Versions Compared

Old Version 2

changes.mady.by.user Eric Multanen

Saved on

compared with

New Version Current

changes.mady.by.user Eric Multanen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In the current K8S vFW demo, the sourceName is 'k8s-testing'.  This will need to be made instance specific in the future.

NOTE: Further investigation reveals that the vFW obtained the sourceName of 'k8s-testing' by making an OpenStack metadata service query and using the subsequent name from the response.  'k8s-testing' was the OpenStack instance name of the VM in which the KUD cloud region was running.  Adding a route in the vFW to reject the network used for OpenStack metadata (e.g. 169.254.0.0/16) causes the vFW VES code to default to the vFW hostname - which is the name of the vFW pod (e.g.  profile1-firewall-6558957c88-2rxdh )

Add a vserver object to AAI

...

At this time, there is no heatbridge or AAI code for the K8S vFW deployments.  So, in support of handling the AAI enrichment process by looking up via vserver, the following AAI object is added to AAI manually.

NOTE:  As mentioned just above, the sourceName in this example happened to be 'k8s-testing', but the suggested approach is to use the pod name for the vserver-name.


PUT https://{{AAI1_PUB_IP}}:{{AAI1_PUB_PORT}}/aai/v11/bulkadd

...

First check the health.

true
Code Block
collapse
curl -vvv -k --silent --user 'healthcheck:zb!XztG34' -X GET https://policy-api.onap:6969/policy/api/v1/healthcheck


Then :

collapse
Code Block
true
curl -v -k -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' -d @./newpolicytype.json https://policy-api.onap:6969/policy/api/v1/policytypes/onap.policies.monitoring.cdap.tca.hi.lo.app/versions/1.0.0/policies

...

Now issue this command:

Code Block
collapsetrue
curl -v -k -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' -d @./newoppolicy.json https://policy-api.onap:6969/policy/api/v1/policytypes/onap.policies.controlloop.Operational/versions/1.0.0/policies

...

Now issue the following command:

true
Code Block
collapse
curl -v -k -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' -d @./newpdppush.json https://policy-pap.onap:6969/policy/pap/v1/pdps/policies

...

This is a query that the Robot test does after the above steps.

collapse
Code Block
true
curl -v -k -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -H 'Authorization: Basic aGVhbHRoY2hlY2s6emIhWHp0RzM0' https://policy-pap.onap:6969/policy/pap/v1/pdps

...

Following picture shows how it was set several times over an hour and policy set it back to 5.



Info

In the following example, the vFW virtlet