POMBA Definition
What is POMBA - Post Orchestration Model Based Audit
Architecture Intent
High level view of POMBA components
Design
Design Principles
- Reusable Components
POMBA is developed based on microservices-based architecture to ensure pluggable capability into other Data Integrity sub-system
POMBA uses other microservices initially designed for A&AI component promoting them as a platform modules.
- Event-Driven
POMBA is event-driven application to ensure auditing without affecting existing systems.
- Extensibility
POMBA is implemented based on Context Builders Framework to ensure that core audit process is decoupled from the target system integration specifics.
Sequence Diagrams
Process Flow
- Service Instantiation completion event is published
- Context Aggregator receives the event
- Context Aggregator initiates calls to various Context Builders to get normalized data from platform components.
- Context Aggregated payload is published into event bus
- Rule Processing engine receives that event and activates audit rules processing
- The result of audit rules processing is published into Event Bus
- Audit Result payload is consumed by synapse service
- The result is inserted into data storage / ES via search service
- Reporting tool such as Kibana displays the data
Sub-Components
POMBA leverages context builders approach to provide pluggable framework of accessing various ONAP components to retrieve the data.
It allows to encapsulate the complexity of reaching a component as well as implement the mapping and transformation component’s related data to common model consumed by audit process.
SDC Context Builder
The purpose of SDC Context Builder is to encapsulate the complexity of interaction with SDC component .
High level view of SDC Context Builder mS:
A&AI Context Builder
The purpose of A&AI Context Builder is to encapsulate the complexity of interaction with A&AI component .
High level view of A&AI Context Builder mS:
See also AAI Context Builder
SDN-C Context Builder
SDN-C Context Builder is aimed to encapsulate the functionality of accessing SDN-C via RESTful APIs and transform the data into common model structure used by audit process.
Network Discovery Context Builder
The Network Discovery Context Builder is aimed to encapsulate the functionality of accessing the Openstack API via RESTful APIs and transform the data into common model structure used by audit process.
Context Aggregator
Context Aggregator is a microservice that orchestrates the calls to various context builders which are pluggable into POMBA upon receiving the Orchestration Completion Event from Message Router.
Context Aggregator is configured to subscribe to the Message Router topic.
Once new event is published – Context Aggregator executes series of RESTFull GET requests to various context builders to obtain a data (service model / service instance / VNF instance) stored in component data stores in a common model format, aggregates these payloads into one payload structures and publishes that payload into Message Router.
Validation Service + Rule Processing
Validation service is a core A&AI microservice which implements a rule processing engine.
POMBA configures and deploys its own instance of validation service that consumes and publishes to POMBA topics in DMaaP.
Audit rules are stored in groovy format file. The files are injected into a service and rules are processed by the engine.
Currently audit rules are hand crafted, but eventually will be sourced from well formed ASDC models and from Data Dictionary. Existing rules are listed here.
POMBA will eventually support the mechanism of separating rules from validation service code, thereby allowing rule updates without a rebuild or restart of the validation service.
The text of the message displayed for each violation will be kept separately to allow text change without touching the code
Search Data Service
The Search Service microservice was created to be an abstraction layer above indexable storage engine (i.e Elasticsearch).
Using search data service allows to leverage any search & storage engine (currently it supports Elasticsearch).
All requests which result in Elasticsearch CRUD (Create, Read, Update, Delete) operations should be made to SDS using its API, at which point SDS will convert the requests to align with Elasticsearch's API and forward them on.
DMaaP
See POMBA DMaaP
Deployment Model
Containers
| ID | Name | port | NodePort | pod dependencies | Attributes | ONAP referencing dependencies Incoming API | ONAP ref dependencies Outgoing API | Notes |
|---|---|---|---|---|---|---|---|---|
| 1 | pomba-data-router | 9502 | 30249 | dmaap, pomba-search-data | /data-router/v1/orchestration-event-service/orchestration-event | dmaap APIs, /services/search-data-service/v1/search/indexes | ||
| 2 | pomba-search-data | 9509 | n/a | elastic-search | /services/search-data-service/v1/search/indexes | elasticSearch APIs | ||
| 3 | pomba-es | 9200 | n/a | n/a | n/a | n/a | ||
| 4 | pomba-aaictxbuilder | 9530 | n/a | aai:8443 | /aaicontextbuilder/service/context | A&AI APIs | ||
| 5 | pomba-sdncctxbuilder | 9530 | n/a | aai:8443 sdnc:8282 | /sdnccontextbuilder/service/context | SDN-GC APIs | ||
| 6 | pomba-sdcctxbuilder | 9530 | n/a | sdc-be:8443 | /sdccontextbuilder/service/context | SDC BE APIs | ||
| 7 | pomba-contextaggregator | n/a | n/a | pomba-aaictxbuilder:9530 pomba-sdcctxbuilder:9530 pomba-sdncctxbuilder:9530 dmaap | dmaap APIs | dmaap APIs | ||
| 8 | pomba-validation-service | 9529 | n/a | dmaap | dmaap APIs | dmaap APIs | ||
| 9 | 9540 | DCAE, Vertica DB ? | /<serviceContext>/service/context | |||||
| 10 | pomba-networkdiscoveryctxbuilder | 9530 | n/a | pomba-networkdiscovery:9530 pomba-servicedecomposition:9532 | /ndcontextbuilder/service/context | |||
| 11 | pomba-networkdiscovery | 9531 | 30299 | n/a | /network-discovery/v1/network/resource | Openstack APIs | ||
| 12 | pomba-servicedecomposition | 9532 | n/a | aai:8443 | /service-decomposition/service/context | |||
| 13 | pomba-kibana | 5601 | 30234 | q |
3 Comments
Guobiao Mo
I wonder if it is simpler/better that Context Builders publish data directly to event bus for Validation to consume? Further, if Context Builders get instructions from event bus, we can even eliminate Context Aggregator.
Geora Barsky
Hi Guobiao
The idea was to avoid interaction between context builders and event bus, so context builders should implement only the logic related to communication with the particular component and handle a data transformation
Context Aggregator is the abstract orchestration layer to control the flow to context builders
Hope it makes sense
Pierre Rioux
Also, the intent for POMBA's use of Validation rules is to compare attributes between different components of ONAP (ex: SDC vs AAI). It would make things overly complicated if Validation had to correlate individual contexts from DMaaP before executing rules.