CPS Deployment
Database configuration
CPS uses PostgreSQL database. As per the PostgreSQL documentation on resource consumption, the shared_buffers parameter should be set between 25% and 40% of total memory. It has a default value of 128 megabytes, so this should be set appropriately. For example, given a database with 2GB of memory, 512MB is a recommended value.
CPS and NCMP Configuration
CPU and Memory Requirements
The following are minimum requirements for NCMP:
For 20,000 CM-handles: 2 CPUs and 2 GB RAM per instance, with 70% heap allocation.
For 50,000 CM-handles: 3 CPUs and 3 GB RAM per instance, with 70% heap allocation.
JVM Memory Allocation
When running with 2 GB or more memory per instance, allocating 70% of the JVM memory to the heap ensures efficient memory management. It is not recommended to go above 70%.
JAVA_TOOL_OPTIONS: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0"
Load balancer configuration
For optimal performance in CPS/NCMP, load balancers should be configured to use a least-requests policy, also known as least-connected. Use of round-robin load balancing can lead to instability.
CPS OOM Charts
The CPS kubernetes chart is located in the OOM repository. This chart includes different cps components referred as <cps-component-name> further in the document are listed below:
Please refer to the OOM documentation on how to install and deploy ONAP.
Installing or Upgrading CPS Components
The assumption is you have cloned the charts from the OOM repository into a local directory.
Step 1 Go to the cps charts and edit properties in values.yaml files to make any changes to particular cps component if required.
cd oom/kubernetes/cps/components/<cps-component-name>
Step 2 Build the charts
cd oom/kubernetes
make SKIP_LINT=TRUE cps
Note
SKIP_LINT is only to reduce the “make” time
Step 3 Undeploying already deployed cps components
After undeploying cps components, keep monitoring the cps pods until they go away.
helm del --purge <my-helm-release>-<cps-component-name>
kubectl get pods -n <namespace> | grep <cps-component-name>
Step 4 Make sure there is no orphan database persistent volume or claim.
First, find if there is an orphan database PV or PVC with the following commands:
Note
This step does not apply to ncmp-dmi-plugin.
kubectl get pvc -n <namespace> | grep <cps-component-name>
kubectl get pv -n <namespace> | grep <cps-component-name>
If there are any orphan resources, delete them with
kubectl delete pvc <orphan-cps-core-pvc-name>
kubectl delete pv <orphan-cps-core-pv-name>
Step 5 Delete NFS persisted data for CPS components
Connect to the machine where the file system is persisted and then execute the below command
rm -fr /dockerdata-nfs/<my-helm-release>/<cps-component-name>
Step 6 Re-Deploy cps pods
After deploying cps, keep monitoring the cps pods until they come up.
helm deploy <my-helm-release> local/cps --namespace <namespace>
kubectl get pods -n <namespace> | grep <cps-component-name>
Restarting a faulty component
Each cps component can be restarted independently by issuing the following command:
kubectl delete pod <cps-component-pod-name> -n <namespace>
Credentials Retrieval
Application and database credentials are kept in Kubernetes secrets. They are defined as external secrets in the values.yaml file to be used across different components as :
Below are the list of secrets for different cps components.
Component |
Secret type |
Secret Name |
---|---|---|
cps-core |
Database authentication |
<my-helm-release>-cps-core-pg-user-creds |
cps-core |
Rest API Authentication |
<my-helm-release>-cps-core-app-user-creds |
ncmp-dmi-plugin |
Rest API Authentication |
<my-helm-release>-cps-dmi-plugin-user-creds |
ncmp-dmi-plugin |
SDNC authentication |
<my-helm-release>-ncmp-dmi-plugin-sdnc-creds |
The credential values from these secrets are configured in running container as environment variables. Eg: cps core deployment.yaml
If no specific passwords are provided to the chart as override values for deployment, then passwords are automatically generated when deploying the Helm release. Below command can be used to retrieve application property credentials
kubectl get secret <my-helm-release>-<secret-name> -n <namespace> -o json | jq '.data | map_values(@base64d)'
Note
base64d works only with jq version 1.6 or above.
CPS Core Pods
To get a listing of the cps-core Pods, run the following command:
kubectl get pods -n <namespace> | grep cps-core
dev-cps-core-ccd4cc956-r98pv 1/1 Running 0 24h
dev-cps-core-postgres-primary-f7766d46c-s9d5b 1/1 Running 0 24h
dev-cps-core-postgres-replica-84659d68f9-6qnt4 1/1 Running 0 24h
Note
The CPS Service will have to be restarted each time a change is made to a configurable property.
Additional CPS-Core Customizations
The following table lists some properties that can be specified as Helm chart values to configure the application to be deployed. This list is not exhaustive.
Any spring supported property can be configured by providing in config.additional.<spring-supported-property-name>: value
Example: config.additional.spring.datasource.hikari.maximumPoolSize: 30
Property |
Description |
Default Value |
---|---|---|
config.appUserName |
User name used by cps-core service to configure the authentication for REST API it exposes. This is the user name to be used by cps-core REST clients to authenticate themselves. |
|
config.appUserPassword |
Password used by cps-core service to configure the authentication for REST API it exposes. If not defined, the password is generated when deploying the application. See also Credentials Retrieval. |
Not defined |
postgres.config.pgUserName |
Internal user name used by cps-core to connect to its own database. |
|
postgres.config.pgUserPassword |
Internal password used by cps-core to connect to its own database. If not defined, the password is generated when deploying the application. See also Credentials Retrieval. |
Not defined |
postgres.config.pgDatabase |
Database name used by cps-core |
|
logging.level |
Logging level set in cps-core |
info |
config.useStrimziKafka |
If targeting a custom kafka cluster, i.e. useStrimziKafka: false, the config.eventPublisher.spring.kafka values below must be set. |
true |
config.eventPublisher. spring.kafka.bootstrap-servers |
Kafka hostname and port |
|
config.eventPublisher. spring.kafka.consumer.client-id |
Kafka consumer client id |
|
config.eventPublisher. spring.kafka.security.protocol |
Kafka security protocol.
Some possible values are:
* |
|
config.eventPublisher. spring.kafka.properties. sasl.mechanism |
Kafka security SASL mechanism. Required for SASL_PLAINTEXT and SASL_SSL protocols.
Some possible values are:
* |
Not defined |
config.eventPublisher. spring.kafka.properties. sasl.jaas.config |
Kafka security SASL JAAS configuration. Required for SASL_PLAINTEXT and SASL_SSL protocols.
Some possible values are:
* |
Not defined |
config.eventPublisher. spring.kafka.ssl.trust-store-type |
Kafka security SASL SSL store type. Required for SASL_SSL protocol.
Some possible values are:
* |
Not defined |
config.eventPublisher. spring.kafka.ssl.trust-store-location |
Kafka security SASL SSL store file location. Required for SASL_SSL protocol. |
Not defined |
config.eventPublisher. spring.kafka.ssl.trust-store-password |
Kafka security SASL SSL store password. Required for SASL_SSL protocol. |
Not defined |
config.eventPublisher. spring.kafka.properties. ssl.endpoint.identification.algorithm |
Kafka security SASL SSL broker hostname identification verification. Required for SASL_SSL protocol. Possible value is:
|
Not defined |
config.additional. notification.async.executor. core-pool-size |
Core pool size in asynchronous execution of notification. |
|
config.additional. notification.async.executor. max-pool-size |
Max pool size in asynchronous execution of notification. |
|
config.additional. notification.async.executor. queue-capacity |
Queue Capacity in asynchronous execution of notification. |
|
config.additional. notification.async.executor. wait-for-tasks-to-complete-on-shutdown |
If the executor should wait for the tasks to be completed on shutdown |
|
config.additional. notification.async.executor. thread-name-prefix |
Prefix to be added to the thread name in asynchronous execution of notifications. |
|
config.additional. notification.async.executor. time-out-value-in-ms |
Maximum time allowed by the thread pool executor for execution of one of the threads in milliseconds. |
|
config.additional. spring.datasource.hikari. maximumPoolSize |
Specifies number of database connections between database and application. This property controls the maximum size that the pool is allowed to reach, including both idle and in-use connections. |
|
Additional CPS-NCMP Customizations
Property |
Description |
Default Value |
---|---|---|
config.dmiPluginUserName |
User name used by cps-core to authenticate themselves for using ncmp-dmi-plugin service. |
|
config.dmiPluginUserPassword |
Internal password used by cps-core to connect to ncmp-dmi-plugin service. If not defined, the password is generated when deploying the application. See also Credentials Retrieval. |
Not defined |
config.ncmp.timers .advised-modules-sync.sleep-time-ms |
Specifies the delay in milliseconds in which the module sync watch dog will wake again after finishing. |
|
config.ncmp.timers .cm-handle-data-sync.sleep-time-ms |
Specifies the delay in milliseconds in which the data sync watch dog will wake again after finishing. |
|
config.additional.ncmp .[app] .httpclient .[services] .maximumInMemorySizeInMegabytes |
Maximum size (in MB) of the in-memory buffer for HTTP response data. |
|
config.additional.ncmp .[app] .httpclient .[services] .maximumConnectionsTotal |
Maximum number of simultaneous connections allowed in the connection pool. |
|
config.additional.ncmp .[app] .httpclient .[services] .pendingAcquireMaxCount |
Maximum number of pending requests when the connection pool is full. |
|
config.additional.ncmp .[app] .httpclient .[services] .connectionTimeoutInSeconds |
Specifies the maximum time in seconds, to wait for establishing a connection for the HTTP Client. |
|
config.additional.ncmp .[app] .httpclient .[services] .readTimeoutInSeconds |
Timeout (in seconds) for reading data from the server after the connection is established. |
|
config.additional.ncmp .[app] .httpclient .[services] .writeTimeoutInSeconds |
Timeout (in seconds) for writing data to the server. |
|
config.additional.ncmp .[app] .httpclient .[services] .responseTimeoutInSeconds |
Total timeout (in seconds) for receiving a complete response, including all processing stages. |
|
config.additional.ncmp.policy-executor .enabled |
Enables or disables the policy-executor feature. |
|
config.additional.ncmp.policy-executor .defaultDecision |
The default (fallback) decision in case a problem with the external service occurs. |
|
config.additional.ncmp.policy-executor .server.address |
The server address for the external policy executor service. |
|
config.additional.ncmp.policy-executor .server.port |
The port used for the external policy executor service. |
|
Note
[app] : can be ‘policy-executor’ or ‘dmi’.
[services] ‘all-services’ for ‘policy-executor’.
[services] ‘data-services’ and ‘model-services’ for ‘dmi’.
CPS-Core Docker Installation
CPS-Core can also be installed in a docker environment. Latest docker-compose is included in the repo to start all the relevant services. The latest instructions are covered in the README.
NCMP Distributed Data Structures
NCMP utilizes embedded distributed data structures to replicate state across various instances, ensuring low latency and high performance. Each JVM runs a Hazelcast instance to manage these data structures. To facilitate member visibility and cluster formation, an additional port (defaulting to 5701) must be available.
Below are the list of distributed datastructures that we have.
Component |
Data Structure Name |
Use |
---|---|---|
cps-ncmp |
moduleSyncStartedOnCmHandles |
Watchdog process to register CM Handles. |
cps-ncmp |
dataSyncSemaphores |
Watchdog process to sync data from the nodes. |
cps-ncmp |
moduleSyncWorkQueue |
Queue used internally for workers to pick the task. |
cps-ncmp |
trustLevelPerCmHandle |
Stores the trust level per CM Handle id |
cps-ncmp |
trustLevelPerDmiPlugin |
Stores the trust level for the dmi-plugins. |
cps-ncmp |
cmNotificationSubscriptionCache |
Stores and tracks cm notification subscription requests. |
cps-ncmp |
cpsAndNcmpLock |
Cps and NCMP distributed lock for various use cases. |
Total number of caches : 7