We have a couple of requests for all of you planning to attend the 18-19th 
September Policy Mid-cycle summit.  

1. We’re planning on starting with a series of talks describing the state of 
policy (current and possibly future) in different projects.  We've confirmed 
people for talks on the following projects.


Are there any other projects interested in giving a talk?  It could just be a 
chalk-talk (on the whiteboard), if that makes it easier.

2. We’re planning to use the talks as level-setting for a discussion/workshop 
on how all our policy efforts might interoperate to better serve OpenStack 
users.  We’d like to drive that discussion by working through one or more use 
cases that require us to all think about OpenStack policy from a holistic point 
of view.  

Examples of the kinds of questions we envision trying to answer:

How would the OpenStack users communicate their policies to OpenStack?  
Can OpenStack always enforce policies?  What about monitoring?  Auditing?
What is the workflow for how OpenStack takes the policies and 
implements/renders them?
What happens if there are conflicts between users?  How are those conflicts 
What gaps are there?  How do we plug them?  What’s the roadmap?
Below is the start of a use case that we think will do the trick.  Let’s work 
together to refine it over email before the summit, so we can hit the ground 
running.  Please reply (to all) with suggestions/alternatives/etc.

a) Application-developer: My 2-tier PCI app (database tier and web tier) can be 
deployed either for production or for development.  

When deployed for production, it needs 

solid-state storage for the DB tier
all ports but 80 closed on the web tier
no network communication to DB tier except from the web tier
no VM in the DB tier can be deployed on the same hypervisor as another VM in 
the DB tier; same for the web tier
b) Cloud operator.  

Applications deployed for production must have access to the internet.
Applications deployed for production must not be deployed in the DMZ cluster.
Applications deployed for production should scale based on load.
Applications deployed for development should have 1 VM instance per tier.
Every application must use VM images signed by an administrator
 c) Compliance officer

No VM from a PCI app may be located on the same hypervisor as a VM from a 
non-PCI app.

~ sean

OpenStack-dev mailing list

Reply via email to