-# O-RAN-SC Non-RT RIC Policy Agent
+# O-RAN-SC Non-RT RIC A1 Policy Management Service
-The O-RAN Non-RT RIC PolicyAgent provides a REST API for management of policices.
-It provides support for:
- -Supervision of clients (R-APPs) to eliminate stray policies in case of failure
- -Consistency monitoring of the SMO view of policies and the actual situation in the RICs
- -Consistency monitoring of RIC capabilities (policy types)
- -Policy configuration. This includes:
- -One REST API towards all RICs in the network
- -Query functions that can find all policies in a RIC, all policies owned by a service (R-APP),
- all policies of a type etc.
- -Maps O1 resources (ManagedElement) as defined in O1 to the controlling RIC
+The O-RAN-SC A1 Policy Management Service provides a REST API for the management of policies within the O-RAN architecture. This README provides details on the features, configuration, and running instructions for the A1 Policy Management Service.
+For detailed API documentation and further information, refer to the NONRTRIC documentation at [NONRTRIC Wiki](https://wiki.o-ran-sc.org/display/RICNR).
+For additional detailed documentation, also refer to the NONRTRIC documentation at [A1 Policy Management Service Documentation site](https://docs.o-ran-sc.org/projects/o-ran-sc-nonrtric-plt-a1policymanagementservice).
-The Policy Agent uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file:
-nonrtric/policy-agent/config/application.yaml
+The A1 Policy Management Service is homed in ONAP. For additional documentation see [ONAP CCSDK documentation](https://docs.onap.org/projects/onap-ccsdk-oran).
+and [wiki](https://wiki.onap.org/display/DW/O-RAN+A1+Policies+in+ONAP).
-The default truststore includes a1simulator cert as a trusted cert which is located here:
-https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD
+## Features
-The default truststore also includes a1controller cert as a trusted cert which is located here (keystore.jks file):
-https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEAD
-There is also Policy Agent's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java).
+The A1 Policy Management Service is a microservice which maintains a transient repository of:
-The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command.
+- All A1 policies instances in the network. Each policy is targeted to a near-RT-RIC instance and is owned by a 'service' (e.g., rApps or the NONRTRIC Dashboard).
+- All near-RT-RICs in the network.
+- All Policy types supported by each near-RT-RIC.
-Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries:
+The service provides :
+- Unified REST API for managing A1 Policies in all near-RT-RICs.
+- Compliant with O-RAN R1 specification for A1-Policy Management (R1-AP v5.0, with additional features & fixes)
+- Synchronized view of A1 Policy instances for each rAPP
+- Synchronized view of A1 Policy instances in each near-RT-RIC
+- Synchronized view of A1 Policy types supported by each near-RT-RIC
+- Lookup service to find the near-RT-RIC to control resources in the RAN as defined in O1 (e.g. which near-RT-RIC should be accessed to control a certain CU or DU, which in turn controls a certain cell).
+- Monitors all near-RT-RICs and maintains data consistency, e.g. recovery from near-RT-RIC restarts
+- Support for different Southbound APIs to the near-RT-RICs (different versions of the A1-P and other similar APIs).
+- HTTPS can be configured to use a supplied certificate/private key and to validate peers towards a list of trusted CAs/certs.
+- HTTP proxy support for tunneling HTTP/HTTPS connections.
+- Fine-grained access-control - with new optional callouts to an external auth function
+- Fine-grained monitoring metrics, logging & call tracing can be configured
+
+## Configuration
+
+The A1 Policy Management Service uses default keystore and truststore files included in the container. The paths and passwords for these stores are specified in a YAML configuration file located at:
+
+
+
+### Default Truststore Certificates
+
+The default truststore includes the following trusted certificates:
+- **A1 Simulator Certificate**: [a1simulator cert](https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate)
+- **A1 Policy Management Service's Own Certificate**: Used for mocking and unit-testing purposes (ApplicationTest.java).
+
+### Overriding Default Configuration
+
+You can override the default keystore, truststore, and application.yaml files by mounting new files using the `volumes` field in Docker Compose or the `docker run` command.
+
+Assuming the new keystore, truststore, and application.yaml files are located in the same directory as your Docker Compose file, the `volumes` field should include these entries:
+
+```yaml
volumes:
- - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
- - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
- - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro
+ - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro
+ - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro
+ - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro
+```
+
+The target paths in the container should remain unchanged.
+
+Example Docker Run Command
+To run the Policy Agent container and mount the new configuration files, use the following docker run command:
-The target paths in the container should not be modified.
+```sh
+docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net \
+ --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" \
+ --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" \
+ --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" \
+ nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-a1policymanagementservice:2.8.0
+```
-Example docker run command for mounting new files (assuming they are located in the current directory):
-docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" o-ran-sc/nonrtric-policy-agent:2.2.0-SNAPSHOT
+### Running Policy Agent Locally
+To run the Policy Agent locally in a simulated test mode, follow these steps:
+1. In the folder /opt/app/policy-agent/config/, create a soft link to your test configuration file:
-To Run Policy Agent in Local:
-In the folder /opt/app/policy-agent/config/, create a soft link with below command,
+```sh
ln -s <path to test_application_configuration.json> application_configuration.json
+```
-The agent can be run stand alone in a simulated test mode. Then it simulates RICs.
-The REST API is published on port 8081 and it is started by command:
+2. Start the Policy Agent with the following Maven command:
+
+```sh
mvn -Dtest=MockPolicyAgent test
+```
+
+This will start the agent in a simulated mode, where it mimics the behavior of RICs. The REST API will be available on port 8081.
+
+### API Documentation
+The backend server publishes live API documentation, which can be accessed at:
-The backend server publishes live API documentation at the
-URL `http://your-host-name-here:8081/swagger-ui.html`
+```bash
+http://your-host-name-here:8081/swagger-ui.html
+```
## License
-Copyright (C) 2019 Nordix Foundation. All rights reserved.
+Copyright (C) 2019-2023 Nordix Foundation. All rights reserved.
+Copyright (C) 2024: OpenInfra Foundation Europe. All rights reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Code Review / nonrtric / plt / a1policymanagementservice.git / blobdiff