From: lapentafd Date: Fri, 28 Jun 2024 08:55:50 +0000 (+0100) Subject: A1PMS README style check X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=commitdiff_plain;h=5a0a2a39ac6d857b8ce36d34684511410e99d970;p=nonrtric%2Fplt%2Fa1policymanagementservice.git A1PMS README style check Issue-ID: NONRTRIC-966 Change-Id: I6a0f1ca17d2579ac3f65ecde0c12f8b7d5288054 Signed-off-by: lapentafd --- diff --git a/README.md b/README.md index f773ff0..b438613 100644 --- a/README.md +++ b/README.md @@ -1,52 +1,81 @@ # O-RAN-SC Non-RT RIC Policy Agent -The O-RAN Non-RT RIC PolicyAgent provides a REST API for management of policices. -It provides support for: - -Supervision of clients (R-APPs) to eliminate stray policies in case of failure - -Consistency monitoring of the SMO view of policies and the actual situation in the RICs - -Consistency monitoring of RIC capabilities (policy types) - -Policy configuration. This includes: - -One REST API towards all RICs in the network - -Query functions that can find all policies in a RIC, all policies owned by a service (R-APP), - all policies of a type etc. - -Maps O1 resources (ManagedElement) as defined in O1 to the controlling RIC +The O-RAN Non-RT RIC Policy Agent provides a REST API for the management of policies within the O-RAN architecture. This README provides details on the features, configuration, and running instructions for the Policy Agent. +For detailed API documentation and further information, refer to the NONRTRIC documentation at [NONRTRIC Wiki](https://wiki.o-ran-sc.org/display/RICNR). -The Policy Agent uses the default keystore and truststore that are built into the container. The paths and passwords for these stores are located in a yaml file: -nonrtric/policy-agent/config/application.yaml +## Features -The default truststore includes a1simulator cert as a trusted cert which is located here: -https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD +The Policy Agent offers various functionalities to manage and monitor policies and RIC capabilities: -The default truststore also includes a1controller cert as a trusted cert which is located here (keystore.jks file): -https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEAD +- **Client Supervision**: Monitors clients (R-APPs) to eliminate stray policies in case of client failure. +- **Consistency Monitoring**: Ensures the SMO view of policies and RIC capabilities is consistent with the actual situation in the RICs. +- **Policy Configuration**: + - Single REST API for all RICs in the network. + - Query functions to find all policies in a RIC, all policies owned by a service (R-APP), all policies of a specific type, etc. + - Maps O1 resources (ManagedElement) to the controlling RIC. -There is also Policy Agent's own cert in the default truststore for mocking purposes and unit-testing (ApplicationTest.java). +## Configuration -The default keystore, truststore, and application.yaml files can be overridden by mounting new files using the "volumes" field of docker-compose or docker run command. +The Policy Agent uses default keystore and truststore files included in the container. The paths and passwords for these stores are specified in a YAML configuration file located at: -Assuming that the keystore, truststore, and application.yaml files are located in the same directory as docker-compose, the volumes field should have these entries: + +### Default Truststore Certificates + +The default truststore includes the following trusted certificates: +- **A1 Simulator Certificate**: [a1simulator cert](https://gerrit.o-ran-sc.org/r/gitweb?p=sim/a1-interface.git;a=tree;f=near-rt-ric-simulator/certificate;h=172c1e5aacd52d760e4416288dc5648a5817ce65;hb=HEAD) +- **A1 Controller Certificate**: [a1controller cert (keystore.jks)](https://gerrit.o-ran-sc.org/r/gitweb?p=nonrtric.git;a=tree;f=sdnc-a1-controller/oam/installation/sdnc-a1/src/main/resources;h=17fdf6cecc7a866c5ce10a35672b742a9f0c4acf;hb=HEAD) +- **Policy Agent's Own Certificate**: Used for mocking and unit-testing purposes (ApplicationTest.java). + +### Overriding Default Configuration + +You can override the default keystore, truststore, and application.yaml files by mounting new files using the `volumes` field in Docker Compose or the `docker run` command. + +Assuming the new keystore, truststore, and application.yaml files are located in the same directory as your Docker Compose file, the `volumes` field should include these entries: + +```yaml volumes: - - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro - - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro - - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro + - ./new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks:ro + - ./new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks:ro + - ./new_application.yaml:/opt/app/policy-agent/config/application.yaml:ro +``` -The target paths in the container should not be modified. +The target paths in the container should remain unchanged. -Example docker run command for mounting new files (assuming they are located in the current directory): -docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" o-ran-sc/nonrtric-policy-agent:2.2.0-SNAPSHOT +Example Docker Run Command +To run the Policy Agent container and mount the new configuration files, use the following docker run command: +```sh +docker run -p 8081:8081 -p 8433:8433 --name=policy-agent-container --network=nonrtric-docker-net \ + --volume "$PWD/new_keystore.jks:/opt/app/policy-agent/etc/cert/keystore.jks" \ + --volume "$PWD/new_truststore.jks:/opt/app/policy-agent/etc/cert/truststore.jks" \ + --volume "$PWD/new_application.yaml:/opt/app/policy-agent/config/application.yaml" \ + o-ran-sc/nonrtric-policy-agent:2.2.0-SNAPSHOT +``` -To Run Policy Agent in Local: -In the folder /opt/app/policy-agent/config/, create a soft link with below command, +### Running Policy Agent Locally +To run the Policy Agent locally in a simulated test mode, follow these steps: + +1. In the folder /opt/app/policy-agent/config/, create a soft link to your test configuration file: + +```sh ln -s application_configuration.json +``` + +2. Start the Policy Agent with the following Maven command: -The agent can be run stand alone in a simulated test mode. Then it simulates RICs. -The REST API is published on port 8081 and it is started by command: +```sh mvn -Dtest=MockPolicyAgent test +``` + +This will start the agent in a simulated mode, where it mimics the behavior of RICs. The REST API will be available on port 8081. + +### API Documentation +The backend server publishes live API documentation, which can be accessed at: -The backend server publishes live API documentation at the -URL `http://your-host-name-here:8081/swagger-ui.html` +```bash +http://your-host-name-here:8081/swagger-ui.html +``` ## License diff --git a/config/README b/config/README.md similarity index 76% rename from config/README rename to config/README.md index 38d4f3d..bc19db0 100644 --- a/config/README +++ b/config/README.md @@ -1,30 +1,41 @@ -The keystore.jks and truststore.jks files are created by using the following commands (note that this is an example): +# Keystore and Truststore Setup Guide -1) Create a CA certificate and a private key: +This guide provides step-by-step instructions for creating `keystore.jks` and `truststore.jks` files. Follow the commands carefully to ensure proper setup. +## 1. Create a CA Certificate and Private Key + +Generate a CA private key and self-signed certificate: + +```sh openssl genrsa -des3 -out CA-key.pem 2048 openssl req -new -key CA-key.pem -x509 -days 3600 -out CA-cert.pem +``` -2) Create a keystore with a private key entry that is signed by the CA: +## 2. Create a keystore with a private key entry that is signed by the CA: Note: the "your name" must be "localhost" for the unittest to work. +```sh keytool -genkeypair -alias policy_agent -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 3650 -storepass policy_agent keytool -certreq -alias policy_agent -file request.csr -keystore keystore.jks -ext san=dns:your.domain.com -storepass policy_agent openssl x509 -req -days 3650 -in request.csr -CA CA-cert.pem -CAkey CA-key.pem -CAcreateserial -out ca_signed-cert.pem keytool -importcert -alias ca_cert -file CA-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent keytool -importcert -alias policy_agent -file ca_signed-cert.pem -keystore keystore.jks -trustcacerts -storepass policy_agent +``` +## 3. Create a trust store containing the CA cert (to trust all certs signed by the CA): -3) Create a trust store containing the CA cert (to trust all certs signed by the CA): - +```sh keytool -genkeypair -alias not_used -keyalg RSA -keysize 2048 -keystore truststore.jks -validity 3650 -storepass policy_agent keytool -importcert -alias ca_cert -file CA-cert.pem -keystore truststore.jks -trustcacerts -storepass policy_agent +``` +## 4. Command for listing of the contents of jks files, examples: -4) Command for listing of the contents of jks files, examples: +```sh keytool -list -v -keystore keystore.jks -storepass policy_agent keytool -list -v -keystore truststore.jks -storepass policy_agent +``` ## License