[openstack-dev] [Congress] Policy Enforcement logic
Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: *action(disconnect_network)nova:network-(vm, network) :- disconnect_network(vm, network) * I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Policy Enforcement logic
I know that Congress is still under development, but it is better that it can provide some info for How to use it just like docker https://wiki.openstack.org/wiki/Docker , this might attract more people contributing to it. 2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.com: Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: *action(disconnect_network) nova:network-(vm, network) :- disconnect_network(vm, network) * I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Policy Enforcement logic
Hi Madhu, For the alpha release (due soon), we’re focusing on just monitoring policy violations—we’ve disabled all the enforcement code in master. (Though we never actually hooked up the enforcement policy to the real world, so all Congress has ever done is compute what actions to take to enforce policy.) There’s a ton of interest in enforcement, so we’re planning to add enforcement features to the beta release. Tim On Aug 21, 2014, at 7:07 AM, Madhu Mohan mmo...@mvista.commailto:mmo...@mvista.com wrote: Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: action(disconnect_network) nova:network-(vm, network) :- disconnect_network(vm, network) I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Policy Enforcement logic
Hi Jay, We have a tutorial in review right now. It should be merged in a couple of days. Thanks for the suggestion! Tim On Aug 21, 2014, at 7:54 AM, Jay Lau jay.lau@gmail.commailto:jay.lau@gmail.com wrote: I know that Congress is still under development, but it is better that it can provide some info for How to use it just like docker https://wiki.openstack.org/wiki/Docker , this might attract more people contributing to it. 2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.commailto:mmo...@mvista.com: Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: action(disconnect_network) nova:network-(vm, network) :- disconnect_network(vm, network) I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Policy Enforcement logic
Hi Tim, That's great! Does the tutorial is uploaded to Gerrit for review? Thanks. 2014-08-21 23:56 GMT+08:00 Tim Hinrichs thinri...@vmware.com: Hi Jay, We have a tutorial in review right now. It should be merged in a couple of days. Thanks for the suggestion! Tim On Aug 21, 2014, at 7:54 AM, Jay Lau jay.lau@gmail.com wrote: I know that Congress is still under development, but it is better that it can provide some info for How to use it just like docker https://wiki.openstack.org/wiki/Docker , this might attract more people contributing to it. 2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.com: Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: *action(disconnect_network) nova:network-(vm, network) :- disconnect_network(vm, network) * I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [Congress] Policy Enforcement logic
The tutorial is now merged. https://github.com/stackforge/congress/blob/master/doc/source/tutorial-tenant-sharing.rst Tim On Aug 21, 2014, at 3:02 PM, Jay Lau jay.lau@gmail.commailto:jay.lau@gmail.com wrote: Hi Tim, That's great! Does the tutorial is uploaded to Gerrit for review? Thanks. 2014-08-21 23:56 GMT+08:00 Tim Hinrichs thinri...@vmware.commailto:thinri...@vmware.com: Hi Jay, We have a tutorial in review right now. It should be merged in a couple of days. Thanks for the suggestion! Tim On Aug 21, 2014, at 7:54 AM, Jay Lau jay.lau@gmail.commailto:jay.lau@gmail.com wrote: I know that Congress is still under development, but it is better that it can provide some info for How to use it just like docker https://wiki.openstack.org/wiki/Docker , this might attract more people contributing to it. 2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.commailto:mmo...@mvista.com: Hi, I am quite new to the Congress and Openstack as well and this question may seem very trivial and basic. I am trying to figure out the policy enforcement logic, Can some body help me understand how exactly, a policy enforcement action is taken. From the example policy there is an action defined as: action(disconnect_network) nova:network-(vm, network) :- disconnect_network(vm, network) I assume that this statement when applied would translate to deletion of entry in the database. But, how does this affect the actual setup (i.e) How is this database update translated to actual disconnection of the VM from the network. How does nova know that it has to disconnect the VM from the network ? Thanks and Regards, Madhu Mohan ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Thanks, Jay ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev