Itential Policy Engine

On this page:

Installation

Policy Engine is a stateless, compute only Web Service, and is hosted on a server as described below. It is distributed as a python pip package, or a docker image.

Prerequisites

  • Python 3.6.3 or better and pip (for pip installation)
  • Docker (for docker image)
  • Available listener port (8080 by default, configurable)

HA deployments should use a load balancer, and likewise SSL or Authentication should be terminated by a load balancer or reverse proxy. Such configurations are beyond the scope of this procedure, but should be fairly straightforward as the service is synchronous, stateless, and side-effect free.

Install Policy Engine via pip on CentOS 7

  1. Install RH SCL, Python 3.6, and pip
sudo yum update
sudo yum install centos-release-scl
sudo yum install rh-python36

Install Policy Engine in SCL environment

From a file:

sudo scl enable rh-python36 "pip install --upgrade service-policy-<version>.tar.gz"

Or from the Itential repository:

sudo scl enable rh-python36 "pip install service-policy --upgrade --extra-index-url=<itential pip repo url>"

Start the service manually to test

PORT=4567 scl enable rh-python36 service-policy

Set up a systemd service

In /etc/systemd/system/policyengine.service:

[Unit]
Description=Itential Policy Engine
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=1
User=policyengine
Environment="PORT=4567"
ExecStart=/bin/scl enable rh-python36 service-policy

[Install]
WantedBy=multi-user.target
sudo systemctl start policyengine
sudo systemctl enable policyengine

Install Policy Engine via pip on Ubuntu 18.04

Install pip

sudo apt update
sudo apt install python3-pip

Install Policy Engine

From a file:

sudo pip3 install --upgrade service-policy-<version>.tar.gz

Or from the Itential repository:

sudo pip3 install service-policy --upgrade --extra-index-url=<itential pip repo url>

Start the service manually to test

PORT=4567 service-policy

Set up a systemd service

In /etc/systemd/system/policyengine.service:

[Unit]
Description=Itential Policy Engine
After=network.target

[Service]
Type=simple
Restart=always
RestartSec=1
User=policyengine
Environment="PORT=4567"
ExecStart=/usr/local/bin/service-policy

[Install]
WantedBy=multi-user.target
sudo systemctl start policyengine
sudo systemctl enable policyengine

Post installation

The service is a simple compute-only web service, and does not need access to read/write anything. Its only configuration option is the PORT environment variable which sets the port the service will listen on. It is recommended that a reverse proxy or load balancer be added in front of the service to implement SSL, and to benefit throughput by buffering incoming requests. HA and scaling are also considerations here, but these options are beyond the scope of this guide.

The service provides a healthcheck endpoint for the benefit of load balanced use cases at GET /api/v1.0/healthcheck.