Gitiles
Code Review Sign In
gerrit.nordix.org / onap / dcaegen2 / platform / policy-handler / ebc1a062328e53e97e4d24ed111534cfc567a809
commitebc1a062328e53e97e4d24ed111534cfc567a809[log] [tgz]
authorAlex Shatov <alexs@att.com>Thu Jan 31 16:07:48 2019 -0500
committerAlex Shatov <alexs@att.com>Thu Jan 31 16:07:48 2019 -0500
treeb0721077df349f2cee5d1a7426f4de0acc1855cb
parenta39f4e82cef0414f510cf20e25864ac04cc8f055 [diff]
4.6.0 policy-handler - active-passive

DCAEGEN2-931:
- exposed POST /reconfigure endpoint on the web-server
  that initiates the reconfigure process right away

DCAEGEN2-932:
- mode_of_operation: active or passive
  = active is as before this change
  = in passive mode the policy-handler
    * closes the web-socket to PDP
    * skips the periodic catch_ups
    * still periodically checks for reconfigure
    * still allows usig the web-server to retrieve policies from PDP
- default is active

- when mode_of_operation changes from passive to active,
  the policy-handler invokes the catch_up right away

- config-kv contains the optional override field mode_of_operation
  = changing the mode_of_operation in config-kv and invoking
    POST /reconfigure will bring the new value and change the
    mode of operation of the policy-handler if no service_activator
    section is provided in consul-kv record

- if config-kv contains the service_activator section,
  = the policy-handler registers with service_activator - untested
  = and receives the mode_of_operation - untested
  = service_activator can POST-notify the policy-handler to
    initiate the /reconfigure

- reduced the default web-socket ping interval from 180 to 30
  seconds because PDP changed its default timeout on the web-socket
  from 400 seconds to 50 seconds

Change-Id: If7dd21c008d9906aca97939be65dfa9c2f007535
Signed-off-by: Alex Shatov <alexs@att.com>
Issue-ID: DCAEGEN2-931
Issue-ID: DCAEGEN2-932
13 files changed
tree: b0721077df349f2cee5d1a7426f4de0acc1855cb
  1. etc/
  2. etc_customize/
  3. policyhandler/
  4. tests/
  5. .coveragerc
  6. .gitignore
  7. .gitreview
  8. Dockerfile
  9. INFO.yaml
  10. LICENSE.txt
  11. MANIFEST.in
  12. mvn-phase-script.sh
  13. pom.xml
  14. README.md
  15. requirements.txt
  16. run_policy.sh
  17. setup.py
  18. tox-local.ini
  19. tox.ini
  20. version.properties
README.md

ONAP DCAE policy-handler

See wiki for DCAE gen2 architecture of policy-handling by DCAE-controller

web-service for policies to be used by DCAE-Controller

  • GET /policy_latest/<policy_id> -- get the latest policy from policy-engine that is identified by policy_id

  • POST /policies_latest -- gets the latest policies that match to the policy-filter provided in the body of the request. The policy-filter mimics the body of the /getConfig on policy-engine.

    sample request - policy-filter

{
  "configAttributes": { "key1":"value1" },
  "configName": "alex_config_name",
  "onapName": "DCAE",
  "policyName": "DCAE_alex.Config_alex_.*",
  "unique": false
}
  • GET /healthcheck - returns 200 OK and current run stats
  • web-socket to policy-engine
    • receives the push notifications of the changed and removed policies from the policy-engine,
    • matches the policy-updates to policies and policy-filters found in deployment-handler,
    • retrieves the full policy-bodies of the matched policies,
    • delivers the policy-updates to deployment-handler

manual http API

  • GET /policies_latest -- get all the latest policies from policy-engine that either have the policy_id or match to the policy-filter found in deployment-handler deployments
  • GET /catch_up -- catch up with the latest state of the policy-engine
  • GET /shutdown -- shutdown the server

standalone installation

virtualenv policy_venv

cd policy_venv

source bin/activate

cd ../policy_handler

pip install -r requirements.txt

preparation to run

cd policy_venv

source bin/activate

cd ../policy_handler

local configure

local config file policy_handler/etc/config.json contains:

{
  "wservice_port" : 25577,
  "consul_url" : "http://consul:8500",
  "policy_handler" : {
    "system" : "policy_handler",
    "tls" : {
      "cert_directory" : "etc/tls/certs/",
      "cacert" : "cacert.pem",
      "private_key" : "key.pem",
      "server_cert" : "cert.pem",
      "server_ca_chain" : "ca_chain.pem"
    }
  },
  "logging" : {...}
}

Field descriptions

  • wservice_port - port of the policy-hanlder web-service
  • consul_url - optional url for the consul agent
  • policy_handler - local config for policy-handler application
    • system - general system name of the policy-handler
    • tls - tls settings for the https clients and server - required to enable tls
      • cert_directory - relative path pointing to the folder with certificates
      • cacert - file name for the ca-cert or ca-bundle file in pem format in cert_directory -- used by https clients
      • private_key - file name for the private key in cert_directory -- used by https server
      • server_cert - file name for the https server certificate file in pem format in cert_directory
      • server_ca_chain - file name for the optional https server ca-chain certificates file in pem format in cert_directory -- used when the ca-chain is not included in the server_cert file
  • logging - logging config for general logging

run

in folder policy_handler:

./run_policy.sh

customization per company

etc_customize/ folder

  • company is expected to place any company specific files required to be in the docker image in the folder etc_customize/

  • change the etc_customize/customize.sh script to perform company specific actions during docker image build

  • etc_customize/customize.sh script is expected to be overridden by company to customize docker image build

policyhandler/customize/ folder

contains CustomizerBase and Customizer classes

  • CustomizerBase defines the interface and the default=ONAP behavior

  • CustomizerBase is owned by ONAP and should not be changed by the company

  • Customizer inherits CustomizerBase

  • policy-handler instantiates Customizer to get the customized behavior

  • Customizer is owned by the company and should be changed by the company

  • ONAP is not going to change Customizer

  • the methods of Customizer are expected to be overridden by the company to change the behavior of the policy-handler

  • samples are provided for methods in Customizer class as the commented out lines

  • Company is allowed to add more files to customize/ folder if that is required for better structuring of their code as soon as it is invoked by the methods of Customizer

here is an example of customizer.py

"""contains the Customizer class with method overrides per company specification"""

from .customizer_base import CustomizerBase

class Customizer(CustomizerBase):
    """
    the Customizer class inherits CustomizerBase that is owned by ONAP

    :Customizer: class is owned by the company that needs to customize the policy-handler

    :override: any method defined in the CustomizerBase class to customize the behavior of the policy-handler
    """
    def __init__(self):
        """class that contains the customization"""
        super().__init__()

    def get_service_url(self, audit, service_name, service):
        """
        returns the service url when called from DiscoveryClient

        this is just a sample code - replace it with the real customization
        """
        service_url = super().get_service_url(audit, service_name, service)
        audit.info("TODO: customization for service_url on {0}".format(service_name))
        return service_url