4. Operational Policy configuration to use CDS as an actor
==========================================================
-TODO: Update the documentation once Operational Policy is made TOSCA compliant as per:
-https://wiki.onap.org/display/DW/TOSCA+Compliant+Policy+Types
+4.1 TOSCA compliant Control Loop Operational Policy to support CDS actor
+------------------------------------------------------------------------
-Until then below is how to configure the Operational Policy to use CDS as an actor using the Policy API.
+A common base TOSCA policy type for defining an operational policy is documented below:
-For integration testing use CLAMP UI to configure the Operational Policy
+* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.Common.yaml;h=fe6f974bb98a90e2e41639621ba35cc853679ee5;hb=refs/heads/guilin
-4.1 Background
---------------
-For detailed description of the Operational Policy YAML specification refer to:
+APEX PDP specific operational policy is derived from the common operational TOSCA policy type as defined in the link below:
+* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Apex.yaml;h=54b69c2d8a78ab7fd8d41d3f7c05632c4d7e433d;hb=refs/heads/guilin
-* https://gerrit.onap.org/r/gitweb?p=policy/drools-applications.git;a=blob;f=controlloop/common/policy-yaml/README-v2.0.0.md;h=eadaf658a52eac0d0cf6603025ef8b4c760f553b;hb=refs/heads/guilin
-* https://wiki.onap.org/display/DW/Control+Loop+Operational+Policy
+Drools PDP specific operational policy is also derived from the common operational TOSCA policy type and is defined in the link below:
+* https://gerrit.onap.org/r/gitweb?p=policy/models.git;a=blob;f=models-examples/src/main/resources/policytypes/onap.policies.controlloop.operational.common.Drools.yaml;h=69d73db5827cb6743172f9e0b1930eca8ba4ec0c;hb=refs/heads/guilin
-4.2 Control Loop Operational Policy YAML to use the CDS actor
--------------------------------------------------------------
+For integration testing CLAMP UI can be used to configure the Operational Policy.
-Below is a template for configuring the Operational Policy to use CDS as an actor.
+E.g. Sample Operational Policy definition for vFW usecase to use CDS as an actor:
.. code-block:: bash
- controlLoop:
- version: 2.0.0
- controlLoopName: {{Unique ID for the Control Loop, must match one of the IDs defined in the list of policies below}}
- trigger_policy: {{ID of operation policy defined below to specify which policy to trigger first}}
- timeout: {{Overall timeout for the Control loop Operational policy}}
- abatement: false
- policies:
- - id: {{ID of the Operation policy}}
- name: {{Name of the Operation policy}}
- description: {{Description of the Operation policy}}
- actor: {{Identifies the actor of choice for remediation, in this case: CDS}}
- recipe: {{Identifies the CDS action-name}}
- target:
- resourceID: {{SDC resource ID: E.g. modelInvariant ID of the vFW generic VNF; empty for PNF}}
- type: {{Identifies the type of target, possible values: VNF, PNF}}
- payload:
- artifact_name: {{Name of the blueprint to execute if CDS is the actor}}
- artifact_version: {{Version of the blueprint to execute if CDS is the actor}}
- mode: async
- data: {{Additional static data required by the blueprint if CDS is the actor}}
- retry: 0
- timeout: {{Timeout in seconds for the actor to perform the operation}}
- success: final_success
- failure: final_failure
- failure_timeout: final_failure_timeout
- failure_retries: final_failure_retries
- failure_exception: final_failure_exception
- failure_guard: final_failure_guard
-
-E.g. Sample Operational Policy YAML for vFW usecase:
-
-.. code-block:: bash
-
- controlLoop:
- version: 2.0.0
- controlLoopName: ControlLoop-vFirewall-7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
- trigger_policy: unique-policy-id-1-modifyConfig
- timeout: 60
- abatement: false
- policies:
- - id: unique-policy-id-1-modifyConfig
- name: modifyconfig-cds-actor
- description:
- actor: CDS
- recipe: modify-config
- target:
- resourceID: 7e4fbe9c-d612-4ec5-bbf8-605aeabdb677
- type: VNF
- payload:
- artifact_name: vFW-CDS
- artifact_version: 1.0.0
- data: '{"active-streams":"7"}'
- retry: 0
- timeout: 30
- success: final_success
- failure: final_failure
- failure_timeout: final_failure_timeout
- failure_retries: final_failure_retries
- failure_exception: final_failure_exception
- failure_guard: final_failure_guard
-
-4.3 API to configure the Control Loop Operational policy
+ tosca_definitions_version: tosca_simple_yaml_1_1_0
+ topology_template:
+ policies:
+ - operational.modifyconfig.cds:
+ type: onap.policies.controlloop.operational.common.Drools
+ type_version: 1.0.0
+ version: 1.0.0
+ metadata:
+ policy-id: operational.modifyconfig.cds
+ properties:
+ id: ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a
+ timeout: 1200
+ abatement: false
+ trigger: unique-policy-id-1-modifyConfig
+ operations:
+ - id: unique-policy-id-1-modifyConfig
+ description: Modify the packet generator
+ operation:
+ actor: CDS
+ operation: ModifyConfig
+ target:
+ targetType: VNF
+ entityId:
+ resourceID: bbb3cefd-01c8-413c-9bdd-2b92f9ca3d38
+ payload:
+ artifact_name: vfw-cds
+ artifact_version: 1.0.0
+ mode: async
+ data: '{"active-streams":"7"}'
+ timeout: 300
+ retries: 0
+ success: final_success
+ failure: final_failure
+ failure_timeout: final_failure_timeout
+ failure_retries: final_failure_retries
+ failure_exception: final_failure_exception
+ failure_guard: final_failure_guard
+ controllerName: usecases
+
+4.2 API to configure the Control Loop Operational policy
--------------------------------------------------------
-Once the YAML is built, we need to encode it in order to embed it into the payload to configure the operational policy.
-Assuming the YAML is saved into a file by name "policy.yaml", use the below script to encode the spaces and tabs:
-
-.. code-block:: bash
-
- #!/usr/env/bin python3
- import urllib
- with open('policy.yaml') as f:
- v = f.read()
- v = urllib.quote_plus(v)
- print(v)
+4.2.1 Policy creation
+*********************
-The encoded YAML data from the above step needs to be substituted into the following payload template to create
-the operational policy.
+Policy API endpoint is used to create policy i.e. an instance of the TOSCA compliant Operational policy type.
+E.g. For vFW usecase the policy-type is "onap.policies.controlloop.operational.common.Drools".
-Note: In the below rest endpoint, the hostname points to K8S service "policy-api" and internal port 6969.
+In the below rest endpoint, the hostname points to K8S service "policy-api" and internal port 6969.
.. code-block:: bash
- curl -X POST \
- https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies \
- -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \
- -H 'Accept: application/json' \
- -H 'Content-Type: application/json' \
- -d '{
- "policy-id" : "operational.modifyconfig",
- "content" : "$encoded_yaml_data"
- }'
-
-The response to this rest endpoint returns something like below:
+ curl POST 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \
+ -H 'Accept: application/json' \
+ -H 'Content-Type: application/json' \
+ -H 'Authorization: Basic aGVhbHRoY2hlY2s6ZmlyZWFudHNfZGV2QHBvbGljeSE=' \
+ -d '{$vfw-tosca-policy}
-.. code-block:: bash
+Note: In order to create an operational policy when using APEX PDP use the policy-type:
+"onap.policies.controlloop.operational.common.Apex".
- {
- "policy-id": "operational.modifyconfig",
- "policy-version": "1",
- "content": "$data"
- }
+4.2.2 Policy deployment to PDP
+******************************
-To run the below request, for policy-version use the response above into the format "${policy-version_from_last_call}.0.0")
-Note: In the rest endpoint URI, the hostname points to the service "policy-pap" and internal port 6969.
+Policy PAP endpoint is used in order to deploy the policy to the appropriate PDP instance.
+In the rest endpoint URI, the hostname points to the service "policy-pap" and internal port 6969.
.. code-block:: bash
- curl -X POST \
- https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps/policies \
- -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \
- -H 'Accept: application/json' \
- -H 'Content-Type: application/json' \
- -d '{
- "policies": [
- {
- "policy-id": "operational.modifyconfig",
- "policy-version": "1.0.0"
- }
- ]
+ curl POST 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps/deployments/batch' \
+ -H 'Content-Type: application/json' \
+ -H 'Accept: application/json' \
+ -H 'Authorization: Basic {$auth}' \
+ -d '{
+ "groups": [
+ {
+ "name": "defaultGroup",
+ "deploymentSubgroups": [
+ {
+ "pdpType": "drools",
+ "action": "POST",
+ "policies": [{
+ "name": "operational.modifyconfig.cds",
+ "version": "1.0.0"
+ }]
+ }
+ ]
+ }
+ ]
}'
To view the configured policies use the below REST API.
.. code-block:: bash
- curl -X GET \
- https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies/operational.modifyconfig \
- -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' \
- -H 'Content-Type: application/json' \
+ curl GET 'https://{$POLICY_API_URL}:{$POLICY_API_SERVICE_PORT}/policy/api/v1/policytypes/onap.policies.controlloop.operational.common.Drools/versions/1.0.0/policies/operational.modifyconfig/versions/1.0.0' \
+ -H 'Accept: application/json' \
+ -H 'Authorization: Basic {$auth}'
+
+.. code-block:: bash
+
+ curl --location --request GET 'https://{$POLICY_PAP_URL}:{$POLICY_PAP_SERVICE_PORT}/policy/pap/v1/pdps' \
+ -H 'Accept: application/json' \
+ -H 'Authorization: Basic {$auth}'
Code Review / policy / parent.git / commitdiff