There are two configuration files for A1 Policy Management Service, config/application_configuration.json and config/application.yaml
The first (config/application_configuration.json) contains configuration needed by the application, such as which near-RT-RICs, controller, or DMaaP topic to use. (Note using/configuring DMaaP is deprecated, and will be removed)
The second (config/application.yaml) contains logging and security configurations.
Note: Version numbers used in this page may not be the most recent ... you should verify the latest version numbers for released pre-built components in the docker image repository (https://nexus3.onap.org)
Static configuration - Settings that cannot be changed at runtime (application.yaml)
The file ./config/application.yaml is read by the application at startup. It provides the following configurable features:
server; configuration for the WEB server- used port for HTTP/HTTPS, this is however not the port numbers visible outside the container
- SSL parameters for setting up using of key store and trust store databases.
webclient; configuration parameters for a web client used by the component
- SSL parameters for setting up using of key store and trust store databases.
- Usage of HTTP Proxy; if configured, the proxy will be used for accessing the near-RT-RICs
logging; setting of of which information that is logged.filepath; the local path to a file used for "Dynamic configuration" (if used). See next chapter.
For details about the parameters in this file, see documentation in the file.
(A sample static config file can be found in the repo: application.yaml (london))
#
# ============LICENSE_START=======================================================
# ONAP : ccsdk oran
# ================================================================================
# Copyright (C) 2020-2023 Nordix Foundation. All rights reserved.
# ================================================================================
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# SPDX-License-Identifier: Apache-2.0
# ============LICENSE_END=========================================================
#
spring:
profiles:
active: prod
main:
allow-bean-definition-overriding: true
aop:
auto: false
management:
endpoints:
web:
exposure:
# Enabling of springboot actuator features. See springboot documentation.
include: "loggers,logfile,health,info,metrics,threaddump,heapdump,shutdown"
endpoint:
shutdown:
enabled: true
lifecycle:
timeout-per-shutdown-phase: "20s"
springdoc:
show-actuator: true
logging:
# Configuration of logging
level:
ROOT: ERROR
org.springframework: ERROR
org.springframework.data: ERROR
org.springframework.web.reactive.function.client.ExchangeFunctions: ERROR
org.springframework.web.servlet.DispatcherServlet: ERROR
org.onap.ccsdk.oran.a1policymanagementservice: INFO
pattern:
console: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] [%thread] %logger{20} - %msg%n"
file: "%d{yyyy-MM-dd HH:mm:ss.SSS} [%-5level] [%thread] %logger{20} - %msg%n"
file:
name: /var/log/policy-agent/application.log
server:
# Configuration of the HTTP/REST server. The parameters are defined and handeled by the springboot framework.
# See springboot documentation.
port : 8433
http-port: 8081
shutdown: "graceful"
ssl:
key-store-type: JKS
key-store-password: policy_agent
key-store: /opt/app/policy-agent/etc/cert/keystore.jks
key-password: policy_agent
key-alias: policy_agent
# trust-store-password:
# trust-store:
app:
# Location of the component configuration file.
filepath: /opt/app/policy-agent/data/application_configuration.json
webclient:
# Configuration of the trust store used for the HTTP client (outgoing requests)
# The file location and the password for the truststore is only relevant if trust-store-used == true
# Note that the same keystore as for the server is used.
trust-store-used: false
trust-store-password: policy_agent
trust-store: /opt/app/policy-agent/etc/cert/truststore.jks
# Configuration of usage of HTTP Proxy for the southbound accesses.
# The HTTP proxy (if configured) will only be used for accessing NearRT RICs (or A1 Adapter) southbound.
# proxy-type can be either HTTP, SOCKS4 or SOCKS5
http.proxy-host:
http.proxy-port: 0
http.proxy-type: HTTP
# path where the service can store data. This parameter is not relevant if S3 Object store is configured.
vardata-directory: /var/policy-management-service
# the config-file-schema-path referres to a location in the jar file. If this property is empty or missing,
# no schema validation will be executed.
config-file-schema-path: /application_configuration_schema.json
# A file containing an authorization token, which shall be inserted in each HTTP header (authorization).
# If the file name is empty, no authorization token is sent.
auth-token-file:
# A URL to authorization provider such as OPA. Each time an A1 Policy is accessed, a call to this
# authorization provider is done for access control. If this is empty, no fine grained access control is done.
authorization-provider:
# S3 object store usage is enabled by defining the bucket to use. This will override the vardata-directory parameter.
s3:
endpointOverride: http://localhost:9000
accessKeyId: minio
secretAccessKey: miniostorage
bucket:
See also London - Configuration of Certs
Dynamic configuration - Settings that can be changed at runtime (application_configuration.json or REST)
The component has configuration that can be updated in runtime. This configuration can either be loaded from a file (accessible from the container) or using the Configuration REST API. The configuration is re-read and refreshed at regular intervals.
The configuration includes:
controller : Optional A1 Controller configuration, e.g. an SDNC instance (with A1-Adapter)name : for use later in the configurationbaseUrl : the URL of the A1 controller (e.g. SDNC + A1 Adapter)userName & password : to configure security parameters to access to the controller- The A1 Policy Management service can entirely by-pass the A1-Controller (SDNC + A1 Adapter) if desired - it is optional to access the near-RT-RIC through an A1-Controller.
In the configuration the "controller" property is optional in the "ric" objects (below)
If all configured rics bypass the A1-Controller (do not have "controller" values) then the "controller" object at the top of the configuration can be omitted.
If all configured rics bypass the A1-Controller there is no need to start an A1-Controller.
There is no functional gain in accessing the near-RT-RIC through an A1-Controller.
ric : One entry for each near-RT-RIC, which includes:name : a friendly name to refer to the near-RT-RICbaseUrl : The base URL of the A1 interface endpoint in the near-RT-RIC.managedElementIds : A optional list of identifiers that near-RT-RIC is using. An application can query the A1 Policy Management Service to retrieve "RIC" instance associated with these identiefiers. (e.g. cells, sectors, locations, etc.) .controller : An optional reference to the controller to use, or excluded if the near-RT-RIC can be accessed directly from this A1 Policy Management Service.customAdapterClass :- An optional java class name to be used for the southbound interface towards the near-RT-RIC. If this is not given the PMS will automatically discover the A1-P API version supported by the near-RT-RIC.
This parameter can be used for explicitly defining a class to be used. See the example below using the "customAdapterClass" property. The class used has to be in the class path of the built container.
This means that the A1-PMS can be extended to support any protocol towards the near-RT-RIC without changing its implementation.
On how to implement such an adapter class, see the source code and the actual class referred to in the configuration example below.
- DMaaP configuration: Optional. Used if the A1 Policy Management Service is configured to send/receive API calls over a DMaaP topic:
streams_subscribes : Information on the DMaaP topic to receive API requestsstreams_publishes : Information on the DMaaP topic to publish API responses- Note: Support for accessing the service using DMaaP is deprecated, and will be removed.
For details about the syntax of the file, there is an example in source code repository /config/application_configuration.json (london). This file is also included in the docker container /opt/app/policy-agent/data/application_configuration.json_example.
Sample JSON Configuration
A sample configuration is included below.
(Note the configuration below is just a sample, and should be updated to match particular deployments.
The deployment below assumes an A1 Controller function (SDNC) exists - addressable at the url given, using the authentication credentials given, with 4 'RIC's urls specified, and that the specified DMaaP topics are available.)
{
"description": "Application configuration",
"config": {
"controller": [
{
"name": "controller1",
"baseUrl": "http://sdnc_controller:8181",
"userName": "admin",
"password": "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"
}
],
"ric": [
{
"name": "ric1",
"baseUrl": "http://ric1:8085/",
"managedElementIds": [
"kista_1",
"kista_2" ]
},
{
"name": "ric2",
"baseUrl": "http://ric2:8085/",
"customAdapterClass": "org.onap.ccsdk.oran.a1policymanagementservice.clients.StdA1ClientVersion2$Factory",
"managedElementIds": [
"kista_3",
"kista_4"
]
},
{
"name": "ric3",
"baseUrl": "http://ric3:8085/",
"controller": "controller1",
"managedElementIds": [
"kista_5",
"kista_6"
]
},
{
"name": "ric4",
"baseUrl": "http://ric4:8085/",
"controller": "controller1",
"managedElementIds": [
"kista_7",
"kista_8",
"kista_9",
"kista_10",
"kista_11"
]
}
]
},
"streams_publishes": {
"dmaap_publisher": {
"type": "message_router",
"dmaap_info": {
"topic_url": "http://admin:admin@localhost:6845/events/A1-POLICY-AGENT-WRITE"
}
}
},
"streams_subscribes": {
"dmaap_subscriber": {
"type": "message_router",
"dmaap_info": {
"topic_url": "http://admin:admin@localhost:6845/events/A1-POLICY-AGENT-READ/users/policy-agent?timeout=15000&limit=100"
}
}
}
}
JSON Schema for the application configuration
The configuration must comply to the following JSON schema. There are several publicly available tools (e.g. online) where it is possible to validate JSON objects against their schema.
The schema is available in the gerrit repo : application_configuration_schema.json (london)
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"config": {
"type": "object",
"properties": {
"//description": {
"type": "string"
},
"description": {
"type": "string"
},
"controller": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"baseUrl": {
"type": "string"
},
"userName": {
"type": "string"
},
"password": {
"type": "string"
}
},
"required": [
"name",
"baseUrl",
"userName",
"password"
],
"additionalProperties": false
}
]
},
"ric": {
"type": "array",
"items": [
{
"type": "object",
"properties": {
"name": {
"type": "string"
},
"baseUrl": {
"type": "string"
},
"controller": {
"type": "string"
},
"customAdapterClass" : {
"type": "string"
},
"managedElementIds": {
"type": "array",
"items": [
{
"type": "string"
},
{
"type": "string"
}
]
}
},
"required": [
"name",
"baseUrl",
"managedElementIds"
],
"additionalProperties": false
}
]
},
"streams_publishes": {
"type": "object",
"properties": {
"dmaap_publisher": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"dmaap_info": {
"type": "object",
"properties": {
"topic_url": {
"type": "string"
}
},
"required": [
"topic_url"
],
"additionalProperties": false
}
},
"required": [
"type",
"dmaap_info"
],
"additionalProperties": false
}
},
"required": [
"dmaap_publisher"
],
"additionalProperties": false
},
"streams_subscribes": {
"type": "object",
"properties": {
"dmaap_subscriber": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"dmaap_info": {
"type": "object",
"properties": {
"topic_url": {
"type": "string"
}
},
"required": [
"topic_url"
],
"additionalProperties": false
}
},
"required": [
"type",
"dmaap_info"
],
"additionalProperties": false
}
},
"required": [
"dmaap_subscriber"
],
"additionalProperties": false
}
},
"required": [
"ric"
],
"additionalProperties": false
}
},
"required": [
"config"
]
}
