[openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Madhu Mohan
Hi,

I am quite new to the Congress and Openstack as well and this question may
seem very trivial and basic.

I am trying to figure out the policy enforcement logic,

Can some body help me understand how exactly, a policy enforcement action
is taken.

From the example policy there is an action defined as:



*action(disconnect_network)nova:network-(vm, network) :-
disconnect_network(vm, network) *
I assume that this statement when applied would translate to deletion of
entry in the database.

But, how does this affect the actual setup (i.e) How is this database
update translated to actual disconnection of the VM from the network.
How does nova know that it has to disconnect the VM from the network ?

Thanks and Regards,
Madhu Mohan
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Jay Lau
I know that Congress is still under development, but it is better that it
can provide some info for How to use it just like docker
https://wiki.openstack.org/wiki/Docker , this might attract more people
contributing to it.


2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.com:

 Hi,

 I am quite new to the Congress and Openstack as well and this question may
 seem very trivial and basic.

 I am trying to figure out the policy enforcement logic,

 Can some body help me understand how exactly, a policy enforcement action
 is taken.

 From the example policy there is an action defined as:



 *action(disconnect_network) nova:network-(vm, network) :-
 disconnect_network(vm, network) *
 I assume that this statement when applied would translate to deletion of
 entry in the database.

 But, how does this affect the actual setup (i.e) How is this database
 update translated to actual disconnection of the VM from the network.
 How does nova know that it has to disconnect the VM from the network ?

 Thanks and Regards,
 Madhu Mohan




 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Thanks,

Jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Tim Hinrichs
Hi Madhu,

For the alpha release (due soon), we’re focusing on just monitoring policy 
violations—we’ve disabled all the enforcement code in master.  (Though we never 
actually hooked up the enforcement policy to the real world, so all Congress 
has ever done is compute what actions to take to enforce policy.)  There’s a 
ton of interest in enforcement, so we’re planning to add enforcement features 
to the beta release.

Tim


On Aug 21, 2014, at 7:07 AM, Madhu Mohan 
mmo...@mvista.commailto:mmo...@mvista.com wrote:

Hi,

I am quite new to the Congress and Openstack as well and this question may seem 
very trivial and basic.

I am trying to figure out the policy enforcement logic,

Can some body help me understand how exactly, a policy enforcement action is 
taken.

From the example policy there is an action defined as:

action(disconnect_network)
nova:network-(vm, network) :- disconnect_network(vm, network)

I assume that this statement when applied would translate to deletion of entry 
in the database.

But, how does this affect the actual setup (i.e) How is this database update 
translated to actual disconnection of the VM from the network.
How does nova know that it has to disconnect the VM from the network ?

Thanks and Regards,
Madhu Mohan



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Tim Hinrichs
Hi Jay,

We have a tutorial in review right now.  It should be merged in a couple of 
days.  Thanks for the suggestion!

Tim


On Aug 21, 2014, at 7:54 AM, Jay Lau 
jay.lau@gmail.commailto:jay.lau@gmail.com wrote:

I know that Congress is still under development, but it is better that it can 
provide some info for How to use it just like docker 
https://wiki.openstack.org/wiki/Docker , this might attract more people 
contributing to it.


2014-08-21 22:07 GMT+08:00 Madhu Mohan 
mmo...@mvista.commailto:mmo...@mvista.com:
Hi,

I am quite new to the Congress and Openstack as well and this question may seem 
very trivial and basic.

I am trying to figure out the policy enforcement logic,

Can some body help me understand how exactly, a policy enforcement action is 
taken.

From the example policy there is an action defined as:

action(disconnect_network)
nova:network-(vm, network) :- disconnect_network(vm, network)

I assume that this statement when applied would translate to deletion of entry 
in the database.

But, how does this affect the actual setup (i.e) How is this database update 
translated to actual disconnection of the VM from the network.
How does nova know that it has to disconnect the VM from the network ?

Thanks and Regards,
Madhu Mohan




___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Thanks,

Jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Jay Lau
Hi Tim,

That's great! Does the tutorial is uploaded to Gerrit for review?

Thanks.


2014-08-21 23:56 GMT+08:00 Tim Hinrichs thinri...@vmware.com:

  Hi Jay,

  We have a tutorial in review right now.  It should be merged in a couple
 of days.  Thanks for the suggestion!

  Tim


  On Aug 21, 2014, at 7:54 AM, Jay Lau jay.lau@gmail.com wrote:

  I know that Congress is still under development, but it is better that
 it can provide some info for How to use it just like docker
 https://wiki.openstack.org/wiki/Docker , this might attract more people
 contributing to it.


 2014-08-21 22:07 GMT+08:00 Madhu Mohan mmo...@mvista.com:

 Hi,

  I am quite new to the Congress and Openstack as well and this question
 may seem very trivial and basic.

 I am trying to figure out the policy enforcement logic,

  Can some body help me understand how exactly, a policy enforcement
 action is taken.

  From the example policy there is an action defined as:



 *action(disconnect_network) nova:network-(vm, network) :-
 disconnect_network(vm, network) *
  I assume that this statement when applied would translate to deletion of
 entry in the database.

  But, how does this affect the actual setup (i.e) How is this database
 update translated to actual disconnection of the VM from the network.
  How does nova know that it has to disconnect the VM from the network ?

  Thanks and Regards,
  Madhu Mohan




 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




 --
  Thanks,

  Jay
  ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Thanks,

Jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


Re: [openstack-dev] [Congress] Policy Enforcement logic

2014-08-21 Thread Tim Hinrichs
The tutorial is now merged.

https://github.com/stackforge/congress/blob/master/doc/source/tutorial-tenant-sharing.rst



Tim

On Aug 21, 2014, at 3:02 PM, Jay Lau 
jay.lau@gmail.commailto:jay.lau@gmail.com wrote:

Hi Tim,

That's great! Does the tutorial is uploaded to Gerrit for review?

Thanks.


2014-08-21 23:56 GMT+08:00 Tim Hinrichs 
thinri...@vmware.commailto:thinri...@vmware.com:
Hi Jay,

We have a tutorial in review right now.  It should be merged in a couple of 
days.  Thanks for the suggestion!

Tim


On Aug 21, 2014, at 7:54 AM, Jay Lau 
jay.lau@gmail.commailto:jay.lau@gmail.com wrote:

I know that Congress is still under development, but it is better that it can 
provide some info for How to use it just like docker 
https://wiki.openstack.org/wiki/Docker , this might attract more people 
contributing to it.


2014-08-21 22:07 GMT+08:00 Madhu Mohan 
mmo...@mvista.commailto:mmo...@mvista.com:
Hi,

I am quite new to the Congress and Openstack as well and this question may seem 
very trivial and basic.

I am trying to figure out the policy enforcement logic,

Can some body help me understand how exactly, a policy enforcement action is 
taken.

From the example policy there is an action defined as:

action(disconnect_network)
nova:network-(vm, network) :- disconnect_network(vm, network)

I assume that this statement when applied would translate to deletion of entry 
in the database.

But, how does this affect the actual setup (i.e) How is this database update 
translated to actual disconnection of the VM from the network.
How does nova know that it has to disconnect the VM from the network ?

Thanks and Regards,
Madhu Mohan




___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Thanks,

Jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Thanks,

Jay
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.orgmailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev