This page is intended to establish how the Policy Design and API Flow to/from the PAP and PDP's will work to support Model Driven Control Loops in Dublin.
The following Policy will be developed to support ONAP Model Driven Control Loops in Dublin: . The models will be defined as TOSCA models. The schemas for the TOSCA models will ultimately be defined by the modeling team but for now are defined by the Policy Framework project.
Overarching model that supports Policy driven DCAE microservice components used in a Control Loops. The implementation that supports this model will be developed using XACML PDP to support question/answer Policy Decisions during runtime for the DCAE Policy Handler. The implementation of this Model will be used to support dynamically generated DCAE microservice component Policy Models created during Design Time using TOSCA-Lab within SDC.
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
onap.policy.monitoring.mydcaecomponent:
derived_from: onap.policies.Monitoring
properties:
mydcaecomponent_policy:
type: map
description: The Policy Body I need
entry_schema:
type: onap.datatypes.monitoring.mydatatype
data_types:
onap.datatypes.monitoring.mydatatype:
derived_from: tosca.datatypes.Root
properties:
my_property_1:
type: string
description: A description of this property
constraints:
- valid_values:
- value example 1
- value example 2
This model is used to support actor/action operational policies for control loops. There will be 2 available model implementations for this schema: 1) Existing Drools PDP to support runtime Control Loop actions taken on SO/APPC/VFC/SDNC/SDNR etc; 2) New implementation using the Apex PDP to support Control Loops.
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.controlloop.Operation:
derived_from: tosca.policies.Root
description: Operational Policy for Control Loops
This model supports Control Loop guard policies for frequency limiting, blacklisting and min/max guards to help protect runtime Control Loop Actions from doing harm to the network. This model will be developed using XACML PDP to support question/answer Policy Decisions during runtime for the Drools and Apex onap.controlloop.Operational Policy Model implementations.
The base schema is defined as such:
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
onap.policy.controlloop.guard.frequencylimiter:
derived_from: onap.policies.controlloop.Guard
description: Supports limiting the frequency of actions being taken by a Actor.
properties:
frequency_policy:
type: map
description:
entry_schema:
type: onap.datatypes.guard.frequencylimiter
data_types:
onap.datatypes.guard.frequencylimiter:
derived_from: tosca.datatypes.Root
properties:
actor:
type: string
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_window:
type: scalar-unit.time
description: The time window to count the actions against.
required: true
limit:
type: integer
description: The limit
required: true
constraints:
- greater_than: 0
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the frequency is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
target:
type: string
description: An optional specific VNF to apply this guard to.
required: false
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
onap.policy.controlloop.guard.blacklist:
derived_from: onap.policies.controlloop.Guard
description: Supports blacklist of VNF's from performing control loop actions on.
properties:
blacklist_policy:
type: map
description:
entry_schema:
type: onap.datatypes.guard.blacklist
data_types:
onap.datatypes.guard.blacklist:
derived_from: tosca.datatypes.Root
properties:
actor:
type: string
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the blacklist is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
blacklist:
type: list
description: List of VNF's
required: true
policy_types:
onap.policies.controlloop.Guard:
derived_from: tosca.policies.Root
description: Guard Policies for Control Loop Operational Policies
onap.policy.controlloop.guard.minmax:
derived_from: onap.policies.controlloop.Guard
description: Supports Min/Max number of VF Modules
properties:
minmax_policy:
type: map
description:
entry_schema:
type: onap.datatypes.guard.minmax
data_types:
onap.datatypes.guard.minmax:
derived_from: tosca.datatypes.Root
properties:
actor:
type: string
description: Specifies the Actor
required: true
recipe:
type: string
description: Specified the Recipe
required: true
time_range:
type: tosca.datatypes.TimeInterval
description: An optional range of time during the day the Min/Max limit is valid for.
required: false
controlLoopName:
type: string
description: An optional specific control loop to apply this guard to.
required: false
min_vf_module_instances:
type: integer
required: true
description: The minimum instances of this VF-Module
max_vf_module_instances:
type: integer
required: false
description: The maximum instances of this VF-Module
This domain supports policies to assist in coordinating multiple control loops during runtime. This domain will be developed using XACML PDP to support question/answer Policy Decision during runtime for the Drools onap.controlloop.operational domain Policy Domains. NOTE: Apex is optional??
PDP's are deployed pre-packaged with their domains and will register those domains with the PAP when they are deployed via K8S.
The PAP will store any new PDP's and their domains in a SQL database in order to support Lifecycle State surrounding those domains such as "Safe Mode" and Policy Retirement (Stretch goals for Dublin release).
The health of those PDP's will be updated constantly by the PAP in order to alert ops teams monitoring policy, and to ensure the Policy Lifecycle API can create policies in those domains.
TODO: Scaling of the PDP's, show that in the list
After the PDPs have registered with the PAP:
http:{url}:{port}/pap/v1/pdps GET
#
# PAP - how it lists existing PDP Groups and Sub Groups and the models loaded
#
pdp_groups:
-
name: Control Loop runtime group
description: ONAP Control Loop Operational and Guard policies
subgroups:
-
pdp_type: drools
instances:
-
instance: drools_1 # K8S identifier? IP??
models:
- onap.controlloop.operational
-
instance: drools_2
models:
- onap.controlloop.operational
-
instance: drools-3
models:
- onap.controlloop.operational
-
pdp_type: apex
instances:
-
instance: apex_1
models:
- onap.controlloop.operational
-
instance: apex_2
models:
- onap.controlloop.operational
-
instance: apex_3
models:
- onap.controlloop.operational
-
pdp_type: xacml
instances:
-
instance: xacml_1
models:
- onap.controlloop.guard
- onap.controlloop.coordination
-
instance: xacml_2
models:
- onap.controlloop.guard
- onap.controlloop.coordination
-
name: DCAE policy group
subgroups:
-
pdp_type: xacml
instances:
-
instance: xacml_1
models:
- onap.controlloop.monitoring
-
instance: xacml_2
models:
- onap.controlloop.monitoring
After the PDPs have registered with the PAP:
http:{url}:{port}/pap/v1/pdps GET
#
# PAP - how it lists existing PDP Groups and Sub Groups and the models loaded
#
pdp_groups:
-
name: Control Loop runtime group
description: ONAP Control Loop Operational and Guard policies
subgroups:
-
pdp_type: drools
models:
# Maven coordinates here
- "onap.controlloop.operational:operational-standard"
- "onap.controlloop.operational:operational-enhanced"
instances:
# Parameters somehow passed to K8S for scaling
min_instances: 3
# The parameters below are for illustration in Dublin, may be implemented later
instance_spawn_load_threshold: 70%
instance_kill_load_threshold: 50%
instance_geo_redundnacy: true
-
pdp_type: apex
models:
# Maven coordinates here
- "onap.controlloop.operational:operational-standard"
- "onap.controlloop.operational:operational-enhanced"
instances:
# Parameters somehow passed to K8S for scaling
min_instances: 3
# The parameters below are for illustration in Dublin, may be implemented later
instance_spawn_load_threshold: 80%
instance_kill_load_threshold: 60%
instance_geo_redundnacy: true
-
pdp_type: xacml
models:
- "onap.controlloop.guard:guard-standard"
- "onap.controlloop.coordination:coordination-standard"
# Parameters somehow passed to K8S for scaling
min_instances: 2
# The parameters below are for illustration in Dublin, may be implemented later
instance_geo_redundnacy: true
-
name: DCAE policy group
subgroups:
-
pdp_type: xacml
models:
- "onap.controlloop.monitoring:monitoring-standard"
- "onap.controlloop.monitoring:monitoring-acme-inc"
# Parameters somehow passed to K8S for scaling
min_instances: 2
# The parameters below are for illustration in Dublin, may be implemented later
instance_geo_redundnacy: true
The Policy Lifecycle API will utilize the SQL database to make GET available to applications (eg CLAMP, Integration) for determining all the available models for policy creation:
http:{url}:{port}/api/v1/models GET
{
"policy_domains": [
{
"domain": "onap.monitoring",
"id": "dublin.monitoring.base",
"description": "This is the base domain that is used to help generate monitoring\ndomains for specific DCAE microservice models.\n",
"pdp_types": [
"xacml"
],
"version": 1
},
{
"domain": "onap.controlloop.operational",
"id": "dublin.operational.drools",
"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Drools PDP engine.\n",
"pdp_types": [
"drools"
],
"version": 1
},
{
"domain": "onap.controlloop.operational",
"id": "dublin.operational.apex",
"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Apex PDP engine.\n",
"pdp_types": [
"apex"
],
"version": 1
},
{
"domain": "onap.controlloop.guard",
"id": "dublin.guard",
"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
"pdp_types": [
"xacml"
],
"version": 1
},
{
"domain": "onap.controlloop.coordination",
"id": "dublin.coordination",
"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
"pdp_types": [
"xacml"
],
"version": 1
}
]
}
Policy Lifecycle API - Adding new DCAE microservice component domains
For Dublin, the DCAE microservice component developer will use TOSCA-LAB to generate a specific yaml for their microservice component. These can be now loaded into the policy framework using the Policy Lifecycle API using the onap.monitoring domain. TOSCA-LAB produces the following example yaml:
http:{url}:{port}/api/v1/domains?domain=onap.policy.monitoring PUT
tosca_definitions_version: tosca_simple_yaml_1_0_0
policy_types:
onap.policies.Monitoring:
derived_from: tosca.policies.Root
description: a base policy type for all policies that govern monitoring provision
onap.policy.monitoring.cdap.tca.hi.lo.app:
derived_from: onap.policies.Monitoring
properties:
tca_policy:
type: map
description: TCA Policy JSON
default: '{"domain":"measurementsForVfScaling","metricsPerEventName":[{"eventName":"Mfvs_eNodeB_RANKPI","controlLoopSchemaType":"VNF","policyScope":"resource=vFirewall;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-FRWL-LOW-TRAFFIC-SIG-d925ed73-8231-4d02-9545-db4e101f88f8","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":4000,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":20000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"},{"closedLoopControlName":"CL-FRWL-HIGH-TRAFFIC-SIG-EA36FE84-9342-5E13-A656-EC5F21309A09","closedLoopEventStatus":"ABATED","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":0,"direction":"EQUAL","severity":"CRITICAL"}]},{"eventName":"vLoadBalancer","controlLoopSchemaType":"VNF","policyScope":"resource=vLoadBalancer;type=configuration","policyName":"configuration.dcae.microservice.tca.xml","policyVersion":"v0.0.1","thresholds":[{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":500,"direction":"LESS_OR_EQUAL","severity":"MAJOR"},{"closedLoopControlName":"CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B","closedLoopEventStatus":"ONSET","version":"1.0.2","fieldPath":"$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated","thresholdValue":5000,"direction":"GREATER_OR_EQUAL","severity":"CRITICAL"}]}]}'
entry_schema:
type: onap.datatypes.monitoring.tca_policy
data_types:
onap.datatypes.monitoring.metricsPerEventName:
derived_from: tosca.datatypes.Root
properties:
controlLoopSchemaType:
type: string
description: Specifies Control Loop Schema Type for the
event Name e.g. VNF, VM
constraints:
- valid_values:
- VM
- VNF
eventName:
type: string
description: Event name to which thresholds need to be
applied
policyName:
type: string
description: TCA Policy Scope Name
policyScope:
type: string
description: TCA Policy Scope
policyVersion:
type: string
description: TCA Policy Scope Version
thresholds:
type: list
description: Thresholds associated with eventName
entry_schema:
type: onap.datatypes.monitoring.thresholds
onap.datatypes.monitoring.tca_policy:
derived_from: tosca.datatypes.Root
properties:
domain:
type: string
description: Domain name to which TCA needs to be applied
default: measurementsForVfScaling
constraints:
- equal: measurementsForVfScaling
metricsPerEventName:
type: list
description: Contains eventName and threshold details
that need to be applied to given eventName
entry_schema:
type: onap.datatypes.monitoring.metricsPerEventName
onap.datatypes.monitoring.thresholds:
derived_from: tosca.datatypes.Root
properties:
closedLoopControlName:
type: string
description: Closed Loop Control Name associated with
the threshold
closedLoopEventStatus:
type: string
description: Closed Loop Event Status of the threshold
constraints:
- valid_values:
- ONSET
- ABATED
direction:
type: string
description: Direction of the threshold
constraints:
- valid_values:
- LESS
- LESS_OR_EQUAL
- GREATER
- GREATER_OR_EQUAL
fieldPath:
type: string
description: Json field Path as per CEF message which
needs to be analyzed for TCA
severity:
type: string
description: Threshold Event Severity
constraints:
- valid_values:
- CRITICAL
- MAJOR
- MINOR
- WARNING
- NORMAL
thresholdValue:
type: integer
description: Threshold value for the field Path inside
CEF message
version:
type: string
description: Version number associated with the threshold
Once this call is made, now the models query will display the following available models for policy creation, notice the new "onap.policy.monitoring.cdap.tca.hi.lo.app" domain listed.
http:{url}:{port}/api/v1/models GET
#TODO UPDATE from above modeling
{
"policy_domains": [
{
"domain": "onap.monitoring",
"id": "dublin.monitoring.base",
"description": "This is the base domain that is used to help generate monitoring\ndomains for specific DCAE microservice models.\n",
"pdp_types": [
"xacml"
],
"version": 1
},
{
"domain": "onap.controlloop.operational",
"id": "dublin.operational.drools",
"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Drools PDP engine.\n",
"pdp_types": [
"drools"
],
"version": 1
},
{
"domain": "onap.controlloop.operational",
"id": "dublin.operational.apex",
"description": "This is the operational policy domain that support action policies for\ncontrol loops that are supported by the Apex PDP engine.\n",
"pdp_types": [
"apex"
],
"version": 1
},
{
"domain": "onap.controlloop.guard",
"id": "dublin.guard",
"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
"pdp_types": [
"xacml"
],
"version": 1
},
{
"domain": "onap.controlloop.coordination",
"id": "dublin.coordination",
"description": "This is the XACML based guard policy domain that supports frequency limiter, blacklist/whitelist and min/max guard policies.\n",
"pdp_types": [
"xacml"
],
"version": 1
},
{
"domain": "onap.policy.monitoring.cdap.tca.hi.lo.app",
"id": "dublin.tca",
"description": null,
"pdp_types": [
"xacml"
],
"version": 1
}
]
}
Now that domain is available to CLAMP for creating concrete policies creation.
While designing a control loop using CLAMP, a Control Loop Designer will use the Model Schema for a specific DCAE mS component Policy Model and create a specific Policy.
tosca_definitions_version: tosca_simple_yaml_1_0_0
imports:
-
tca_policy_model.yml
policies:
-
onap.scaleout.tca_policy:
type: policy_nodes.tca
properties:
domain: measurementsForVfScaling
metricsPerEventName:
-
eventName: vLoadBalancer
controlLoopSchemaType: VNF
policyScope: "type=configuration"
policyName: "configuration.dcae.microservice.tca.xml"
policyVersion: "v0.0.1"
thresholds:
-
closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-FB480F95-A453-6F24-B767-FD703241AB1A"
closedLoopEventStatus: ONSET
version: "1.0.2"
fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated"
thresholdValue: 500
direction: LESS_OR_EQUAL
severity: MAJOR
-
closedLoopControlName: "CL-LBAL-LOW-TRAFFIC-SIG-0C5920A6-B564-8035-C878-0E814352BC2B"
closedLoopEventStatus: ONSET
version: "1.0.2"
fieldPath: "$.event.measurementsForVfScalingFields.vNicPerformanceArray[*].receivedBroadcastPacketsAccumulated"
thresholdValue: 5000
direction: GREATER_OR_EQUAL
severity: CRITICAL
http:{url}:{port}/api/v1/models?model=onap.policy.monitoring.cdap.tca.hi.lo.app&id=dublin.tca PUT
Return payload:
PolicyId: UniqueId_1
PolicyVersion: 1
Should be able to GET
http:{url}:{port}/api/v1/domains/onap.policy.monitoring.cdap.tca.hi.lo.app/dublin.tca?PolicyId=UniqueId_1&PolicyVersion=1
Policy decisions are required by ONAP components to support the policy-driven ONAP architecture. Currently implemented using the XACML PDP.
http:{url}:{port}/decision/v1/ POST
domain=onap.policy.monitoring.cdap.tca.hi.lo.app
Pam Notes
1. PolicyId -> appending .* inside PolicyName to get any version, getConfig
2. PolicyFilter -> copy/paste of the getConfig API. Generates JSON. Had to replicate the matching of the filters
3.
every property is stringified - must "know" which need to be parsed.
https://gerrit.onap.org/r/gitweb?p=dcaegen2/platform/policy-handler.git;a=blob;f=policyhandler/policy_rest.py;h=85dd914d5969529d28c2d365e392abe4ac174cf0;hb=HEAD
from ALEXANDER V SHATOV to Everyone:
https://gerrit.onap.org/r/gitweb?p=dcaegen2/platform/policy-handler.git;a=blob;f=policyhandler/policy_receiver.py;h=249c1f742ec19eaba46051344506d312c345ae73;hb=HEAD
