openstack/deb-murano
Code Issues Proposed changes
048be285c5
deb-murano/doc/source/administrator-guide/policy_enf.rst
Maria Zlatkova 3621ce1142 [Docs] Restructuring 
* Moves the remaining guides from the Draft folder
* Removes already rewritten articles (Murano TroubleShooting and Debug Tips)
* Restructures the main page
* Fixes build errors
* Adds minor editorial changes to some sections

Change-Id: I1aa961f34860b22241b69d41045da445d223be06
Partial-Bug: #1603950
2016-11-10 13:12:15 +02:00

52 lines
1.8 KiB
ReStructuredText
Raw Blame History

.. _policy_enf:
==================
Policy enforcement
==================
Policies are defined and evaluated in the Congress_ project.
The policy language for Congress is Datalog. The congress policy consists
of the Datalog rules and facts.
Examples of policies are as follows:
* Minimum 2 GB of RAM for all VM instances.
* A certified version for all Apache server instances.
* Data placement policy: all database instances must be deployed at a given
geographic location enforcing some law restriction on data placement.
These policies are evaluated over data in the form of tables (Congress data
structures). A deployed Murano environment must be decomposed to the Congress
data structures. The decomposed environment is sent to Congress for simulation.
Congress simulates whether the resulting state violates any defined
policy: deployment is aborted in case of policy violation.
Murano uses two predefined policies in Congress:
* ``murano_system`` contains rules and facts of policies defined by the cloud
administrator.
* ``murano`` contains only facts/records reflecting the resulting state after
the deployment of an environment.
Records in the ``murano`` policy are queried by rules from
the ``murano_system`` policy. The Congress simulation does not create any
records in the ``murano`` policy, and only provides the feedback on whether
the resulting state violates the policy or not.
As a part of the policy guided fulfillment, you need to enforce policies
on a murano environment deployment. If the policy enforcement fails,
the deployment fails as well.
.. _Congress: https://wiki.openstack.org/wiki/Congress
This section contains the following subsections:
.. toctree::
:maxdepth: 2
policy_enforcement/policy_enf_setup
policy_enforcement/policy_enf_rules
policy_enforcement/policy_enf_dev
policy_enforcement/policy_enf_modify
View Git Blame Copy Permalink