There will be two ways to initiate a POMBA Audit
- Manually calling the REST API
- Automatically by ensuring an end of transaction event is sent as part of SO flows (future)
Either way, results will available via the report (POMBA Reporting) or directly via DMaap Event (POMBA DMaaP)
Manual Audits
A manual audit can be triggered by calling the POMBA REST API with the following parameters as JSON in the body of a POST request to data-router/v1/orchestration-event-service/orchestration-event
- serviceInstanceList
- Model-version-id
- Model-invariant-id
- Service-instance-id
Currently manual Rest API triggering requires sending client certificate along with https request to satisfy 2 way SSL handshake protocol.
Https is the only supported option at this point with the above certs. http is not available for audit initiation.
If the request is well-formed and valid, a response of 200 (OK) will be returned and the audit will return in the background
See also POMBA Audit Initiation Swagger
To set up POMBA Network Discovery to talk to Openstack, please see Network Discovery Context Builder
Automatic Audits
The ultimate goal is to have SO send an end of transaction event once is has completed it workflow. POMBA would listen for these events, and trigger an audit as appropriate. This event and the work to listen for it is not confirmed in Casablanca.
The following JIRA was raised to track the work required in SO to enable automatic audits
11 Comments
Brian Freeman
Can you provide example json and the full uri for an OOM installation.
Its not clear how the results are returned and the format of the results.
I would like to add this as a ROBOT step as part of heat bridge.
Sharon Chisholm
Brian
I plan to formally define the Swagger for this API to make how to call it a bit clearer. Not sure about the OOM installation part of your question, but I can ask the team to see if that changes the answer. Note the results of the Audit don't come back to the REST request, but are sent later via DMaaP. You could consume that message. We also take that message and store it and make it accessible via Kabana, but if you want to trigger action off a simple pass/fail, DMaaP might be the best option.
Brian Freeman
ONAP doesn't currently support DMaaP/DataRouter so I assume you mean DMaaP/MessageRouter - what topic are the results returned on ?
Geora Barsky
Brian Freeman
This is the URI to initiate audit process: /data-router/v1/orchestration-event-service/orchestration-event
The json input will be in this format:
{ "serviceInstanceList": [
{ "serviceInstanceId": "c6456519-6acf-4adb-997c-3c363dd4caaf",
"modelVersionId": "d3d6cf83-d03a-43cc-99ff-206d40bb9a72",
"modelInvariantId": "0c5a20de-87ad-442c-9190-f38ab0a6bb7f"
} ]
}
As Sharon mentioned the POST request sent to the above URI will result only in "201" http response code, which means that the audit initiation event has been posted. The results of the audit will be available either via Kibana UI or via consuming the event from the relevant DMaaP topic
Geora Barsky
Yes, the result will be published into Message Router , the topic is POMBA-AUDIT-RESULT
Brian Freeman
Thanks this is very helpful
Brian Freeman
I tried to post to pomba-data-router and got back either a that combination of host and port requires TLS or no response
http://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event (resposne says requires TLS)
https://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event (no response and I think I accepted the cert)
NodePort 30249
Has it changed ?
Brian Freeman
curl -vv --insecure -H "Content-Type:application/json" \
-H "Accept-type:application/json" \
-H "X-ONAP-RequestID:bdftest001" \
-H "X-FromAppId:VID" \
-X POST \
-d '{ "serviceInstanceList": [ { "serviceInstanceId": "13eec017-759a-4808-bc29-ff9f45ded0bd", "modelVersionId": "78eaeb93-9107-48e4-8241-be418af451a1", "modelInvariantId": "ccbd8951-8deb-4c0a-b44a-737347c405a6" } ] }' \
https://pomba-data-router.onap:9502/data-router/v1/orchestration-event-service/orchestration-event
returned bad certificate from robot to pomba-data-router
Geora Barsky
Hi Brian,
pomba data-outer is implemented to support 2-way SSL handshake, which means that client call should attach client certificate to pass the authentication.
in ONAP it is client-cert-onap.p12 . I have generated CURL required pem files based on that p12 certificate
they are attached client-cert-onap.crt.pemclient-cert-onap.key.pem
Could you give a try running the same curl request as above and appending " --cert client-cert-onap.crt.pem --key client-cert-onap.key.pem "
Brian Freeman
To run test:
"service-instance-id": "6e723ec3-aa87-4221-aaa8-634a09ab21ae",
"service-instance-name": "Service_Ete_Name5f57df69-ad41-4ec9-be81-12841e93b1ad",
"environment-context": "General_Revenue-Bearing",
"workload-context": "Production",
"model-invariant-id": "00252ded-cd7c-4c4c-bad9-5a9b3af3d570",
"model-version-id": "26bb54fd-2813-433f-9d93-cdf807fa7e44",
POST https://{{pomba_dr_port}}/data-router/v1/orchestration-event-service/orchestration-event
{ "serviceInstanceList": [
{ "serviceInstanceId": "6e723ec3-aa87-4221-aaa8-634a09ab21ae",
"modelVersionId": "00252ded-cd7c-4c4c-bad9-5a9b3af3d57",
"modelInvariantId": "26bb54fd-2813-433f-9d93-cdf807fa7e44"
} ]
}
Should consider an option to only provide the service-instance-id since we are deriving other from that key.
Shashikanth VH
GET request operation time = 60159 ms for link = http://pomba-sdcctxbuilder:9530/sdccontextbuilder/service/context?serviceInstanceId=ac8cea58-c0b6-4d22-b5d6-7ba3e882ea39&modelVersionId=93e0c77d-0f4a-4e8b-b22e-d2f509e64597&modelInvariantId=cf1e530e-fe53-4eb7-8df9-2b43bd302229|
request at url = http://pomba-sdcctxbuilder:9530/sdccontextbuilder/service/context?serviceInstanceId=ac8cea58-c0b6-4d22-b5d6-7ba3e882ea39&modelVersionId=93e0c77d-0f4a-4e8b-b22e-d2f509e64597&modelInvariantId=cf1e530e-fe53-4eb7-8df9-2b43bd302229 resulted in http response: 500 Internal Server Error|
ERROR org.onap.pomba.contextaggregator.rest.RestRequest Failed to retrieve model data for sdc, reason: Error during GET operation to AAI with message = java.net.SocketTimeoutException: connect timed out
I am getting failure from sdcContextBuilder, how to resolve this issue ?