or Upgrading Policy` to redeploy the chart.
 
 To *disable https* for the DMaaP configuration topic, add a copy of
 `engine.properties <https://git.onap.org/policy/drools-pdp/tree/policy-management/src/main/server/config/engine.properties>`_