Versions Compared

Old Version 21

changes.mady.by.user Liam Fallon

Saved on

compared with

New Version 22

changes.mady.by.user Liam Fallon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This document describes the ONAP Policy Framework. It lays out the architecture of the framework and specifies the APIs provided to other components that interwork with the framework. It describes the implementation of the framework, mapping out the components, software strucure, and execution ecosystem of the framework. It goes on to provide examples that illustrate how to write, deploy, and run policies of various types using the framework.

Table of Contents

1. Overview

The ONAP Policy Framework is a comprehensive policy design, deployment, and execution environment. The Policy Framework is the decision making component in an ONAP system. It allows you to specify, deploy, and execute the governance of the features and functions in your ONAP system, be they closed loop, orchestration, or more traditional open loop use case implementations. The Policy Framework is the component that is the source of truth for all policy decisions.

...

2.1 Policy Design Architecture

See Pamela Dragosh's presentation from Santa Clara, especially the workflow/state diagram for policy design/test/certification
ONAP Beijing Release Developer Forum, Dec. 11-13, 2017, Santa Clara, CA US

  • Model Driven Service Design that captures Policies during Design Time

...

The platform that could can policy models organically and not require any development work. The Policy GUI should be to interpret any TOSCA Model ingested and flexibly present a GUI for a user to create policies from.

Policy Model/Template/Rule Development and Orchestration - Pamela Dragosh 

Policies that are expressed via natural language or a model require some development work ahead of time for them to be translated into runtime policies. Some Policy Domains will be setup and available in the platform during startup such as Control Loop Operational Policy Models, OOF placement Models, DCAE microservice models. Policy Model/Template/Rule Development is done by an experienced developer.

Policy models/templates/rules will be stored in a Nexus OSS Repository which has the ability to support all major package types and has the flexibility to be configured for various environments such as development vs production. Thus, the production environment can be configured in a strict manner to allow only artifacts being pulled from specific repositories and block other repositories. While the development environment can be separately configured so offline development/testing can be performed with or without production policies.

Model Development
Template Development
Rule Development

TODO: How does an Policy get updated? How the nexus is going to work? How does template development work?

2.2 Policy Deployment Architecture

...

  • Inter-PDP protocol is the protocol that instances of any PDP type can use to communicate with each other to manage state and deployment
  • Intra-PDP protocol is the protocol that instances of a particular PDP type use to communicate with each other, to manage state and deployment
  • Load balancing of events towards PDP pools could be done with DMaap using the underlying Kafka consumer group mechanisms

PEP Registration and Enforcement Guidelines - Pamela Dragosh

How do we set that up?

How do we ensure the API's allow flexibility for getting policy decisions?

PDP specific? May not relevant to drools or apex?

https://ericsson.github.io/apex-docs/policy-guide/pg-policy-matrix.html

3. APIs Provided by the Policy Framework and how to use them

...

PAP to all PDPs in PDP group

Deploy PolicyDeploy a policy artifact version taken from Nexus to all PDPs in the PDP group
Retire PolicyRemove a policy artifact from all PDPs in the PDP group
Activate Policy in Safe ModeActivate a policy version in safe mode, no updates made to the network/system
Activate Policy in Live ModeActivate a policy version running live
Upgrade PolicyReplace an active policy with a more recent version of the same policy
Rollback PolicyReplace an active policy with an older version of the same policy


  • Update of policies across PDPs in a PDP group use "eventually consistent" semantics, transactions or ACID semantics will not be supported
  • Event though PDPs could listen or monitor Nexus for updates to policies, the PAP should be the component responsible for deciding if and what policy upgrades are propagated to the entire PDP group.

PDP Group Admin in PAP

Create PDP groupDefine the parameters for the PDP group including the type of PDP
Update PDP groupChange the parameters of the PDP group
Delete PDP group-
Add PDP to PDP GroupAdd a PDP to the PDP group, is the PDP spun up separately or does the PAP initiate the spinning up of the PDP?
Update PDP in PDP groupUpdate parameters of the PDP in the PDP group
Remove PDP from PDP group-
  • Can a PDP be in more than one PDP group??? .....I hope not!
  • We'll assume a single PAP for now.

...

PAP to all PDPs in PDP group

Modify Policy Parameters*Change the parameters of a policy
Get StatusReport on the state of the policy artifacts running in the PDPs
Get StateReport on the execution status of the policies running on the PDPs
  • *A policy may be parameterized. There are two ways to handle this
    • Combine a raw policy into a parameterized policy and deploy the parameterized policy at run time
    • Have the raw policy and its parameters as separate artifacts and deploy them separately
    • Do not consider the parameters as an artifact but allow them to be modified directly by users setting them using an interface towards the PAP at run time

Policy Execution (Users to PDP Group pr PDP)

Execute policy on PDP group synchronouslyRun a policy on any PDP in a PDP group and await the response
Execute policy on PDP group asynchronouslyRun a policy on any PDP in a PDP group, fire and forget
Execute policy on PDP synchronously**Run a policy on a specific PDP and await the response (Deprecate)
Execute policy on PDP asynchronously**Run a policy on a specific PDP, fire and forget (Deprecate)
  • **Applications using the Policy Framework should not be aware of specific PDPs, we should only support this behaviour for existing users and deprecate this usage.
  • Load Balancing across PDP group......Stateless PDPs no problem.....set up stateful transfer between PDPs if supported....Address specific PDPs

...

  • Database off PAP (PDPs report back to PAP, don’t access database directly)
  • Database could be replaced by/interchangeable with some ONAP persistence system (DMaaP or DCAE)?


Image Added

Observations

  • Policy-core has definitions of the Policy protocols and the interfaces for all the interactions between the policy components. It doesn’t have much functional code, it’s mainly the model of the system and to enforce the overall structure and interactions in the system. Some of the current engine goes in there. Implementation of the protocols is in this modules including the Inter-PDP protocol and the generic parts of the Intra-PDP protocol
  • PAP functionality extended to do life cycle monitoring and run time monitoring of PDPs, moves out of engine to separate git repository. The Deployment and Monitoring could be separate modules
  • Generic PDP functionality is in a separate PDP module, the current generic PDP functionality moves there and is extended to provide generic model driven PDP support for arbitrary PDPs
  • PDP-X specific functionality goes to the PDP-X module
  • PDP-D and BRMSGW combined in PDP-D (PDP-D related functions in engine and the current drools-pdp combined)
  • The drools-applications module generalized to provide interfaces for all the Policy Framework including arbitrary PDPs towards the other ONAP components in the Policy Interactions module. This must have a mechanism to allow model-driven interactions, in other words define interfaces at run time rather than at design time in Java or JAXB.
  • All persistence is In the Policy Persistence module in order to keep persistence nastiness out of the other modules, state from PDPs can be persisted by reading state over the Policy Management Protocol. The Policy Management Protocol could use Distributed Hash Maps to share state with Persistence.
  • All PDP implementations specialize the generic interfaces from Policy-core and PDP and can extend the Intra-PDP protocol with PDP-specific support, for example for state and context sharing
  • Not much thought gone into the Portal as yet except that it will use REST interfaces for interactions.

4.1 Policy Design Implementation

...

5. Writing, Deploying, and Running Policies

...

How to create policies (how the customers use the platform) - Chenfei Gao will collect details on this regarding current problems

5.1 Writing a policy

...

5.2 Deploying a Policy

...

5.3 Running a Policy

6. The PDP SDK: Designing and Deploying your own PDP

PDP Microservice Architecture??

TODO: How to build your own PDP and/or how to extend existing PDP.

TOOD: How a PDP expresses its capabilities and configurability

6.1 Configuring the ONAP PDPs

6.2 Customizing the ONAP PDPs

6.3 Developing your own PDP

7. Summary and Conclusions

7. Terminology

...

8. Terminology

PAP (Policy Administration Point)A component that administers and manages policies
PDP (Policy Deployment Point)A component that executes a policy artifact (One or many?)
PDP_<>A specific type of PDP
PDP GroupA group of PDPs that execute the same (set of?) policy artifact(s)
Policy DevelopmentThe development environment for policies
ProtoPolicyA generic policy that may or may not be executable
DomainPolicyA specialization of a generic policy for application to a specific domain
PolicyParametersParameters that configure a policy for execution in a PDP group
Executable PolicyA policy that can be stored in Nexus and can execute on a certain type of PDP. An executable policy is a parameterized proto policy or domain policy
Executable Policy SetA set of policies that are deployed on a PDP group. One and only one Policy Set is deployed on a PDP group

9. References