docs/platform/cookbook.rst - onap/policy/engine - Gitiles


 .. This work is licensed under a Creative Commons Attribution 4.0 International License.
 .. http://creativecommons.org/licenses/by/4.0

 ***************
 Policy Cookbook
 ***************

 Openstack Heat Installation - Policy VM/Docker Recipes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     .. code-block:: bash
        :caption: Get the latest images in an already setup policy VM
        :linenos:

         /opt/policy_vm_init.sh


     .. code-block:: bash
        :caption: Install/start docker policy containers with no policies preloaded
        :linenos:

         echo "PRELOAD_POLICIES=false" > /opt/policy/.env
         /opt/policy_vm_init.sh


     .. code-block:: bash
        :caption: Install/start docker policy containers with policies preloaded
        :linenos:

         # This is the current default mode of instantiation.
         # These operations are unnecessary unless PRELOAD_POLICIES
         # was previously set to true

         echo "PRELOAD_POLICIES=true" > /opt/policy/.env
         /opt/policy_vm_init.sh


     .. code-block:: bash
        :caption: Access the PDP-D container as the policy user
        :linenos:

         docker exec -it drools bash


     .. code-block:: bash
        :caption: Access the PDP-X container as the policy user
        :linenos:

         docker exec -it -u 0 pdp su - policy


     .. code-block:: bash
        :caption: Access the BRMSGW container as the policy user
        :linenos:

         docker exec -it -u 0 brmsgw su - policy


     .. code-block:: bash
        :caption: Access PAP container as the policy user
        :linenos:

         docker exec -it -u 0 pap su - policy


     .. code-block:: bash
        :caption: Access the CONSOLE container the a policy user
        :linenos:

         docker exec -it -u 0 console su - policy


     .. code-block:: bash
        :caption: Command line Healthcheck invokation
        :linenos:

         source /opt/app/policy/config/feature-healthcheck.conf.environment
         curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
              -X GET https://localhost:6969/healthcheck | python -m json.tool


 OOM Installation - Policy Kubernetes Recipes
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     .. code-block:: bash
        :caption: List the policy pods
        :linenos:

         kubectl get pods -n onap -o wide | grep policy


     .. code-block:: bash
        :caption: Access the PAP container
        :linenos:

         kubectl exec -it <pap-pod> -c pap -n onap bash


     .. code-block:: bash
        :caption: Access a PDPD-D container
        :linenos:

         # <policy-deployment-prefix> depends on the deployment configuration

         kubectl exec -it <policy-deployment-prefix>-drools-0 -c drools -n onap bash


     .. code-block:: bash
        :caption: Access the PDP container
        :linenos:

         # <policy-deployment-prefix> depends on the deployment configuration

         kubectl exec -it <policy-deployment-prefix>-pdp-0 -c drools -n onap bash


     .. code-block:: bash
        :caption: Push Default Policies
        :linenos:

         kubectl exec -it <pap-pod> -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /tmp/policy-install/config/push-policies.sh"


     .. code-block:: bash
        :caption: Standalone Policy Web UI URL access
        :linenos:

         http://<pap-vm>:30219/onap/login.htm


 PDP-D Recipes (inside the "drools" container)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     .. code-block:: bash
        :caption: Stop the PDP-D
        :linenos:

         policy stop


     .. code-block:: bash
        :caption: Start the PDP-D
        :linenos:

         policy start


     .. code-block:: bash
        :caption: Manual Healthcheck Invokation
        :linenos:

         source ${POLICY_HOME}/config/feature-healthcheck.conf
         curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
              -X GET https://localhost:6969/healthcheck | python -m json.tool


     .. code-block:: bash
        :caption: Start a telemetry shell
        :linenos:

         telemetry


     .. code-block:: bash
        :caption: See all the configured loggers
        :linenos:

        curl -k --silent --user "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
             https://localhost:9696/policy/pdp/engine/tools/loggers


     .. code-block:: bash
        :caption: See the logging level for a given logger (for example the network logger):
        :linenos:

        curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
             https://localhost:9696/policy/pdp/engine/tools/loggers/network


     .. code-block:: bash
        :caption: Modify the logging level for a given logger (for example the network logger):
        :linenos:

        curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
             -X PUT https://localhost:9696/policy/pdp/engine/tools/loggers/network/WARN


 PAP Recipes (inside the "pap" container)
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

     .. code-block:: bash
        :caption: Bypass Portal Authentication with the Policy Web UI
        :linenos:

         edit: /opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/portal.properties
         comment out: #role_access_centralized = remote
         restart pap: policy.sh stop; policy.sh start;


     .. code-block:: bash
        :caption: Access the Policy Web UI without going through the Portal UI
        :linenos:

        https://<pap-vm>:8443/onap/login.htm  (Heat)
        https://<pap-vm>:30219/onap/login.htm  (Kubernetes)


 End of Document

 .. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/Policy+Cookbook

	.. This work is licensed under a Creative Commons Attribution 4.0 International License.
	.. http://creativecommons.org/licenses/by/4.0

	***************
	Policy Cookbook
	***************

	Openstack Heat Installation - Policy VM/Docker Recipes
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	.. code-block:: bash
	:caption: Get the latest images in an already setup policy VM
	:linenos:

	/opt/policy_vm_init.sh


	.. code-block:: bash
	:caption: Install/start docker policy containers with no policies preloaded
	:linenos:

	echo "PRELOAD_POLICIES=false" > /opt/policy/.env
	/opt/policy_vm_init.sh


	.. code-block:: bash
	:caption: Install/start docker policy containers with policies preloaded
	:linenos:

	# This is the current default mode of instantiation.
	# These operations are unnecessary unless PRELOAD_POLICIES
	# was previously set to true

	echo "PRELOAD_POLICIES=true" > /opt/policy/.env
	/opt/policy_vm_init.sh


	.. code-block:: bash
	:caption: Access the PDP-D container as the policy user
	:linenos:

	docker exec -it drools bash


	.. code-block:: bash
	:caption: Access the PDP-X container as the policy user
	:linenos:

	docker exec -it -u 0 pdp su - policy


	.. code-block:: bash
	:caption: Access the BRMSGW container as the policy user
	:linenos:

	docker exec -it -u 0 brmsgw su - policy


	.. code-block:: bash
	:caption: Access PAP container as the policy user
	:linenos:

	docker exec -it -u 0 pap su - policy


	.. code-block:: bash
	:caption: Access the CONSOLE container the a policy user
	:linenos:

	docker exec -it -u 0 console su - policy


	.. code-block:: bash
	:caption: Command line Healthcheck invokation
	:linenos:

	source /opt/app/policy/config/feature-healthcheck.conf.environment
	curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
	-X GET https://localhost:6969/healthcheck \| python -m json.tool


	OOM Installation - Policy Kubernetes Recipes
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	.. code-block:: bash
	:caption: List the policy pods
	:linenos:

	kubectl get pods -n onap -o wide \| grep policy


	.. code-block:: bash
	:caption: Access the PAP container
	:linenos:

	kubectl exec -it <pap-pod> -c pap -n onap bash


	.. code-block:: bash
	:caption: Access a PDPD-D container
	:linenos:

	# <policy-deployment-prefix> depends on the deployment configuration

	kubectl exec -it <policy-deployment-prefix>-drools-0 -c drools -n onap bash


	.. code-block:: bash
	:caption: Access the PDP container
	:linenos:

	# <policy-deployment-prefix> depends on the deployment configuration

	kubectl exec -it <policy-deployment-prefix>-pdp-0 -c drools -n onap bash


	.. code-block:: bash
	:caption: Push Default Policies
	:linenos:

	kubectl exec -it <pap-pod> -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /tmp/policy-install/config/push-policies.sh"


	.. code-block:: bash
	:caption: Standalone Policy Web UI URL access
	:linenos:

	http://<pap-vm>:30219/onap/login.htm


	PDP-D Recipes (inside the "drools" container)
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	.. code-block:: bash
	:caption: Stop the PDP-D
	:linenos:

	policy stop


	.. code-block:: bash
	:caption: Start the PDP-D
	:linenos:

	policy start


	.. code-block:: bash
	:caption: Manual Healthcheck Invokation
	:linenos:

	source ${POLICY_HOME}/config/feature-healthcheck.conf
	curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
	-X GET https://localhost:6969/healthcheck \| python -m json.tool


	.. code-block:: bash
	:caption: Start a telemetry shell
	:linenos:

	telemetry


	.. code-block:: bash
	:caption: See all the configured loggers
	:linenos:

	curl -k --silent --user "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
	https://localhost:9696/policy/pdp/engine/tools/loggers


	.. code-block:: bash
	:caption: See the logging level for a given logger (for example the network logger):
	:linenos:

	curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
	https://localhost:9696/policy/pdp/engine/tools/loggers/network


	.. code-block:: bash
	:caption: Modify the logging level for a given logger (for example the network logger):
	:linenos:

	curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
	-X PUT https://localhost:9696/policy/pdp/engine/tools/loggers/network/WARN


	PAP Recipes (inside the "pap" container)
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

	.. code-block:: bash
	:caption: Bypass Portal Authentication with the Policy Web UI
	:linenos:

	edit: /opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/portal.properties
	comment out: #role_access_centralized = remote
	restart pap: policy.sh stop; policy.sh start;


	.. code-block:: bash
	:caption: Access the Policy Web UI without going through the Portal UI
	:linenos:

	https://<pap-vm>:8443/onap/login.htm (Heat)
	https://<pap-vm>:30219/onap/login.htm (Kubernetes)


	End of Document

	.. SSNote: Wiki page ref. https://wiki.onap.org/display/DW/Policy+Cookbook