![]() This patch defines a new extension: cisco_apic_gbp_allowed_vm_name, for the apic policy drivers. An extension attribute: allowed_vm_names, that extends the L3 Policy definition, is being introduced in this extension. A corresponding extension driver: apic_allowed_vm_name, that processes this extension, is also being added. This extension driver should be configured for this extension to be available. The driver name should be added to the existing list of extension drivers under: [group_policy] extension_drivers=<existing_ext_drivers>,apic_allowed_vm_name The allowed_vm_names attribute is a list of regexes. Each regex can be up to 255 characters long. While during the port-binding phase, we will also enforce the regex checking against the VM name from Nova. Only those VM names matching one of those regexes will be allowed. A CLI option: --allowed_vm_names will be provided for the L3 Policy create and update operations. This CLI option will accept a comma separated string as the option value. Change-Id: I4602919df9a0458eb255b93399c70f64dfeeb863 |
||
---|---|---|
devstack | ||
doc/source | ||
etc | ||
gbpservice | ||
tools | ||
.coveragerc | ||
.gitignore | ||
.gitreview | ||
.testr.conf | ||
CONTRIBUTING.rst | ||
HACKING.rst | ||
LICENSE | ||
MANIFEST.in | ||
README.rst | ||
TESTING.rst | ||
babel.cfg | ||
openstack-common.conf | ||
requirements.txt | ||
run_tests.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
README.rst
Group Based Policy (GBP) provides declarative abstractions for achieving scalable intent-based infrastructure automation.
GBP complements the OpenStack networking model with the notion of policies that can be applied between groups of network endpoints. As users look beyond basic connectivity, richer network services with diverse implementations and network properties are naturally expressed as policies. Examples include service chaining, QoS, path properties, access control, etc.
GBP allows application administrators to express their networking requirements using a Group and a Policy Rules-Set abstraction. The specifics of policy rendering are left to the underlying pluggable policy driver.
GBP model also supports a redirect operation that makes it easy to abstract and consume complex network service chains and graphs.
Checkout the GBP wiki page for more detailed information: <http://wiki.openstack.org/GroupBasedPolicy>
The latest code is available at: <http://git.openstack.org/cgit/openstack/group-based-policy>.
GBP project management (blueprints, bugs) is done via Launchpad: <http://launchpad.net/group-based-policy>
For help using or hacking on GBP, you can send mail to <mailto:openstack-dev@lists.openstack.org>.
Acronyms used in code for brevity:
- PT: Policy Target
- PTG: Policy Target Group
- PR: Policy Rule
- PRS: Policy Rule Set
- L2P: L2 Policy
- L3P: L3 Policy
- NSP: Network Service Policy
- EP: External Policy
- ES: External Segment