CPS Deployment

Database configuration

CPS uses PostgreSQL database. As per the PostgreSQL documentation on resource consumption, the shared_buffers parameter should be set between 25% and 40% of total memory. It has a default value of 128 megabytes, so this should be set appropriately. For example, given a database with 2GB of memory, 512MB is a recommended value.

CPS and NCMP Configuration

CPU and Memory Requirements

The following are minimum requirements for NCMP:

  • For 20,000 CM-handles: 2 CPUs and 2 GB RAM per instance, with 70% heap allocation.

  • For 50,000 CM-handles: 3 CPUs and 3 GB RAM per instance, with 70% heap allocation.

JVM Memory Allocation

When running with 2 GB or more memory per instance, allocating 70% of the JVM memory to the heap ensures efficient memory management. It is not recommended to go above 70%.

JAVA_TOOL_OPTIONS: "-XX:InitialRAMPercentage=70.0 -XX:MaxRAMPercentage=70.0"

Load balancer configuration

For optimal performance in CPS/NCMP, load balancers should be configured to use a least-requests policy, also known as least-connected. Use of round-robin load balancing can lead to instability.

CPS OOM Charts

The CPS kubernetes chart is located in the OOM repository. This chart includes different cps components referred as <cps-component-name> further in the document are listed below:

Please refer to the OOM documentation on how to install and deploy ONAP.

Installing or Upgrading CPS Components

The assumption is you have cloned the charts from the OOM repository into a local directory.

Step 1 Go to the cps charts and edit properties in values.yaml files to make any changes to particular cps component if required.

cd oom/kubernetes/cps/components/<cps-component-name>

Step 2 Build the charts

cd oom/kubernetes
make SKIP_LINT=TRUE cps

Note

SKIP_LINT is only to reduce the “make” time

Step 3 Undeploying already deployed cps components

After undeploying cps components, keep monitoring the cps pods until they go away.

helm del --purge <my-helm-release>-<cps-component-name>
kubectl get pods -n <namespace> | grep <cps-component-name>

Step 4 Make sure there is no orphan database persistent volume or claim.

First, find if there is an orphan database PV or PVC with the following commands:

Note

This step does not apply to ncmp-dmi-plugin.

kubectl get pvc -n <namespace> | grep <cps-component-name>
kubectl get pv -n <namespace> | grep <cps-component-name>

If there are any orphan resources, delete them with

kubectl delete pvc <orphan-cps-core-pvc-name>
kubectl delete pv <orphan-cps-core-pv-name>

Step 5 Delete NFS persisted data for CPS components

Connect to the machine where the file system is persisted and then execute the below command

rm -fr /dockerdata-nfs/<my-helm-release>/<cps-component-name>

Step 6 Re-Deploy cps pods

After deploying cps, keep monitoring the cps pods until they come up.

helm deploy <my-helm-release> local/cps --namespace <namespace>
kubectl get pods -n <namespace> | grep <cps-component-name>

Restarting a faulty component

Each cps component can be restarted independently by issuing the following command:

kubectl delete pod <cps-component-pod-name> -n <namespace>

Credentials Retrieval

When using OOM application and database credentials are kept in Kubernetes secrets. They are defined as external secrets in the values.yaml file to be used across different components as :

Below are the list of secrets for different cps components.

Component

Secret type

Secret Name

cps-core

Database authentication

<my-helm-release>-cps-core-pg-user-creds

cps-core

Rest API Authentication

<my-helm-release>-cps-core-app-user-creds

ncmp-dmi-plugin

Rest API Authentication

<my-helm-release>-cps-dmi-plugin-user-creds

ncmp-dmi-plugin

SDNC authentication

<my-helm-release>-ncmp-dmi-plugin-sdnc-creds

The credential values from these secrets are configured in running container as environment variables. Eg: cps core deployment.yaml

If no specific passwords are provided to the chart as override values for deployment, then passwords are automatically generated when deploying the Helm release. Below command can be used to retrieve application property credentials

kubectl get secret <my-helm-release>-<secret-name> -n <namespace> -o json | jq '.data | map_values(@base64d)'

Note

base64d works only with jq version 1.6 or above.

CPS Core Pods

To get a listing of the cps-core Pods, run the following command:

kubectl get pods -n <namespace> | grep cps-core

dev-cps-core-ccd4cc956-r98pv                          1/1     Running            0          24h
dev-cps-core-postgres-primary-f7766d46c-s9d5b         1/1     Running            0          24h
dev-cps-core-postgres-replica-84659d68f9-6qnt4        1/1     Running            0          24h

Note

The CPS Service will have to be restarted each time a change is made to a configurable property.

Configuration Properties

The following tables list properties that can be configured in the deployment. This list is not exhaustive.

3PP Properties

Property

Description

Default Value

logging.level.org.onap.cps

Logging level set in cps & ncmp

INFO

spring.datasource.username

Internal user name used by cps-core to connect to its own database.

cps

spring.datasource.password

Internal password used by cps-core to connect to its own database. If not defined, the password is generated when deploying the application. See also Credentials Retrieval.

Not defined

spring.datasource.url

URL to database name used by cps-core.

See note below

spring.datasource.hikari.maximumPoolSize

Specifies number of database connections between database and application. This property controls the maximum size that the pool is allowed to reach, including both idle and in-use connections.

80

spring.kafka.bootstrap-servers

Kafka hostname and port

localhost:9092

spring.kafka.consumer.client-id

Kafka consumer client id

cps-core

spring.kafka.security.protocol

Kafka security protocol. Some possible values are: PLAINTEXT, SASL_PLAINTEXT (for authentication), SASL_SSL (for authentication and encryption)

PLAINTEXT

Note

  • The default datasource is defined as jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/cpsdb. So it can also be configured using environment variables to just set the hostname DB_HOST and port DB_PORT.

  • The kafka bootstrap-servers can also be overridden with the environment variable KAFKA_BOOTSTRAP_SERVER.

Common CPS-NCMP Custom Properties

Property

Description

Default Value

notification.async.executor.core-pool-size

Core pool size in asynchronous execution of notification.

2

notification.async.executor.max-pool-size

Max pool size in asynchronous execution of notification.

10

notification.async.executor.queue-capacity

Queue Capacity in asynchronous execution of notification.

500

notification.async.executor.wait-for-tasks-to-complete-on-shutdown

If the executor should wait for the tasks to be completed on shutdown

true

notification.async.executor.thread-name-prefix

Prefix to be added to the thread name in asynchronous execution of notifications.”

Async-

notification.async.executor.time-out-value-in-ms

Maximum time allowed by the thread pool executor for execution of one of the threads in milliseconds.

60000
NCMP Custom Properties

Property

Description

Default Value

ncmp.timers.advised-modules-sync.sleep-time-ms

Specifies the delay in milliseconds in which the module sync watch dog will wake again after finishing.

5000

ncmp.timers.advised-modules-sync.initial-delay-ms

Specifies the delay in milliseconds in which the module sync watch dog will wake up for the first time.

40000

ncmp.timers.cm-handle-data-sync.sleep-time-ms

Specifies the delay in milliseconds in which the data sync watch dog will wake again after finishing.

30000

ncmp.timers.cm-handle-data-sync.initial-delay-ms

Specifies the delay in milliseconds in which the data sync watch dog will wake up for the first time.

40000

ncmp.[app].httpclient.[services].maximumInMemorySizeInMegabytes

Maximum size (in MB) of the in-memory buffer for HTTP response data.

16

ncmp.[app].httpclient.[services].maximumConnectionsTotal

Maximum number of simultaneous connections allowed in the connection pool.

100

ncmp.[app].httpclient.[services].pendingAcquireMaxCount

Maximum number of pending requests when the connection pool is full.

50

ncmp.[app].httpclient.[services].connectionTimeoutInSeconds

Specifies the maximum time in seconds, to wait for establishing a connection for the HTTP client

30

ncmp.[app].httpclient.[services].readTimeoutInSeconds

Timeout (in seconds) for reading data from the server after the connection is established.

30

ncmp.[app].httpclient.[services].writeTimeoutInSeconds

Timeout (in seconds) for writing data to the server.

30

ncmp.[app].httpclient.[services].responseTimeoutInSeconds

Total timeout (in seconds) for receiving a complete response, including all processing stages.

60

ncmp.policy-executor.enabled

Enables or disables the policy-executor feature.

false

ncmp.policy-executor.defaultDecision

The default (fallback) decision in case a problem with the external service occurs.

allow

ncmp.policy-executor.server.address

The server address for the external policy executor service.

http://policy-executor-stub

ncmp.policy-executor.server.port

The port used for the external policy executor service.

8093

Note

  • [app]: can be policy-executor or dmi.

  • [services]: all-services for ‘policy-executor’.

  • [services]: data-services and ‘model-services’ for ‘dmi’.

  • All ncmp.policy-executor properties can also be overridden using environment variables: POLICY_SERVICE_ENABLED, POLICY_SERVICE_DEFAULT_DECISION, POLICY_SERVICE_URL, POLICY_SERVICE_PORT

CPS-Core Docker Installation

CPS-Core can also be installed in a docker environment. Latest docker-compose is included in the repo to start all the relevant services. The latest instructions are covered in the README.

NCMP Distributed Data Structures

NCMP utilizes embedded distributed data structures to replicate state across various instances, ensuring low latency and high performance. Each JVM runs a Hazelcast instance to manage these data structures. To facilitate member visibility and cluster formation, an additional port (defaulting to 5701) must be available.

Below are the list of distributed datastructures that we have.

Component

Data Structure Name

Use

cps-ncmp

moduleSyncStartedOnCmHandles

Watchdog process to register CM Handles.

cps-ncmp

dataSyncSemaphores

Watchdog process to sync data from the nodes.

cps-ncmp

moduleSyncWorkQueue

Queue used internally for workers to pick the task.

cps-ncmp

trustLevelPerCmHandle

Stores the trust level per CM Handle id

cps-ncmp

trustLevelPerDmiPlugin

Stores the trust level for the dmi-plugins.

cps-ncmp

cpsAndNcmpLock

Cps and NCMP distributed lock for various use cases.

cps-ncmp

cmHandleIdPerAlternateId

Stores cm handle ids per alternate ids.

Total number of caches : 8