X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=README.md;h=c82e0f6f393cd43012b5141f7a8ddbfac65a7802;hb=b0a528babe16cae97e8a11649a59a3e49890d973;hp=f773ff08cde7ce15f4b280a77bf41a04f9b1ebc5;hpb=d16cf7f33f3cb0a104ca91a5e5db59d3ad81bb21;p=nonrtric%2Fplt%2Fa1policymanagementservice.git diff --git a/README.md b/README.md index f773ff0..c82e0f6 100644 --- a/README.md +++ b/README.md @@ -1,56 +1,102 @@ -# O-RAN-SC Non-RT RIC Policy Agent +# O-RAN-SC Non-RT RIC A1 Policy Management Service -The O-RAN Non-RT RIC PolicyAgent provides a REST API for management of policices. -It provides support for: - -Supervision of clients (R-APPs) to eliminate stray policies in case of failure - -Consistency monitoring of the SMO view of policies and the actual situation in the RICs - -Consistency monitoring of RIC capabilities (policy types) - -Policy configuration. This includes: - -One REST API towards all RICs in the network - -Query functions that can find all policies in a RIC, all policies owned by a service (R-APP), - all policies of a type etc. - -Maps O1 resources (ManagedElement) as defined in O1 to the controlling RIC +The O-RAN-SC A1 Policy Management Service provides a REST API for the management of policies within the O-RAN architecture. This README provides details on the features, configuration, and running instructions for the A1 Policy Management Service. +For detailed API documentation and further information, refer to the NONRTRIC documentation at [NONRTRIC Wiki](https://wiki.o-ran-sc.org/display/RICNR). +For additional detailed documentation, also refer to the NONRTRIC documentation at [A1 Policy Management Service Documentation site](https://docs.o-ran-sc.org/projects/o-ran-sc-nonrtric-plt-a1policymanagementservice). -The Policy Agent uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file: -nonrtric/policy-agent/config/application.yaml +The A1 Policy Management Service is homed in ONAP. For additional documentation see [ONAP CCSDK documentation](https://docs.onap.org/projects/onap-ccsdk-oran). +and [wiki](https://wiki.onap.org/display/DW/O-RAN+A1+Policies+in+ONAP). -The default truststore includes a1simulator cert as a trusted cert which is located here: -https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD +## Features -The default truststore also includes a1controller cert as a trusted cert which is located here (keystore.jks file): -https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEAD -There is also Policy Agent's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java). +The A1 Policy Management Service is a microservice which maintains a transient repository of: -The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command. +- All A1 policies instances in the network. Each policy is targeted to a near-RT-RIC instance and is owned by a 'service' (e.g., rApps or the NONRTRIC Dashboard). +- All near-RT-RICs in the network. +- All Policy types supported by each near-RT-RIC. -Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries: +The service provides : +- Unified REST API for managing A1 Policies in all near-RT-RICs. +- Compliant with O-RAN R1 specification for A1-Policy Management (R1-AP v5.0, with additional features & fixes) +- Synchronized view of A1 Policy instances for each rAPP +- Synchronized view of A1 Policy instances in each near-RT-RIC +- Synchronized view of A1 Policy types supported by each near-RT-RIC +- Lookup service to find the near-RT-RIC to control resources in the RAN as defined in O1 (e.g. which near-RT-RIC should be accessed to control a certain CU or DU, which in turn controls a certain cell). +- Monitors all near-RT-RICs and maintains data consistency, e.g. recovery from near-RT-RIC restarts +- Support for different Southbound APIs to the near-RT-RICs (different versions of the A1-P and other similar APIs). +- HTTPS can be configured to use a supplied certificate/private key and to validate peers towards a list of trusted CAs/certs. +- HTTP proxy support for tunneling HTTP/HTTPS connections. +- Fine-grained access-control - with new optional callouts to an external auth function +- Fine-grained monitoring metrics, logging & call tracing can be configured + +## Configuration + +The A1 Policy Management Service uses default keystore and truststore files included in the container. The paths and passwords for these stores are specified in a YAML configuration file located at: + + + +### Default Truststore Certificates + +The default truststore includes the following trusted certificates: +- **A1 Simulator Certificate**: [a1simulator cert](https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate) +- **A1 Policy Management Service's Own Certificate**: Used for mocking and unit-testing purposes (ApplicationTest.java). + +### Overriding Default Configuration + +You can override the default keystore, truststore, and application.yaml files by mounting new files using the `volumes` field in Docker Compose or the `docker run` command. + +Assuming the new keystore, truststore, and application.yaml files are located in the same directory as your Docker Compose file, the `volumes` field should include these entries: + +```yaml volumes: - - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro - - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro - - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro + - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro + - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro + - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro +``` + +The target paths in the container should remain unchanged. + +Example Docker Run Command +To run the Policy Agent container and mount the new configuration files, use the following docker run command: -The target paths in the container should not be modified. +```sh +docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net \ + --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" \ + --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" \ + --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" \ + nexus3.o-ran-sc.org:10002/o-ran-sc/nonrtric-plt-a1policymanagementservice:2.8.0 +``` -Example docker run command for mounting new files (assuming they are located in the current directory): -docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" o-ran-sc/nonrtric-policy-agent:2.2.0-SNAPSHOT +### Running Policy Agent Locally +To run the Policy Agent locally in a simulated test mode, follow these steps: +1. In the folder /opt/app/policy-agent/config/, create a soft link to your test configuration file: -To Run Policy Agent in Local: -In the folder /opt/app/policy-agent/config/, create a soft link with below command, +```sh ln -s application_configuration.json +``` -The agent can be run stand alone in a simulated test mode. Then it simulates RICs. -The REST API is published on port 8081 and it is started by command: +2. Start the Policy Agent with the following Maven command: + +```sh mvn -Dtest=MockPolicyAgent test +``` + +This will start the agent in a simulated mode, where it mimics the behavior of RICs. The REST API will be available on port 8081. + +### API Documentation +The backend server publishes live API documentation, which can be accessed at: -The backend server publishes live API documentation at the -URL `http://your-host-name-here:8081/swagger-ui.html` +```bash +http://your-host-name-here:8081/swagger-ui.html +``` ## License -Copyright (C) 2019 Nordix Foundation. All rights reserved. +Copyright (C) 2019-2023 Nordix Foundation. All rights reserved. +Copyright (C) 2024: OpenInfra Foundation Europe. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at