Policy Cookbook

Openstack Heat Installation - Policy VM/Docker Recipes

Get the latest images in an already setup policy VM
1
 /opt/policy_vm_init.sh
Install/start docker policy containers with no policies preloaded
1
2
 echo "PRELOAD_POLICIES=false" > /opt/policy/.env
 /opt/policy_vm_init.sh
Install/start docker policy containers with policies preloaded
1
2
3
4
5
6
 # This is the current default mode of instantiation.
 # These operations are unnecessary unless PRELOAD_POLICIES
 # was previously set to true

 echo "PRELOAD_POLICIES=true" > /opt/policy/.env
 /opt/policy_vm_init.sh
Access the PDP-D container as the policy user
1
 docker exec -it drools bash
Access the PDP-X container as the policy user
1
 docker exec -it -u 0 pdp su - policy
Access the BRMSGW container as the policy user
1
 docker exec -it -u 0 brmsgw su - policy
Access PAP container as the policy user
1
 docker exec -it -u 0 pap su - policy
Access the CONSOLE container the a policy user
1
 docker exec -it -u 0 console su - policy
Command line Healthcheck invokation
1
2
3
 source /opt/app/policy/config/feature-healthcheck.conf.environment
 curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
      -X GET https://localhost:6969/healthcheck | python -m json.tool

OOM Installation - Policy Kubernetes Recipes

List the policy pods
1
 kubectl get pods -n onap -o wide | grep policy
Access the PAP container
1
 kubectl exec -it <pap-pod> -c pap -n onap bash
Access a PDPD-D container
1
2
3
 # <policy-deployment-prefix> depends on the deployment configuration

 kubectl exec -it <policy-deployment-prefix>-drools-0 -c drools -n onap bash
Access the PDP container
1
2
3
 # <policy-deployment-prefix> depends on the deployment configuration

 kubectl exec -it <policy-deployment-prefix>-pdp-0 -c drools -n onap bash
Push Default Policies
1
 kubectl exec -it <pap-pod> -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /tmp/policy-install/config/push-policies.sh"
Standalone Policy Web UI URL access
1
 http://<pap-vm>:30219/onap/login.htm

PDP-D Recipes (inside the “drools” container)

Stop the PDP-D
1
 policy stop
Start the PDP-D
1
 policy start
Manual Healthcheck Invokation
1
2
3
 source ${POLICY_HOME}/config/feature-healthcheck.conf
 curl --silent --user "${HEALTHCHECK_USER}:${HEALTHCHECK_PASSWORD}"
      -X GET https://localhost:6969/healthcheck | python -m json.tool
Start a telemetry shell
1
 telemetry
See all the configured loggers
1
2
curl -k --silent --user "${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
     https://localhost:9696/policy/pdp/engine/tools/loggers
See the logging level for a given logger (for example the network logger):
1
2
curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
     https://localhost:9696/policy/pdp/engine/tools/loggers/network
Modify the logging level for a given logger (for example the network logger):
1
2
curl -k --silent --user"${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD}"
     -X PUT https://localhost:9696/policy/pdp/engine/tools/loggers/network/WARN

PAP Recipes (inside the “pap” container)

Bypass Portal Authentication with the Policy Web UI
1
 sed -i "s/^role_access_centralized.*$/#role_access_centralized=remote/g" /opt/app/policy/servers/console/webapps/onap/WEB-INF/classes/portal.properties; policy.sh stop; policy.sh start;
Access the Policy Web UI without going through the Portal UI
1
2
https://<pap-vm>:8443/onap/login.htm  (Heat)
https://<pap-vm>:30219/onap/login.htm  (Kubernetes)

End of Document