Hi, Thanks to the support from Michal and the colleagues from Samsung, I was able to complete the closed loop as below:
>From inside drools pod, I checked controller Amsterdam is enabled and alive: policy@onap-drools-0:/tmp/policy-install$ policy status policy@onap-drools-0:/tmp/policy-install$ curl --silent --user '@1b3rt:31nst31n' -X GET http://localhost:9696/policy/pdp/engine/controllers/amsterdam/ | python -m json.tool policy@onap-drools-0:/tmp/policy-install$ --silent --user @1b3rt:31nst31n -X GET http://localhost:9696/policy/pdp/engine/controllers/amsterdam/drools/facts/amsterdam | python -m json.tool >From inside pap pod, I push policies: policy@onap-pap-5c9f7dbbd4-pmwr8:/tmp/policy-install/config$ export PRELOAD_POLICIES=true policy@onap-pap-5c9f7dbbd4-pmwr8:/tmp$ /tmp/policy-install/config/push-policies.sh >From outside the cluster, I exposed pdp port and run update policy script, and >finally mount appc: I mapped the ports for pdp because it's not exposed by default: root@olc-rancher:~# kubectl -n onap port-forward onap-pdp-0 30220:8081 & [1] 29192 root@olc-rancher:~# Forwarding from 127.0.0.1:30220 -> 8081 root@olc-rancher:~# kubectl -n onap port-forward onap-drools-0 30221:9696 & [2] 29210 root@olc-rancher:~# Forwarding from 127.0.0.1:30221 -> 9696 Then I run the update policy script: root@olc-rancher:~/oom/kubernetes/policy/charts/drools/resources/scripts# ./update-vfw-op-policy.sh localhost 30220 30221 9df75e8e-93a2-444a-87b8-7c8aa133ae46 Then I can mount appc via robot script, using the name of the PG openstack stack: root@olc-rancher:~/oom/kubernetes/robot# ./demo-k8s.sh onap appc vFW_PG_VNF-6 Or I can mount appc manually, using the PG VNF ID, and PG public IP: root@olc-rancher:~/oom/kubernetes/robot# curl -X PUT \ http://84.39.32.104:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/0a2b09a4-c5b0-446e-b1ab-c3a4bad54c74 \ -H 'Accept: application/xml' \ -u admin:admin \ -H 'Content-Type: text/xml' \ -d '<node xmlns="urn:TBD:params:xml:ns:yang:network-topology"> <node-id>0a2b09a4-c5b0-446e-b1ab-c3a4bad54c74</node-id> <host xmlns="urn:opendaylight:netconf-node-topology">84.39.37.85</host> <port xmlns="urn:opendaylight:netconf-node-topology">2831</port> <username xmlns="urn:opendaylight:netconf-node-topology">admin</username> <password xmlns="urn:opendaylight:netconf-node-topology">admin</password> <tcp-only xmlns="urn:opendaylight:netconf-node-topology">false</tcp-only> </node>' root@olc-rancher:~/oom/kubernetes/robot# curl -X GET \ http://84.39.32.104:30230/restconf/operational/network-topology:network-topology/topology/topology-netconf/ \ -H 'Accept: application/json' \ -u admin:admin {"topology":[{"topology-id":"topology-netconf","node":[...{"node-id":"0a2b09a4-c5b0-446e-b1ab-c3a4bad54c74","netconf-node-topology:available-capabilities":... root@olc-rancher:~/oom/kubernetes/robot# curl -X GET \ http://84.39.32.104:30230/restconf/config/network-topology:network-topology/topology/topology-netconf/node/0a2b09a4-c5b0-446e-b1ab-c3a4bad54c74/yang-ext:mount/sample-plugin:sample-plugin/pg-streams \ -H 'Accept: application/json' -u admin:admin {"pg-streams":{"pg-stream":[{"id":"fw_udp2","is-enabled":true},{"id":"fw_udp1","is-enabled":true},{"id":"fw_udp4","is-enabled":true},{"id":"fw_udp3","is-enabled":true},{"id":"fw_udp5","is-enabled":true}]}} [cid:[email protected]] Thanks Abdelmuhaimen Seaudi Orange Labs Egypt Email: [email protected]<mailto:[email protected]> Mobile: +2012 84644 733 From: SEAUDI Abdelmuhaimen OBS/CSO Sent: Wednesday, July 18, 2018 11:03 AM To: [email protected] Subject: vfw closed loop - error 400 bad request running update-vfw-op-policy.sh Hi, I followed the tutorial at I can see the graphs from the sink VM OK. I ran heatbridge OK, and I see vservers added under the vnf in AAI. But, when I try to run the update-vfw-op-policy.sh, I get the following error: Any idea why I get 400 bad request from PDP ? root@olc-rancher:~/oom/kubernetes/policy/charts/drools/resources/scripts# ./update-vfw-op-policy.sh localhost 30220 30221 9df75e8e-93a2-444a-87b8-7c8aa133ae46 Removing the vFW Policy from PDP.. * Trying 127.0.0.1... Handling connection for 30220 * Connected to localhost (127.0.0.1) port 30220 (#0) > DELETE /pdp/api/deletePolicy HTTP/1.1 > Host: localhost:30220 > User-Agent: curl/7.47.0 > Content-Type: application/json > Accept: text/plain > ClientAuth: cHl0aG9uOnRlc3Q= > Authorization: Basic dGVzdHBkcDphbHBoYTEyMw== > Environment: TEST > Content-Length: 128 > * upload completely sent off: 128 out of 128 bytes < HTTP/1.1 400 Bad Request < Server: Apache-Coyote/1.1 < Content-Type: text/plain;charset=ISO-8859-1 < Content-Length: 203 < Date: Wed, 18 Jul 2018 08:58:05 GMT < Connection: close < * Closing connection 0 PE300 - Data Issue: could not retrieve the activeVersion for this policy. could not retrieve the activeVersion for this policy. This indicates the policy does not exist, please verify the policy exists. Updating vFW Operational Policy .. * Trying 127.0.0.1... Handling connection for 30220 * Connected to localhost (127.0.0.1) port 30220 (#0) > PUT /pdp/api/updatePolicy HTTP/1.1 > Host: localhost:30220 > User-Agent: curl/7.47.0 > Content-Type: application/json > Accept: text/plain > ClientAuth: cHl0aG9uOnRlc3Q= > Authorization: Basic dGVzdHBkcDphbHBoYTEyMw== > Environment: TEST > Content-Length: 1328 > Expect: 100-continue > < HTTP/1.1 100 Continue * We are completely uploaded and fine < HTTP/1.1 400 Bad Request < Server: Apache-Coyote/1.1 < Content-Type: text/plain;charset=ISO-8859-1 < Content-Length: 87 < Date: Wed, 18 Jul 2018 08:58:25 GMT < Connection: close < * Closing connection 0 PE300 - Data Issue: BRMSParamvFirewall does not exist on the PAP and cannot be updated. Pushing the vFW Policy .. * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 30220 (#0) Handling connection for 30220 > PUT /pdp/api/pushPolicy HTTP/1.1 > Host: localhost:30220 > User-Agent: curl/7.47.0 > Content-Type: application/json > Accept: text/plain > ClientAuth: cHl0aG9uOnRlc3Q= > Authorization: Basic dGVzdHBkcDphbHBoYTEyMw== > Environment: TEST > Content-Length: 99 > * upload completely sent off: 99 out of 99 bytes < HTTP/1.1 400 Bad Request < Server: Apache-Coyote/1.1 < Content-Type: text/plain;charset=ISO-8859-1 < Content-Length: 146 < Date: Wed, 18 Jul 2018 08:58:31 GMT < Connection: close < * Closing connection 0 PE300 - Data Issue: response code of the URL is 404. This indicates a problem with getting the version from the PAP or the policy does not exist. Restarting PDP-D .. No resources found. error: expected 'exec POD_NAME COMMAND [ARG1] [ARG2] ... [ARGN]'. POD_NAME and COMMAND are required arguments for the exec command See 'kubectl exec -h' for help and examples. PDP-D amsterdam maven coordinates .. * Trying 127.0.0.1... Handling connection for 30221 * Connected to localhost (127.0.0.1) port 30221 (#0) * Server auth using Basic with user '@1b3rt' > GET /policy/pdp/engine/controllers/amsterdam/drools HTTP/1.1 > Host: localhost:30221 > Authorization: Basic QDFiM3J0OjMxbnN0MzFu > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 200 OK < Date: Wed, 18 Jul 2018 08:59:11 GMT < Content-Type: application/json < Content-Length: 231 < Server: Jetty(9.3.20.v20170531) < { [231 bytes data] * Connection #0 to host localhost left intact { "alive": false, "artifactId": "NO-ARTIFACT-ID", "brained": false, "canonicalSessionNames": [], "container": null, "groupId": "NO-GROUP-ID", "locked": false, "recentSinkEvents": [], "recentSourceEvents": [], "sessionNames": [], "version": "NO-VERSION" } PDP-D control loop updated .. * Trying 127.0.0.1... * Connected to localhost (127.0.0.1) port 30221 (#0) * Server auth using Basic with user '@1b3rt' > GET > /policy/pdp/engine/controllers/amsterdam/drools/facts/closedloop-amsterdam/org.onap.policy.controlloop.Params > HTTP/1.1 > Host: localhost:30221 > Authorization: Basic QDFiM3J0OjMxbnN0MzFu > User-Agent: curl/7.47.0 > Accept: */* > Handling connection for 30221 < HTTP/1.1 200 OK < Date: Wed, 18 Jul 2018 08:59:11 GMT < Content-Type: application/json < Content-Length: 2 < Server: Jetty(9.3.20.v20170531) < { [2 bytes data] * Connection #0 to host localhost left intact [] Thanks. Abdelmuhaimen Seaudi Orange Labs Egypt Email: [email protected]<mailto:[email protected]> Mobile: +2012 84644 733 _________________________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11234): https://lists.onap.org/g/onap-discuss/message/11234 Mute This Topic: https://lists.onap.org/mt/23669253/21656 Group Owner: [email protected] Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
