The Policy Framework GUI Server
The gui-server microservice serves the GUI code to the browser for Policy Framework UI. In addition, it acts as a single point of reference for the REST interfaces provided by policy-api, policy-pap, and acm-runtime. It can also be used as a HTTPS gatewy for REST references into a Policy Framework deployment in a Kubernetes cluster.
The gui-server is a regular microservice, and it is packaged, delivered and configured as a docker image. It is a Spring application and therefore uses a normal Spring-style applciation.yaml approach to configuration.
Definitive example configurations are available in the codebase:
application_http.yaml showing how to configure gui-server for HTTP access
application_https.yaml showing how to configure gui-server for HTTPS access
The configuration parameters are explained in the sections below
Server Configuration
Configuration for HTTP access to gui-server:
server:
port: 2443
ssl:
enabled: false
Start gui-server on port 2443 and disable SSL.
Configuration for HTTPS access to gui-server:
server:
port: 2443
ssl:
enabled: true
enabled-protocols: TLSv1.2
client-auth: want
key-store: file:./src/test/resources/helloworld-keystore.jks
key-store-password: changeit
trust-store: file:./src/test/resources/helloworld-truststore.jks
trust-store-password: changeit
Start gui-server on port 2443 and enable SSL with the parameters specified above
Note that other standard Spring server configuraiton parameters as documented on the Spring website are supported.
Runtime Adaptation Configuration
You can configure the adaptation for policy-api, policy-pap, and runtime-acm. In other words, you can map the URL that the GUI produced or that you want to use in a REST tool such as postman or curl in the runtime-ui part of the aaplication.yaml file:
runtime-ui:
policy-api:
mapping-path: "/runtime-ui/policy-api/restservices/"
url: http://localhost:30440
disable-ssl-validation: true
disable-ssl-hostname-check: true
policy-pap:
mapping-path: "/runtime-ui/policy-pap/restservices/"
url: http://localhost:30442
disable-ssl-validation: true
disable-ssl-hostname-check: true
acm:
mapping-path: "/runtime-ui/acm/restservices/"
url: http://localhost:30258
disable-ssl-validation: true
disable-ssl-hostname-check: true
The parameters under the policy-api, policy-pap, and acm sections are identical.
mapping-path and url
The mapping-path is the root part of the path that will be replaced by the url, the url replaces the mapping-path.
Therefore, using the configuration above for policy-api, the following mapping occurs:
http://localhost:2443/runtime-ui/policy-api/restservices/policy/api/v1/healthcheck
maps to
http://localhost:30440/policy/api/v1/healthcheck
and:
https://localhost:2443/runtime-ui/acm/restservices/onap/policy/clamp/acm/v2/commission
maps to
http://localhost:30258/onap/policy/clamp/acm/v2/commission
disable-ssl-validation and disable-ssl-hostname-check
The disable-ssl-validation disable-ssl-hostname-check are boolean values. If the target server (policy-api, policy-pap, or runtime-acm) is using http, these values should be set to false. If the target server is using HTTPS, set the values as true so that the gui-server transfers and forwards certificates to target servers.
Spring Boot Acuator Monitoring
The gui-server supports regular Spring Boot Actuator monitoring and monitoring over prometheus.
The following section of the application.yaml* file is an example of how to enable monitoring:
management:
endpoints:
web:
base-path: /
exposure:
include: health,metrics,prometheus
path-mapping.metrics: plain-metrics
path-mapping.prometheus: metrics
The configuration above enables the following URLs:
# Health Check
http://localhost:2443/health
# Plain Metrics
http://localhost:2443/plain-metrics
# Prometheus Metrics
http://localhost:2443/metrics