You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

This page is intended to establish how the Policy Design and API Flow to/from the PAP and PDP's will work to support Model Driven Control Loops in Dublin.

Policy Design

The following Policy domains will be developed to support ONAP Model Driven Control Loops in Dublin: onap.policies.monitoring, onap.policies.controlloop.operational, onap.policies.controlloop.guard and onap.policies.controlloop.coordination.

onap.policies.monitoring domain

Overarching domain that supports Policy driven DCAE microservice components used in a Control Loop. This domain will be developed using XACML PDP to support question/answer Policy Decisions during runtime for the DCAE Policy Handler. This overarching domain is used to support dynamically generated DCAE microservice component Policy Models created during Design Time using TOSCA-Lab within SDC.

onap.controlloop.operational domain

This domain supporting actor/action operational policies for control loops. This domain will be developed using the Drools PDP to support runtime Control Loop actions taken on SO/APPC/VFC/SDNC/SDNR etc. In addition, in Dublin a domain will be developed using the newly introduced Apex PDP to support Control Loops using that engine.

onap.controlloop.guard domain

This domain supports Control Loop guard policies for frequency limiting, blacklisting and min/max guards to help protect runtime Control Loops from doing harm to the network. This domain will be developed using XACML PDP to support question/answer Policy Decision during runtime for the Drools and Apex onap.controlloop.operational domain Policy Domains.

onap.controlloop.coordination domain (STRETCH)

This domain supports Control Loop Coordination policies to assist in coordinating multiple control loops during runtime. This domain will be developed using XACML PDP to support question/answer Policy Decision during runtime for the Drools onap.controlloop.operational domain Policy Domains. NOTE: Apex is optional??

PDP Deployment and registration with PAP

PDP's are deployed pre-packaged with their domains and will register those domains with the PAP when they are deployed via K8S.

The PAP will store any new PDP's and their domains in a SQL database in order to support Lifecycle State surrounding those domains such as "Safe Mode" and Policy Retirement (Stretch goals for Dublin release).

The health of those PDP's will be updated constantly by the PAP in order to alert ops teams monitoring policy, and to ensure the Policy Lifecycle API can create policies in those domains.

TODO: Scaling of the PDP's, show that in the list


After the PDPs have registered with the PAP:


http:{url}:{port}/pap/v1/pdps GET

#
# PAP - how it lists existing PDP Groups and Sub Groups and the models loaded
#
pdp_groups:
    -
        name: Control Loop runtime group
        description: ONAP Control Loop Operational and Guard policies
        subgroups:
            -
                pdp_type: drools
                instances:
                    -
                        instance: drools_1 # K8S identifier? IP??
                        models:
                            - onap.controlloop.operational
                    -
                        instance: drools_2
                        models:
                            - onap.controlloop.operational
                    -
                        instance: drools-3
                        models:
                            - onap.controlloop.operational
            -
                pdp_type: apex
                instances:
                    -
                        instance: apex_1
                        models:
                            - onap.controlloop.operational
                    -
                        instance: apex_2
                        models:
                            - onap.controlloop.operational
                    -
                        instance: apex_3
                        models:
                            - onap.controlloop.operational
            -
                pdp_type: xacml
                instances:
                    -
                        instance: xacml_1
                        models:
                            - onap.controlloop.guard
                            - onap.controlloop.coordination
                    -
                        instance: xacml_2
                        models:
                            - onap.controlloop.guard
                            - onap.controlloop.coordination

    -
        name: DCAE policy group
        subgroups:
            -
                pdp_type: xacml
                instances:
                -
                    instance: xacml_1
                    models:
                        - onap.controlloop.monitoring
                -
                    instance: xacml_2
                    models:
                        - onap.controlloop.monitoring


Policy Lifecycle API - Model query

The Policy Lifecycle API will utilize the SQL database to make GET available to applications (eg CLAMP, Integration) for determining all the available models for policy creation:

http:{url}:{port}/api/v1/models GET


{
	"policy_domains": [
		{
			"domain": "onap.monitoring",
			"id": "dublin.monitoring.base",
			"description": "This is the base domain that is used to help generate monitoring\ndomains for specific DCAE microservice models.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.operational",
			"id": "dublin.operational.drools",
			"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Drools PDP engine.\n",
			"pdp_types": [
				"drools"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.operational",
			"id": "dublin.operational.apex",
			"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Apex PDP engine.\n",
			"pdp_types": [
				"apex"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.guard",
			"id": "dublin.guard",
			"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.coordination",
			"id": "dublin.coordination",
			"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		}
	]
}


Policy Lifecycle API - Adding new DCAE microservice component domains

For Dublin, the DCAE microservice component developer will use TOSCA-LAB to generate a specific yaml for their microservice component. These can be now loaded into the policy framework using the Policy Lifecycle API using the onap.monitoring domain. TOSCA-LAB produces the following example yaml:

Example TCA DCAE microservice 
http:{url}:{port}/api/v1/domains?domain=onap.policy.monitoring PUT


tosca_definitions_version: tosca_simple_yaml_1_0_0

policy_types:
    onap.policies.Monitoring:
        derived_from: tosca.policies.Root
        description: a base policy type for all policies that govern monitoring provision

    onap.policy.monitoring.cdap.tca.hi.lo.app:
        derived_from: onap.policies.Monitoring
        properties:
            tca_policy:
                type: map

                description: TCA Policy JSON

                default: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"Mfvs_eNodeB_RANKPI","controlLoopSchemaType":"VNF","policyScope":"resource=vFirewall;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":4000,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":20000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ABATED","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":0,"direction":"EQUAL","severity":"CRITICAL"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VNF","policyScope":"resource=vLoadBalancer;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":500,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":5000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"}]}]}'

                entry_schema:

                    type: onap.datatypes.monitoring.tca_policy

data_types:

    onap.datatypes.monitoring.metricsPerEventName:

        derived_from: tosca.datatypes.Root

        properties:

            controlLoopSchemaType:

                type: string

                description: Specifies Control Loop Schema Type for the

                    event Name e.g. VNF, VM

                constraints:

                  - valid_values:

                      - VM

                      - VNF

            eventName:

                type: string

                description: Event name to which thresholds need to be

                    applied

            policyName:

                type: string

                description: TCA Policy Scope Name

            policyScope:

                type: string

                description: TCA Policy Scope

            policyVersion:

                type: string

                description: TCA Policy Scope Version

            thresholds:

                type: list

                description: Thresholds associated with eventName

                entry_schema:

                    type: onap.datatypes.monitoring.thresholds

    onap.datatypes.monitoring.tca_policy:

        derived_from: tosca.datatypes.Root

        properties:

            domain:

                type: string

                description: Domain name to which TCA needs to be applied

                default: measurementsForVfScaling

                constraints:

                  - equal: measurementsForVfScaling

            metricsPerEventName:

                type: list

                description: Contains eventName and threshold details

                    that need to be applied to given eventName

                entry_schema:

                    type: onap.datatypes.monitoring.metricsPerEventName

    onap.datatypes.monitoring.thresholds:

        derived_from: tosca.datatypes.Root

        properties:

            closedLoopControlName:

                type: string

                description: Closed Loop Control Name associated with

                    the threshold

            closedLoopEventStatus:

                type: string

                description: Closed Loop Event Status of the threshold

                constraints:

                  - valid_values:

                      - ONSET

                      - ABATED

            direction:

                type: string

                description: Direction of the threshold

                constraints:

                  - valid_values:

                      - LESS

                      - LESS_OR_EQUAL

                      - GREATER

                      - GREATER_OR_EQUAL

            fieldPath:

                type: string

                description: Json field Path as per CEF message which

                    needs to be analyzed for TCA

            severity:

                type: string

                description: Threshold Event Severity

                constraints:

                  - valid_values:

                      - CRITICAL

                      - MAJOR

                      - MINOR

                      - WARNING

                      - NORMAL

            thresholdValue:

                type: integer

                description: Threshold value for the field Path inside

                    CEF message

            version:

                type: string

                description: Version number associated with the threshold


Once this call is made, now the models query will display the following available models for policy creation, notice the new "onap.policy.monitoring.cdap.tca.hi.lo.app" domain listed.


http:{url}:{port}/api/v1/domains GET



{
	"policy_domains": [
		{
			"domain": "onap.monitoring",
			"id": "dublin.monitoring.base",
			"description": "This is the base domain that is used to help generate monitoring\ndomains for specific DCAE microservice models.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.operational",
			"id": "dublin.operational.drools",
			"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Drools PDP engine.\n",
			"pdp_types": [
				"drools"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.operational",
			"id": "dublin.operational.apex",
			"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Apex PDP engine.\n",
			"pdp_types": [
				"apex"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.guard",
			"id": "dublin.guard",
			"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		},
		{
			"domain": "onap.controlloop.coordination",
			"id": "dublin.coordination",
			"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
			"pdp_types": [
				"xacml"
			],
			"version": 1
		},
		{
			"domain": "onap.policy.monitoring.cdap.tca.hi.lo.app",
			"id": "dublin.tca",
			"description": null,
			"pdp_types": [
				"xacml"
			],
			"version": 1
		}
	]
}


Now that domain is available to CLAMP for creating concrete policies creation.

Policy Lifecycle API - Creating Monitoring Policies


http:{url}:{port}/api/v1/domains?domain=onap.policy.monitoring.cdap.tca.hi.lo.app&id=dublin.tca PUT


Using the payload in the previous code code specified exactly to the desired values.






Return payload:


PolicyId: UniqueId_1
PolicyVersion: 1




Should be able to GET


http:{url}:{port}/api/v1/domains/onap.policy.monitoring.cdap.tca.hi.lo.app/dublin.tca?PolicyId=UniqueId_1&PolicyVersion=1


Policy Lifecycle API - Creating Operational Policies



Policy Lifecycle API - Creating Guard Policies



Policy Lifecycle API - Creating Coordination Policies



PAP API - Deploying Policies



Policy Decision API - Getting Policy Decisions

Policy decisions are required by ONAP components to support the policy-driven ONAP architecture. Currently implemented using the XACML PDP.


http:{url}:{port}/decision/v1/ POST


domain=onap.policy.monitoring.cdap.tca.hi.lo.app






Pam Notes
1. PolicyId -> appending .* inside PolicyName to get any version, getConfig
2. PolicyFilter -> copy/paste of the getConfig API. Generates JSON. Had to replicate the matching of the filters
3. 

every property is stringified - must "know" which need to be parsed.






https://gerrit.onap.org/r/gitweb?p=dcaegen2/platform/policy-handler.git;a=blob;f=policyhandler/policy_rest.py;h=85dd914d5969529d28c2d365e392abe4ac174cf0;hb=HEAD

from ALEXANDER V SHATOV to Everyone:

https://gerrit.onap.org/r/gitweb?p=dcaegen2/platform/policy-handler.git;a=blob;f=policyhandler/policy_receiver.py;h=249c1f742ec19eaba46051344506d312c345ae73;hb=HEAD












  • No labels