Jump to: navigation, search

Obsolete:PolicyGuidedFulfillmentMeetingsDemoPredeployEnforcement

Revision as of 14:31, 29 January 2015 by Radek Pospisil (talk | contribs) (Created page with "= Policy Guided Fulfillment - Demo Predeploy Enforcement = == Introduction == This demo presents how to control [https://wiki.openstack.org/wiki/Murano Murano] environment...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Policy Guided Fulfillment - Demo Predeploy Enforcement

Introduction

This demo presents how to control Murano environment deployment by Congress policies.

Use case is following:

  • OpenStack administrator wants to set constraints Murano environments (e.g., use only supported application; use only VM flavors with given RAM size, ...) .
  • O~S administrator creates Congress policy rules which defines not allowed Murano environments
  • When an O~S user deploys Murano environment, then it is validated by Congress policy enforcement - based on the enforcement result, environment deployment is allowed or denied

Demo

First we have to have O~S running with all necessary services as defined in Setup section.

The demo is composed of two steps - create policy rules, and Murano environment deployment.

Policy Rules Definition

This steps creates rules in Congress policy murano_system . Murano is using predeploy_errors(envId, objId, msg) table (rule) for enforcement. Murano environment is mapped to Congress policy murano on its deploy (technically we are using Congress simulation API, so it is mapped transiently into murano policy. ). See References section for documentation of environment mapping.

So we have to create


Murano Environment Deployment

Setup

References

Retrieved from "https://wiki.openstack.org/w/index.php?title=Obsolete:PolicyGuidedFulfillmentMeetingsDemoPredeployEnforcement&oldid=72635"