Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Xoan, I’m a bit confused by the logs too, you should see a “FINAL: SUCCESS” matching the receipt of the APPC “SUCCESS” but failure reporting is ok for “duplicated” transactions, which are expected in this use case since DCAE ONSETs comes into policy in multiples for the same operation. Resources should be locked based on the target vnf id. In any case, keep an eye on it, if you can reproduce it on an stable environment as I am not very clear, how the changed target vnf id, that you mention at the bottom of the page, would affect the rules processing of the flow. Best regards, Jorge From: onap-discuss@lists.onap.org [mailto:onap-discuss@lists.onap.org] On Behalf Of jkzcristiano Sent: Thursday, October 18, 2018 8:10 AM To: onap-discuss@lists.onap.org Subject: Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message Dear Jorge, thank you for your help. I had several issues due to some misconfigurations between ONAP services (vNicUsageArray/vNicPerformanceArray, the closedLoopControlName was different between TCA and the pushed policy, the target VNF was already running, etc.). Now the CL is working. [cid:image001.png@01D46724.160EA890] However, despite it is working, by inspecting drools' network.log file I still observe some issues: ... ... [2018-10-18T12:38:06.906+00:00|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT] { "AAI": { "generic-vnf.resource-version": "1539010321583", "generic-vnf.nf-role": "", "generic-vnf.prov-status": "PROV", "generic-vnf.orchestration-status": "Active", "generic-vnf.is-closed-loop-disabled": "false", "generic-vnf.service-id": "eb5c770a-ec21-43df-87ed-82fbc326e4f6", "generic-vnf.in-maint": "false", "generic-vnf.nf-type": "", "generic-vnf.nf-naming-code": "", "generic-vnf.vnf-name": "VNF-vFWSNK-vFWCL-08-10-Ins-4", "generic-vnf.model-version-id": "0b83692c-f944-411d-8103-36bd26d2b974", "generic-vnf.model-customization-id": "1894e439-88d9-40a4-a591-c1e9de88f121", "generic-vnf.nf-function": "", "generic-vnf.vnf-type": "vFirewall-Service/vFWSNK 0", "generic-vnf.model-invariant-id": "8864d433-a569-4b99-ba09-48b3d6d8d6db", "generic-vnf.vnf-id": "cd4204ed-a2a9-42c5-baaa-d39953ff6178" }, "closedLoopAlarmStart": 1539866241522408, "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "requestId": "0549eb14-2f56-418f-adc3-d503d3bf96f6", "closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca", "targetType": "VNF", "target": "generic-vnf.vnf-name", "from": "policy:amsterdam", "policyScope": "com", "policyName": "com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER.OPERATION.LOCKED.GUARD_PERMITTED", "policyVersion": "1", "notification": "OPERATION", "message": "actor=APPC,operation=ModifyConfig,target=Target [type=VNF, resourceID=9b231b3a-a6e6-43df-9ed1-13a2b70da856],subRequestId=1", "notificationTime": "2018-10-18 12:38:06.906000+00:00", "history": [] } [2018-10-18T12:38:06.907+00:00|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|APPC-CL] { "CommonHeader": { "TimeStamp": 1539866286906, "APIver": "1.01", "RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6", "SubRequestID": "1", "RequestTrack": [], "Flags": [] }, "Action": "ModifyConfig", "Payload": { "generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495", "pg-streams": { "pg-stream": [ { "id": "fw_udp1", "is-enabled": "true" }, { "id": "fw_udp2", "is-enabled": "true" }, { "id": "fw_udp3", "is-enabled": "true" }, { "id": "fw_udp4", "is-enabled": "true" }, { "id": "fw_udp5", "is-enabled": "true" } ] } } }
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Dear Jorge, thank you for your help. I had several issues due to some misconfigurations between ONAP services (vNicUsageArray/vNicPerformanceArray, the closedLoopControlName was different between TCA and the pushed policy, the target VNF was already running, etc.). Now the CL is working. However, despite it is working, by inspecting drools' network.log file I still observe some issues: ... ... [2018-10-18T12:38:06.906+00:00|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT] { "AAI": { "generic-vnf.resource-version": "1539010321583", "generic-vnf.nf-role": "", "generic-vnf.prov-status": "PROV", "generic-vnf.orchestration-status": "Active", "generic-vnf.is-closed-loop-disabled": "false", "generic-vnf.service-id": "eb5c770a-ec21-43df-87ed-82fbc326e4f6", "generic-vnf.in-maint": "false", "generic-vnf.nf-type": "", "generic-vnf.nf-naming-code": "", "generic-vnf.vnf-name": "VNF-vFWSNK-vFWCL-08-10-Ins-4", "generic-vnf.model-version-id": "0b83692c-f944-411d-8103-36bd26d2b974", "generic-vnf.model-customization-id": "1894e439-88d9-40a4-a591-c1e9de88f121", "generic-vnf.nf-function": "", "generic-vnf.vnf-type": "vFirewall-Service/vFWSNK 0", "generic-vnf.model-invariant-id": "8864d433-a569-4b99-ba09-48b3d6d8d6db", "generic-vnf.vnf-id": "cd4204ed-a2a9-42c5-baaa-d39953ff6178" }, "closedLoopAlarmStart": 1539866241522408, "closedLoopControlName": "ControlLoop-vFirewall-d0a1dfc6-94f5-4fd4-a5b5-4630b438850a", "version": "1.0.2", "requestId": "0549eb14-2f56-418f-adc3-d503d3bf96f6", "closedLoopEventClient": "DCAE_INSTANCE_ID.dcae-tca", "targetType": "VNF", "target": "generic-vnf.vnf-name", "from": "policy:amsterdam", "policyScope": "com", "policyName": "com.Config_BRMS_Param_BRMSParamvFirewall.EVENT.MANAGER.OPERATION.LOCKED.GUARD_PERMITTED", "policyVersion": "1", "notification": *"OPERATION"* , "message": "actor=APPC,operation=ModifyConfig,target=Target [type=VNF, resourceID=9b231b3a-a6e6-43df-9ed1-13a2b70da856],subRequestId=1", "notificationTime": "2018-10-18 12:38:06.906000+00:00", "history": [] } [2018-10-18T12:38:06.907+00:00|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|APPC-CL] { "CommonHeader": { "TimeStamp": 1539866286906, "APIver": "1.01", "RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6", "SubRequestID": "1", "RequestTrack": [], "Flags": [] }, "Action": "ModifyConfig", "Payload": { "generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495", "pg-streams": { "pg-stream": [ { "id": "fw_udp1", "is-enabled": "true" }, { "id": "fw_udp2", "is-enabled": "true" }, { "id": "fw_udp3", "is-enabled": "true" }, { "id": "fw_udp4", "is-enabled": "true" }, { "id": "fw_udp5", "is-enabled": "true" } ] } } } [2018-10-18T12:38:07.048+00:00|UEB-source-APPC-CL][IN|UEB|APPC-CL] { "CommonHeader": { "TimeStamp": 1539866286906, "APIver": "1.01", "RequestID": "0549eb14-2f56-418f-adc3-d503d3bf96f6", "SubRequestID": "1", "RequestTrack": [], "Flags": [] }, "Action": "ModifyConfig", "Payload": { "generic-vnf.vnf-id": "44662895-0e3e-475d-bc9b-6f734ba0f495", "pg-streams": { "pg-stream": [ { "id": "fw_udp1", "is-enabled": "true" }, { "id": "fw_udp2", "is-enabled": "true" }, { "id": "fw_udp3", "is-enabled": "true" }, { "id": "fw_udp4", "is-enabled": "true" }, { "id": "fw_udp5", "is-enabled": "true" } ] } } } [2018-10-18T12:38:07.246+00:00|UEB-source-APPC-CL][IN|UEB|APPC-CL] {"Status":{"Value": *"ACCEPTED"* ,"Code":"100"},"CommonHeader":{"OriginatorID":null,"SubrequestID":null,"RequestID":"0549eb14-2f56-418f-adc3-d503d3bf96f6","APIver":"1.01","TimeStamp":"1539866286906"},"Payload":{"generic-vnf.vnf-id":"44662895-0e3e-475d-bc9b-6f734ba0f495","pg-streams":"{\\\"pg-streams\\\": {\\\"pg-stream\\\":[{\\\"id\\\":\\\"fw_udp1\\\", \\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp2\\\", \\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp3\\\", \\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp4\\\", \\\"is-enabled\\\":\\\"true\\\"},{\\\"id\\\":\\\"fw_udp5\\\", \\\"is-enabled\\\":\\\"true\\\"}]}}"}} [2018-10-18T12:38:07.248+00:00|Session org.onap.policy-engine.drools.amsterdam:policy-amsterdam-rules:0.1.0:closedloop-amsterdam][OUT|UEB|POLICY-CL-MGT] { "AAI": { "generic-vnf.resource-version": "1539010321583", "generic-vnf.nf-role": "", "generic-vnf.prov-status": "PROV", "generic-vnf.orchestration-status":
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Xoan, All those 3 topics are configured as anonymous topics across DCAE, APPC, and Policy components. They are created the first time a message is published on it (with the caveat that the first message is lost, it just creates it), so you may find a glitch on the first time you run the scenario that exercises the topic for the first time, but should not in subsequent ones. To force creation of an anonymous topic too and avoid interference with your first flow, send a dummy message to the topic to trigger the creation, for example: curl --silent -X POST --header "Content-Type: application/json" -d "{}" http:// message-router:3904/events/ POLICY-CL-MGT Check also the list of topics, and make sure it shows with: curl --silent -X GET http://message-router:3904/topics/ ( http://message-router:3904/topics/ ) Jorge -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13109): https://lists.onap.org/g/onap-discuss/message/13109 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Thank you Jorge, Actually, I tried those curls before but they added a second version of the policy instead of updating the current one. I usually prefer to have everything as default as possible to avoid errors in demos so I ended up with helm delete / helm install. Anyway, currently DCAE_CL_OUTPUT topic exists and has alarms but POLICY-CL-MGT and APPC-CL do not exist :( Kind regards, Xoan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13107): https://lists.onap.org/g/onap-discuss/message/13107 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hello Xoan, Do the following, in you last curl command, replace “createPolicy” with “updatePolicy”. After updating the config policy, push the policy: curl -k -v --silent -X PUT --header 'Content-Type: application/json' --header 'Accept: text/plain' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{ "pdpGroup": "default", "policyName": "com.MicroServicevFirewall", "policyType": "MicroService" }' ' https://pdp:8081/pdp/api/pushPolicy ( https://urldefense.proofpoint.com/v2/url?u=https-3A__pdp-3A8081_pdp_api_pushPolicy=DwQGaQ=LFYZ-o9_HUMeMTSQicvjIg=AOclne09odx6cmeimzFUhQ=VSS5YLGsiNtDJ9SIuaxGfldveR4I9BQnn3UVGOTDdcQ=hytOt6VI7Dg9gvKFWyXASTQhGWRWD7Xa5Ui4gUq4roY= ) ' Verify that it has been updated according to your new values by issuing: curl -k --silent -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'ClientAuth: cHl0aG9uOnRlc3Q=' --header 'Authorization: Basic dGVzdHBkcDphbHBoYTEyMw==' --header 'Environment: TEST' -d '{"policyName": ".*vFirewall.*"}' https://pdp:8081/pdp/api/getConfig ( https://urldefense.proofpoint.com/v2/url?u=https-3A__pdp-3A8081_pdp_api_getConfig=DwMGaQ=LFYZ-o9_HUMeMTSQicvjIg=AOclne09odx6cmeimzFUhQ=VSS5YLGsiNtDJ9SIuaxGfldveR4I9BQnn3UVGOTDdcQ=p9joRxCTAQ8Q_SGuTaoxsyyrDrQCo4ipyLidvsWL8Ek= ) I just tried it, and worked for me. Jorge -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13093): https://lists.onap.org/g/onap-discuss/message/13093 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [onap-discuss] [TCA] No Policy Threshold violated by the VES CEF Message
Hi Vijay, thank you for your help! It is strange that TCA configuration and the reported event does not match since I haven't modified anything. Kind regards, Xoan -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#13045): https://lists.onap.org/g/onap-discuss/message/13045 Mute This Topic: https://lists.onap.org/mt/27329400/21656 Group Owner: onap-discuss+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-discuss/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-