Re: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

[HERNANDEZ-HERRERO, JORGE]

Just to be clear that 3rd party dependency, xacml-pdp jar, should be picked up 
from maven central and should be pointing to 1.0.0.    So, my doubt is if you 
have a slightly oldest set up perhaps, I guess, since I remember a review 
specifying that dependency to 1.0.0 a while back.    Trying to understand why 
you see that in contrast with other installation I am looking at.

Jorge

From: onap-discuss-boun...@lists.onap.org 
[mailto:onap-discuss-boun...@lists.onap.org] On Behalf Of HERNANDEZ-HERRERO, 
JORGE
Sent: Thursday, December 07, 2017 12:12 PM
To: Alexis de Talhouët <adetalhoue...@gmail.com>
Cc: onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

***Security Advisory: This Message Originated Outside of AT&T ***
Reference http://cso.att.com/EmailSecurity/IDSP.html for more information.
There is an issue on the brmsgw generating rules jar files while fetching 
dependencies:

[ERROR] Failed to execute goal on project policy-amsterdam-rules: Could not 
resolve dependencies for project 
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:jar:0.1.0: 
Failure to find com.att.research.xacml:xacml-pdp:jar:1.1.1 in 
https://nexus.onap.org/content/repositories/releases/<https://urldefense.proofpoint.com/v2/url?u=https-3A__nexus.onap.org_content_repositories_releases_&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=0Ecw5ceyIx6TGXxpswy_BZP3oGe9Y5glraVxH-eVx68&s=8-WWVNjmujKCNMrM6skuvlaUQz8qU6K0SJ6d2qsDrlE&e=>
 was cached in the local repository, resolution will

xacml-pdp jar should be pointing to 1.0.0.   This dependency version comes from 
this file.

docker exec -t -u policy brmsgw bash -c "cat 
/opt/app/policy/servers/brmsgw/dependency.json"

See entry for xacml-pdp dependency (as it shows in a local installation):

        }, {
            "groupId": "com.att.research.xacml",
            "artifactId": "xacml-pdp",
            "version": "1.0.0"
        }]

I think in your set up probably that is pointing to 1.1.1.   Not sure, if you 
have a slightly oldest version, I thought that was released with 1.1.1 (?)

Jorge

From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Thursday, December 07, 2017 11:22 AM
To: HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Cc: DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; 
PLATANIA, MARCO <plata...@research.att.com<mailto:plata...@research.att.com>>; 
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

Bellow the output for the requested command. Note, I’ve seen maven failure in 
brmsgw.log (I didn’t know about those logs before).
docker exec -t -u policy drools bash -c "source 
/opt/app/policy/etc/profile.d/env.sh; policy status;”
policy@drools-3276366710-tlszz:/tmp/policy-install$ source 
/opt/app/policy/etc/profile.d/env.sh; policy status;

[drools-pdp-controllers]
 L []: Policy Management (pid 5041) is running
            1 cron jobs installed.

[features]
name                      version         status
----                      -------         ------
active-standby-management 1.1.1           disabled
test-transaction          1.1.1           disabled
healthcheck               1.1.1           enabled
eelf                      1.1.1           disabled
controlloop-utils         1.1.1           disabled
state-management          1.1.1           disabled
session-persistence       1.1.1           disabled



docker exec -t -u policy drools bash -c "cat /opt/app/policy/logs/network.log;"
policy@drools-3276366710-tlszz:/tmp/policy-install$ cat 
/opt/app/policy/logs/network.log
[2017-12-07 15:02:33,326|qtp873610597-23]0:0:0:0:0:0:0:1 - @1b3rt 
[1512658953104] "DELETE //localhost:9696/policy/pdp/engine HTTP/1.1" 500 340
[2017-12-07 15:03:14,209|qtp873610597-21]10.42.0.1 - @1b3rt 
[07/Dec/2017:15:03:13 +0000] "GET 
//10.195.197.141:30221/policy/pdp/engine/controllers/amsterdam/drools HTTP/1.1" 
200 231
[2017-12-07 15:03:14,306|qtp873610597-26]10.42.0.1 - @1b3rt 
[07/Dec/2017:15:03:14 +0000] "GET 
//10.195.197.141:30221/policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params
 HTTP/1.1" 200 2

docker exec -t -u policy drools bash -c "cat 
/opt/app/policy/config/amsterdam-controller.properties;"
https://gist.github.com/anonymous/ed87dc44b5e63d4f1818b6d72c234ff4<https://urldefense.proofpoint.com/v2/url?u=https-3A__gist.github.com_anonymous_ed87dc44b5e63d4f1818b6d72c234ff4&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=7ECL8v_id3P9lLua3wsg8VQheN-9BaRZ30afvRUF3M4&s=oOU5UGN6CtcjgpAUcnfc0Wrm3ehT-amh2WyXELX-00E&e=>

docker exec -t -u policy brmsgw bash -c "cat /opt/app/policy/logs/brmsgw.log"
https://gist.github.com/anonymous/a58e373a0211311e60e98a7f1a3ab7d8<https://urldefense.proofpoint.com/v2/url?u=https-3A__gist.github.com_anonymous_a58e373a0211311e60e98a7f1a3ab7d8&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=7ECL8v_id3P9lLua3wsg8VQheN-9BaRZ30afvRUF3M4&s=L50D5JkuQ9m6q3Ogp1tQqm0PVRUy6gqePeGtedUOH2A&e=>

Thanks,
Alexis


On Dec 7, 2017, at 12:09 PM, HERNANDEZ-HERRERO, JORGE 
<jh1...@att.com<mailto:jh1...@att.com>> wrote:

Thanks Alexis, that output looks good.   Can you also print output from these 
commands in the policy vm:

docker exec -t -u policy drools bash -c "source 
/opt/app/policy/etc/profile.d/env.sh; policy status;"


docker exec -t -u policy drools bash -c "cat /opt/app/policy/logs/network.log;"

docker exec -t -u policy drools bash -c "cat 
/opt/app/policy/config/amsterdam-controller.properties;"

docker exec -t -u policy brmsgw bash -c "cat /opt/app/policy/logs/brmsgw.log"

Jorge

From: Alexis de Talhouët [mailto:adetalhoue...@gmail.com]
Sent: Thursday, December 07, 2017 9:37 AM
To: HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Cc: DRAGOSH, PAM <pdrag...@research.att.com<mailto:pdrag...@research.att.com>>; 
PLATANIA, MARCO <plata...@research.att.com<mailto:plata...@research.att.com>>; 
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>
Subject: Re: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

Hi Jorge,

I cannot give you access as this is in internal my lab, and the setup I had in 
the openlab just got wiped(…).

Here is the logs regarding the http request in the pap container: 
https://gist.github.com/adetalhouet/e089f41df0e7a5eaaeb319d2cc417173<https://urldefense.proofpoint.com/v2/url?u=https-3A__gist.github.com_adetalhouet_e089f41df0e7a5eaaeb319d2cc417173&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=AOclne09odx6cmeimzFUhQ&m=xAnaYk-bl3Y-OauIXHVBMFT5a2pqFKDdMUYyN1k69ZA&s=2IlyhrQsoXLqqDwARtlpte8p6HBle_jWlcdKJhz3Cmg&e=>
I seem to have 200 OK, but maybe I’m missing something.

If you can give me some command helping debugging that would be great.

Thank you for helping,
Alexis


On Dec 7, 2017, at 10:32 AM, HERNANDEZ-HERRERO, JORGE 
<jh1...@att.com<mailto:jh1...@att.com>> wrote:

Hi Alexis,

There seems there are no preloaded policies, I could take a look in your lab if 
you are ok giving me access to policy vm, or I can guide you with some 
commands.   What do you see towards the end if you do “docker logs pap”?   Do 
you see some http request returning 200 Ok (those are pushing some default 
policies for use cases).

Jorge

From: DRAGOSH, PAM
Sent: Thursday, December 07, 2017 9:14 AM
To: Alexis de Talhouët 
<adetalhoue...@gmail.com<mailto:adetalhoue...@gmail.com>>; PLATANIA, MARCO 
<plata...@research.att.com<mailto:plata...@research.att.com>>; 
onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>; 
HERNANDEZ-HERRERO, JORGE <jh1...@att.com<mailto:jh1...@att.com>>
Subject: Re: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

+Jorge from the Policy team. Perhaps he can take a look.

Pam

From: 
<onap-discuss-boun...@lists.onap.org<mailto:onap-discuss-boun...@lists.onap.org>>
 on behalf of Alexis de Talhouët 
<adetalhoue...@gmail.com<mailto:adetalhoue...@gmail.com>>
Date: Thursday, December 7, 2017 at 10:09 AM
To: "PLATANIA, MARCO (MARCO)" 
<plata...@research.att.com<mailto:plata...@research.att.com>>, 
"onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>" 
<onap-discuss@lists.onap.org<mailto:onap-discuss@lists.onap.org>>
Subject: [onap-discuss] [Amsterdam][OOM] vFW close-loop testing

Hello Marco, team,

I’ve been following the close-loop video 
https://wiki.onap.org/display/DW/Running+the+ONAP+Demos?preview=/1015891/16010290/vFW_closed_loop.mp4<https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.onap.org_display_DW_Running-2Bthe-2BONAP-2BDemos-3Fpreview-3D_1015891_16010290_vFW-5Fclosed-5Floop.mp4&d=DwMFaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=jwTiArcEj6aUX0HjV0M3dT12gUtk7rC07xpgpVZkS_4&m=eGdp3ha1Dvenrua6ZSDOjXaZ7Q2pW83DPaI5PU-eIIs&s=MgFmqh-hgsbZkP6-8Rdj1E_-qrczm96BKpPlXsAF7P8&e=>
 to fix OOM.
I’m currently at the stage where I’m updating the vFW Operation Policy.

Mu issue is the following, running the update-vfw-op-policy.sh works fine, but 
I don’t have any artifacts after drools restarts, nor any close loop params.

Does someone has an idea where I should look at to fix this?

Thanks
Alexis

Bellow my run:
FYI, I adapted the script for OOM.

$ ./update-vfw-op-policy.sh
Usage: update-vfw-op-policy.sh <k8s-host> <policy-pdp-node-port> 
<policy-drools-node-port> <resource-id>

$ ./update-vfw-op-policy.sh 10.195.197.141 30220 30221 
780661ba-d934-408a-99dd-295263e7a80d

Updating vFW Operational Policy ..

*   Trying 10.195.197.141...
* TCP_NODELAY set
* Connected to 10.195.197.141 (10.195.197.141) port 30220 (#0)
> PUT /pdp/api/updatePolicy HTTP/1.1
> Host: 10.195.197.141:30220
> User-Agent: curl/7.54.0
> Content-Type: application/json
> Accept: text/plain
> ClientAuth: cHl0aG9uOnRlc3Q=
> Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
> Environment: TEST
> Content-Length: 1328
> Expect: 100-continue
>
< HTTP/1.1 100 Continue
* We are completely uploaded and fine
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: text/plain;charset=ISO-8859-1
< Content-Length: 149
< Date: Thu, 07 Dec 2017 15:02:06 GMT
<
* Connection #0 to host 10.195.197.141 left intact
Transaction ID: 5f582dd6-d4b4-4665-8274-0403775be82f --Policy with the name 
com.Config_BRMS_Param_BRMSParamvFirewall.2.xml was successfully updated.



Pushing the vFW Policy ..


*   Trying 10.195.197.141...
* TCP_NODELAY set
* Connected to 10.195.197.141 (10.195.197.141) port 30220 (#0)
> PUT /pdp/api/pushPolicy HTTP/1.1
> Host: 10.195.197.141:30220
> User-Agent: curl/7.54.0
> Content-Type: application/json
> Accept: text/plain
> ClientAuth: cHl0aG9uOnRlc3Q=
> Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==
> Environment: TEST
> Content-Length: 99
>
* upload completely sent off: 99 out of 99 bytes
< HTTP/1.1 200 OK
< Server: Apache-Coyote/1.1
< Content-Type: text/plain;charset=ISO-8859-1
< Content-Length: 162
< Date: Thu, 07 Dec 2017 15:02:12 GMT
<
* Connection #0 to host 10.195.197.141 left intact
Transaction ID: 6495f424-78d5-4434-a2f2-83a335d2523f --Policy 
'com.Config_BRMS_Param_BRMSParamvFirewall.2.xml' was successfully pushed to the 
PDP group 'default'.




Restarting PDP-D ..


Defaulting container name to drools.
Use 'kubectl describe pod/drools-3276366710-tlszz' to see all of the containers 
in this pod.
[drools-pdp-controllers]





 L []: Stopping Policy Management... Policy Management (pid=4791) is 
stopping... Policy Management has stopped.
[drools-pdp-controllers]
 L []: Policy Management (pid 5041) is running


PDP-D amsterdam maven coordinates ..


*   Trying 10.195.197.141...
* TCP_NODELAY set
* Connected to 10.195.197.141 (10.195.197.141) port 30221 (#0)
* Server auth using Basic with user '@1b3rt'
> GET /policy/pdp/engine/controllers/amsterdam/drools HTTP/1.1
> Host: 10.195.197.141:30221
> Authorization: Basic QDFiM3J0OjMxbnN0MzFu
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 07 Dec 2017 15:03:13 GMT
< Content-Type: application/json
< Content-Length: 231
< Server: Jetty(9.3.14.v20161028)
<
{ [231 bytes data]
* Connection #0 to host 10.195.197.141 left intact
{
    "alive": false,
    "artifactId": "NO-ARTIFACT-ID",
    "brained": false,
    "canonicalSessionNames": [],
    "container": null,
    "groupId": "NO-GROUP-ID",
    "locked": false,
    "recentSinkEvents": [],
    "recentSourceEvents": [],
    "sessionNames": [],
    "version": "NO-VERSION"
}


PDP-D control loop updated ..


*   Trying 10.195.197.141...
* TCP_NODELAY set
* Connected to 10.195.197.141 (10.195.197.141) port 30221 (#0)
* Server auth using Basic with user '@1b3rt'
> GET 
> /policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params
>  HTTP/1.1
> Host: 10.195.197.141:30221
> Authorization: Basic QDFiM3J0OjMxbnN0MzFu
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 07 Dec 2017 15:03:14 GMT
< Content-Type: application/json
< Content-Length: 2
< Server: Jetty(9.3.14.v20161028)
<
{ [2 bytes data]
* Connection #0 to host 10.195.197.141 left intact
[]


_______________________________________________
onap-discuss mailing list
onap-discuss@lists.onap.org
https://lists.onap.org/mailman/listinfo/onap-discuss