Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Xoan,
I’m a bit confused by the logs too, you should see a “FINAL: SUCCESS” matching
the receipt of the APPC “SUCCESS” but failure reporting is ok for “duplicated”
transactions, which are expected in this use case since DCAE ONSETs comes into
policy in multiples for the same operation. Resources should be locked based
on the target vnf id. In any case, keep an eye on it, if you can reproduce it
on an stable environment as I am not very clear, how the changed target vnf id,
that you mention at the bottom of the page, would affect the rules processing
of the flow.
Best regards,
Jorge
From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On
Behalf Of jkzcristiano
Sent: Thursday, October 18, 2018 8:10 AM
To: onap-discuss@lists.onap.org
Subject: Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF
Message
Dear Jorge,
thank you for your help.
I had several issues due to some misconfigurations between ONAP services
(vNicUsageArray/vNicPerformanceArray, the closedLoopControlName was different
between TCA and the pushed policy, the target VNF was already running, etc.).
Now the CL is working.
[cid:image001.png@01D46724.160EA890]
However, despite it is working, by inspecting drools' network.log file I still
observe some issues:
...
...
[2018-10-18T12:38:06.906+00:00|Session
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT]
{
"AAI": {
"generic-vnf.resource-version": "1539010321583",
"generic-vnf.nf-role": "",
"generic-vnf.prov-status": "PROV",
"generic-vnf.orchestration-status": "Active",
"generic-vnf.is-closed-loop-disabled": "false",
"generic-vnf.service-id": "eb5c770a-ec21-43df-87ed-82fbc326e4f6",
"generic-vnf.in-maint": "false",
"generic-vnf.nf-type": "",
"generic-vnf.nf-naming-code": "",
"generic-vnf.vnf-name": "VNF-vFWSNK-vFWCL-08-10-Ins-4",
"generic-vnf.model-version-id": "0b83692c-f944-411d-8103-36bd26d2b974",
"generic-vnf.model-customization-id":
"1894e439-88d9-40a4-a591-c1e9de88f121",
"generic-vnf.nf-function": "",
"generic-vnf.vnf-type": "vFirewall-Service/vFWSNK 0",
"generic-vnf.model-invariant-id": "8864d433-a569-4b99-ba09-48b3d6d8d6db",
"generic-vnf.vnf-id": "cd4204ed-a2a9-42c5-baaa-d39953ff6178"
},
"closedLoopAlarmStart": 1539866241522408,
"closedLoopControlName":
"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
"version": "1.0.2",
"requestId": "0549eb14-2f56-418f-adc3-d503d3bf96f6",
"closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca",
"targetType": "VNF",
"target": "generic-vnf.vnf-name",
"from": "policy:amsterdam",
"policyScope": "com",
"policyName":
"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER.OPERATION.LOCKED.GUARD_PERMITTED",
"policyVersion": "1",
"notification": "OPERATION",
"message": "actor=APPC,operation=ModifyConfig,target=Target [type=VNF,
resourceID=9b231b3a-a6e6-43df-9ed1-13a2b70da856],subRequestId=1",
"notificationTime": "2018-10-18 12:38:06.906000+00:00",
"history": []
}
[2018-10-18T12:38:06.907+00:00|Session
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|APPC-CL]
{
"CommonHeader": {
"TimeStamp": 1539866286906,
"APIver": "1.01",
"RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6",
"SubRequestID": "1",
"RequestTrack": [],
"Flags": []
},
"Action": "ModifyConfig",
"Payload": {
"generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495",
"pg-streams": {
"pg-stream": [
{
"id": "fw_udp1",
"is-enabled": "true"
},
{
"id": "fw_udp2",
"is-enabled": "true"
},
{
"id": "fw_udp3",
"is-enabled": "true"
},
{
"id": "fw_udp4",
"is-enabled": "true"
},
{
"id": "fw_udp5",
"is-enabled": "true"
}
]
}
}
}
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Dear Jorge,
thank you for your help.
I had several issues due to some misconfigurations between ONAP services
(vNicUsageArray/vNicPerformanceArray, the closedLoopControlName was different
between TCA and the pushed policy, the target VNF was already running, etc.).
Now the CL is working.
However, despite it is working, by inspecting drools' network.log file I still
observe some issues:
...
...
[2018-10-18T12:38:06.906+00:00|Session
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT]
{
"AAI": {
"generic-vnf.resource-version": "1539010321583",
"generic-vnf.nf-role": "",
"generic-vnf.prov-status": "PROV",
"generic-vnf.orchestration-status": "Active",
"generic-vnf.is-closed-loop-disabled": "false",
"generic-vnf.service-id": "eb5c770a-ec21-43df-87ed-82fbc326e4f6",
"generic-vnf.in-maint": "false",
"generic-vnf.nf-type": "",
"generic-vnf.nf-naming-code": "",
"generic-vnf.vnf-name": "VNF-vFWSNK-vFWCL-08-10-Ins-4",
"generic-vnf.model-version-id": "0b83692c-f944-411d-8103-36bd26d2b974",
"generic-vnf.model-customization-id":
"1894e439-88d9-40a4-a591-c1e9de88f121",
"generic-vnf.nf-function": "",
"generic-vnf.vnf-type": "vFirewall-Service/vFWSNK 0",
"generic-vnf.model-invariant-id": "8864d433-a569-4b99-ba09-48b3d6d8d6db",
"generic-vnf.vnf-id": "cd4204ed-a2a9-42c5-baaa-d39953ff6178"
},
"closedLoopAlarmStart": 1539866241522408,
"closedLoopControlName":
"ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a",
"version": "1.0.2",
"requestId": "0549eb14-2f56-418f-adc3-d503d3bf96f6",
"closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca",
"targetType": "VNF",
"target": "generic-vnf.vnf-name",
"from": "policy:amsterdam",
"policyScope": "com",
"policyName":
"com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER.OPERATION.LOCKED.GUARD_PERMITTED",
"policyVersion": "1",
"notification": *"OPERATION"* ,
"message": "actor=APPC,operation=ModifyConfig,target=Target [type=VNF,
resourceID=9b231b3a-a6e6-43df-9ed1-13a2b70da856],subRequestId=1",
"notificationTime": "2018-10-18 12:38:06.906000+00:00",
"history": []
}
[2018-10-18T12:38:06.907+00:00|Session
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|APPC-CL]
{
"CommonHeader": {
"TimeStamp": 1539866286906,
"APIver": "1.01",
"RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6",
"SubRequestID": "1",
"RequestTrack": [],
"Flags": []
},
"Action": "ModifyConfig",
"Payload": {
"generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495",
"pg-streams": {
"pg-stream": [
{
"id": "fw_udp1",
"is-enabled": "true"
},
{
"id": "fw_udp2",
"is-enabled": "true"
},
{
"id": "fw_udp3",
"is-enabled": "true"
},
{
"id": "fw_udp4",
"is-enabled": "true"
},
{
"id": "fw_udp5",
"is-enabled": "true"
}
]
}
}
}
[2018-10-18T12:38:07.048+00:00|UEB-source-APPC-CL][IN|UEB|APPC-CL]
{
"CommonHeader": {
"TimeStamp": 1539866286906,
"APIver": "1.01",
"RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6",
"SubRequestID": "1",
"RequestTrack": [],
"Flags": []
},
"Action": "ModifyConfig",
"Payload": {
"generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495",
"pg-streams": {
"pg-stream": [
{
"id": "fw_udp1",
"is-enabled": "true"
},
{
"id": "fw_udp2",
"is-enabled": "true"
},
{
"id": "fw_udp3",
"is-enabled": "true"
},
{
"id": "fw_udp4",
"is-enabled": "true"
},
{
"id": "fw_udp5",
"is-enabled": "true"
}
]
}
}
}
[2018-10-18T12:38:07.246+00:00|UEB-source-APPC-CL][IN|UEB|APPC-CL]
{"Status":{"Value": *"ACCEPTED"*
,"Code":"100"},"CommonHeader":{"OriginatorID":null,"SubrequestID":null,"RequestID":"0549eb14-2f56-418f-adc3-d503d3bf96f6","APIver":"1.01","TimeStamp":"1539866286906"},"Payload":{"generic-vnf.vnf-id":"44662895-0e3e-475d-bc9b-6f734ba0f495","pg-streams":"{\\\"pg-streams\\\":
{\\\"pg-stream\\\":[{\\\"id\\\":\\\"fw_udp1\\\",
\\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp2\\\",
\\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp3\\\",
\\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp4\\\",
\\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp5\\\",
\\\"is-enabled\\\":\\\"true\\\"}]}}"}}
[2018-10-18T12:38:07.248+00:00|Session
org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT]
{
"AAI": {
"generic-vnf.resource-version": "1539010321583",
"generic-vnf.nf-role": "",
"generic-vnf.prov-status": "PROV",
"generic-vnf.orchestration-status":
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Xoan,
All those 3 topics are configured as anonymous topics across DCAE, APPC, and
Policy components. They are created the first time a message is published on
it (with the caveat that the first message is lost, it just creates it), so you
may find a glitch on the first time you run the scenario that exercises the
topic for the first time, but should not in subsequent ones.
To force creation of an anonymous topic too and avoid interference with your
first flow, send a dummy message to the topic to trigger the creation, for
example:
curl --silent -X POST --header "Content-Type: application/json" -d "{}"
http:// message-router:3904/events/ POLICY-CL-MGT
Check also the list of topics, and make sure it shows with:
curl --silent -X GET http://message-router:3904/topics/ (
http://message-router:3904/topics/ )
Jorge
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13109): https://lists.onap.org/g/onap-discuss/message/13109
Mute This Topic: https://lists.onap.org/mt/27329400/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Thank you Jorge, Actually, I tried those curls before but they added a second version of the policy instead of updating the current one. I usually prefer to have everything as default as possible to avoid errors in demos so I ended up with helm delete / helm install. Anyway, currently DCAE_CL_OUTPUT topic exists and has alarms but POLICY-CL-MGT and APPC-CL do not exist :( Kind regards, Xoan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13107): https://lists.onap.org/g/onap-discuss/message/13107 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hello Xoan,
Do the following, in you last curl command, replace “createPolicy” with
“updatePolicy”. After updating the config policy, push the policy:
curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header
'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header
'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d
'{
"pdpGroup": "default",
"policyName": "com.MicroServicevFirewall",
"policyType": "MicroService"
}' ' https://pdp:8081/pdp/api/pushPolicy (
https://urldefense.proofpoint.com/v2/url?u=https-3A__pdp-3A8081_pdp_api_pushPolicy=DwQGaQ=LFYZ-o9_HUMeMTSQicvjIg=AOclne09odx6cmeimzFUhQ=VSS5YLGsiNtDJ9SIuaxGfldveR4I9BQnn3UVGOTDdcQ=hytOt6VI7Dg9gvKFWyXASTQhGWRWD7Xa5Ui4gUq4roY=
) '
Verify that it has been updated according to your new values by issuing:
curl -k --silent -X POST --header 'Content-Type: application/json' --header
'Accept: application/json' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header
'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d
'{"policyName": ".*vFirewall.*"}' https://pdp:8081/pdp/api/getConfig (
https://urldefense.proofpoint.com/v2/url?u=https-3A__pdp-3A8081_pdp_api_getConfig=DwMGaQ=LFYZ-o9_HUMeMTSQicvjIg=AOclne09odx6cmeimzFUhQ=VSS5YLGsiNtDJ9SIuaxGfldveR4I9BQnn3UVGOTDdcQ=p9joRxCTAQ8Q_SGuTaoxsyyrDrQCo4ipyLidvsWL8Ek=
)
I just tried it, and worked for me.
Jorge
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13093): https://lists.onap.org/g/onap-discuss/message/13093
Mute This Topic: https://lists.onap.org/mt/27329400/21656
Group Owner: onap-discuss+ow...@lists.onap.org
Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Vijay, thank you for your help! It is strange that TCA configuration and the reported event does not match since I haven't modified anything. Kind regards, Xoan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13045): https://lists.onap.org/g/onap-discuss/message/13045 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
