Re: vFW Closed Loop - Operational Policy issues in Beijing #policy #usecaseui #kubernetes #install #drools


Jorge Hernandez
 

Hello Cristina,

A bug has been recently found in the latest Beijing version that you may be hitting (POLICY-1097). A fix has been merged recently.

Please also take a look at https://wiki.onap.org/display/DW/Policy+on+OOM to look at state of things after your installation.

If you are running the vFW use case, note that you could avoid the use the update-vfw-op-policy.sh script. You could instead, before invoking the push-policies.sh, edit the file, the vFirewall encoded operational policy piece, and modify the resourceID to match the one you are using in your lab (which is the input parameter to the update-vfw-op-policy.sh) directly. That is in essence what the update-vfw-op-policy.sh does.

One caveat to this approach is that the kubernetes install mounts the push-policies.sh in a read-only file system, so within the container you would move the push-policies.sh to a dir with write permissions, make your changes, and invoke the push-policies scripts, as suggested in the wiki page above. Good luck!

Jorge

-----Original Message-----
From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On Behalf Of Cristina Precup via Lists.Onap.Org
Sent: Tuesday, September 11, 2018 6:59 AM
To: onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] vFW Closed Loop - Operational Policy issues in Beijing #kubernetes #policy #drools #dcaegen2 #install #usecaseui

Hello,

Thank you for the reference. I did do the onboarding step mentioned here, making sure to replace the field with the correct PG model-invariant-id in the posh-policies.sh script. However, I don't think this script actually does the onboarding in my case:

kubectl exec -it scapula-pap-5bf5f48d7b-v7fld -c pap -n onap -- bash -c "export PRELOAD_POLICIES=true; /home/policy/push-policies.sh"
Upload BRMS Param Template
--2018-09-11 11:32:53-- https://urldefense.proofpoint.com/v2/url?u=https-3A__git.onap.org_policy_drools-2Dapplications_plain_controlloop_templates_archetype-2Dcl-2Damsterdam_src_main_resources_archetype-2Dresources_src_main_resources_-5F-5FclosedLoopControlName-5F-5F.drl&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=eo2mpzN21NLU2O9aeoUve_IdCqj3Mt7LyBtmVo34emA&s=RukLCAdJ2Ombv0eHqd38YY_A-YsFYOikOQiHNt408uU&e=
Resolving git.onap.org (git.onap.org)... 198.145.29.92 Connecting to git.onap.org (git.onap.org)|198.145.29.92|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 58366 (57K) [text/plain]
Saving to: 'cl-amsterdam-template.drl'

100%[==============================================================================>] 58,366 193KB/s in 0.3s

2018-09-11 11:32:54 (193 KB/s) - 'cl-amsterdam-template.drl' saved [58366/58366]

* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
POST /pdp/api/policyEngineImport HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 58757
Expect: 100-continue
Content-Type: multipart/form-data;
boundary=------------------------110622b19dc01d62
* Connection #0 to host pdp left intact
PPRELOAD_POLICIES is true
Create BRMSParam Operational Policies
Create BRMSParamvFirewall Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/html
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1309
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate BRMSParamvDNS Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/html
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1148
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate BRMSParamVOLTE Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/html
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1140
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate BRMSParamvCPE Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/html
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1139
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate MicroService Config Policies
Create MicroServicevFirewall Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1689
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate MicroServicevDNS Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1306
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreate MicroServicevCPE Policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 1640
Expect: 100-continue
* Connection #0 to host pdp left intact
PCreating Decision Guard policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/createPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 463
* upload completely sent off: 463 out of 463 bytes
* Connection #0 to host pdp left intact
PPush Decision policy
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 97
* upload completely sent off: 97 out of 97 bytes
* Connection #0 to host pdp left intact
PPushing BRMSParam Operational policies
pushPolicy : PUT : com.BRMSParamvFirewall
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 99
* upload completely sent off: 99 out of 99 bytes
* Connection #0 to host pdp left intact
PpushPolicy : PUT : com.BRMSParamvDNS
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 94
* upload completely sent off: 94 out of 94 bytes
* Connection #0 to host pdp left intact
PpushPolicy : PUT : com.BRMSParamVOLTE
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 95
* upload completely sent off: 95 out of 95 bytes
* Connection #0 to host pdp left intact
PpushPolicy : PUT : com.BRMSParamvCPE
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 94
* upload completely sent off: 94 out of 94 bytes
* Connection #0 to host pdp left intact
PPushing MicroService Config policies
pushPolicy : PUT : com.MicroServicevFirewall
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 104
* upload completely sent off: 104 out of 104 bytes
* Connection #0 to host pdp left intact
PpushPolicy : PUT : com.MicroServicevDNS
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 99
* upload completely sent off: 99 out of 99 bytes
* Connection #0 to host pdp left intact
PpushPolicy : PUT : com.MicroServicevCPE
* Hostname was NOT found in DNS cache
* Trying 10.42.10.50...
* Connected to pdp (10.42.10.50) port 8081 (#0)
PUT /pdp/api/pushPolicy HTTP/1.1
User-Agent: curl/7.35.0
Host: pdp:8081
Content-Type: application/json
Accept: text/plain
ClientAuth: cHl0aG9uOnRlc3Q=
Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
Environment: TEST
Content-Length: 99
* upload completely sent off: 99 out of 99 bytes
* Connection #0 to host pdp left intact

Checking further on PAP if there are any policies configured gives me nothing:

policy@scapula-pap-5bf5f48d7b-v7fld:/tmp/policy-install$ curl --silent -X POST --header 'Content-Type: application/json --header 'Accept: application/json' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{"policyName": ".*vFirewall.*"}' https://urldefense.proofpoint.com/v2/url?u=http-3A__pdp-3A8081_pdp_api_getConfig&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=eo2mpzN21NLU2O9aeoUve_IdCqj3Mt7LyBtmVo34emA&s=qrlYk0UJGahv2ljyxj7A2vn3njL3ZfCkhnjpbysX7Dg&e=

policy@scapula-pap-5bf5f48d7b-v7fld:/tmp/policy-install$ curl --silent -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{"policyName": "*"}' https://urldefense.proofpoint.com/v2/url?u=http-3A__pdp-3A8081_pdp_api_getConfig&d=DwIFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=eo2mpzN21NLU2O9aeoUve_IdCqj3Mt7LyBtmVo34emA&s=qrlYk0UJGahv2ljyxj7A2vn3njL3ZfCkhnjpbysX7Dg&e=


Best regards,
--
Cristina Precup

Join onap-discuss@lists.onap.org to automatically receive all group messages.