...
Policy lifecycle management manages the deployment and life cycle of policies in PDP groups at run time. Policy sets can be deploy at run time without restarting PDPs or stopping policy execution. PDPs preserve state for minor/patch version upgrades and rollbacks.
2.3.5.1
...
Load/Update Policies on PDP
The sequence diagram below shows how a Policy Set is loaded into policies are loaded or updated on a PDP.
This sequence can be initiated in three two ways; from the PDP , from Nexus, or from a user action.
- A PDP sends regular status update messages to the PAP. If this message indicates that the PDP has no Policy Set policies or an outdated Policy Set policies loaded, then this sequence is initiatedNexus triggers the PAP when a new policy set becomes available. The PAP initiates this sequence to upgrade the policy set on all PDPs running that policy set.
- A user may explicitly trigger this sequence to load a policy set policies on a PDP
The PAP controls the entire process. The PAP reads the current current PDP metadata from the database and reads the required policy and policy set artifacts from Nexusthe database. It then uses a PDP Plugin for the specific type of PDP to unpack the artifacts and build the builds the policy set for the PDP in whatever form this type of PDP requires. The PAP supports a Java API that allows plugins to be developed for unpacking and building policies for arbitrary PDPs.Once the Policy Set has been unpacked and builtOnce the policies are ready, the PAP sets the mode of the PDP to PASSIVE. The Policy Set is transparently passed to the PDP by the PAP. The PDP loads all the policies in the policy set including any models, rules, tasks, or flows in the policy set in the policy implementations.
Once the Policy Set is loaded, the PAP orders the PDP to enter the life cycle mode that has been specified for it (ACTIVE/SAFE/TEST). The PDP beings to execute policies in the specified mode (see section 2.23.4).
2.3.5.2 Policy Rollout
...