Obsolete:PolicyGuidedFulfillmentMeetingsDemoPredeployEnforcement
Revision as of 14:31, 29 January 2015 by Radek Pospisil (talk | contribs) (Created page with "= Policy Guided Fulfillment - Demo Predeploy Enforcement = == Introduction == This demo presents how to control [https://wiki.openstack.org/wiki/Murano Murano] environment...")
Contents
Policy Guided Fulfillment - Demo Predeploy Enforcement
Introduction
This demo presents how to control Murano environment deployment by Congress policies.
Use case is following:
- OpenStack administrator wants to set constraints Murano environments (e.g., use only supported application; use only VM flavors with given RAM size, ...) .
- O~S administrator creates Congress policy rules which defines not allowed Murano environments
- When an O~S user deploys Murano environment, then it is validated by Congress policy enforcement - based on the enforcement result, environment deployment is allowed or denied
Demo
First we have to have O~S running with all necessary services as defined in Setup section.
The demo is composed of two steps - create policy rules, and Murano environment deployment.
Policy Rules Definition
This steps creates rules in Congress policy murano_system . Murano is using predeploy_errors(envId, objId, msg) table (rule) for enforcement. Murano environment is mapped to Congress policy murano on its deploy (technically we are using Congress simulation API, so it is mapped transiently into murano policy. ). See References section for documentation of environment mapping.
So we have to create
Murano Environment Deployment
Setup
References
- Murano policy enforcement developer and user guides. Currently in review stage https://review.openstack.org/#/c/149225/