Policyd override implementation
This patchset implements policy overrides for aodh. Updates xenial-ocata and trusty-mitaka functional tests Change-Id: Ic2477ed4ccc05c5bef384c4d9dc9a1776de9f6f6 Closed-Bug: #1741723
This commit is contained in:
parent
994c58d9f6
commit
2e500d38c2
|
@ -14,8 +14,36 @@ Aodh relies on services from the mongodb, rabbitmq-server and keystone charms:
|
|||
juju add-relation aodh mysql
|
||||
juju add-relation aodh keystone
|
||||
|
||||
## Policy Overrides
|
||||
|
||||
Policy overrides is an **advanced** feature that allows an operator to override
|
||||
the default policy of an OpenStack service. The policies that the service
|
||||
supports, the defaults it implements in its code, and the defaults that a charm
|
||||
may include should all be clearly understood before proceeding.
|
||||
|
||||
> **Caution**: It is possible to break the system (for tenants and other
|
||||
services) if policies are incorrectly applied to the service.
|
||||
|
||||
Policy statements are placed in a YAML file. This file (or files) is then (ZIP)
|
||||
compressed into a single file and used as an application resource. The override
|
||||
is then enabled via a Boolean charm option.
|
||||
|
||||
Here are the essential commands (filenames are arbitrary):
|
||||
|
||||
zip overrides.zip override-file.yaml
|
||||
juju attach-resource aodh policyd-override=overrides.zip
|
||||
juju config aodh use-policyd-override=true
|
||||
|
||||
See appendix [Policy Overrides][cdg-appendix-n] in the [OpenStack Charms
|
||||
Deployment Guide][cdg] for a thorough treatment of this feature.
|
||||
|
||||
# Bugs
|
||||
|
||||
Please report bugs on [Launchpad](https://bugs.launchpad.net/charm-aodh/+filebug).
|
||||
|
||||
For general questions please refer to the OpenStack [Charm Guide](https://docs.openstack.org/charm-guide/latest/).
|
||||
|
||||
<!-- LINKS -->
|
||||
|
||||
[cdg]: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide
|
||||
[cdg-appendix-n]: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-policy-overrides.html
|
|
@ -0,0 +1,9 @@
|
|||
options:
|
||||
use-policyd-override:
|
||||
type: boolean
|
||||
default: False
|
||||
description: |
|
||||
If True then use the resource file named 'policyd-override' to install
|
||||
override YAML files in the service's policy.d directory. The resource
|
||||
file should be a ZIP file containing at least one yaml file with a .yaml
|
||||
or .yml extension. If False then remove the overrides.
|
|
@ -21,6 +21,7 @@ import charmhelpers.core.host as ch_host
|
|||
import charms_openstack.charm
|
||||
import charms_openstack.adapters
|
||||
import charms_openstack.ip as os_ip
|
||||
import charms_openstack.plugins
|
||||
|
||||
AODH_DIR = '/etc/aodh'
|
||||
AODH_CONF = os.path.join(AODH_DIR, 'aodh.conf')
|
||||
|
@ -49,7 +50,8 @@ class AodhAdapters(charms_openstack.adapters.OpenStackAPIRelationAdapters):
|
|||
charm_instance=charm_instance)
|
||||
|
||||
|
||||
class AodhCharm(charms_openstack.charm.HAOpenStackCharm):
|
||||
class AodhCharm(charms_openstack.plugins.PolicydOverridePlugin,
|
||||
charms_openstack.charm.HAOpenStackCharm):
|
||||
|
||||
# Internal name of charm + keystone endpoint
|
||||
service_name = name = 'aodh'
|
||||
|
@ -119,6 +121,9 @@ class AodhCharm(charms_openstack.charm.HAOpenStackCharm):
|
|||
|
||||
group = 'aodh'
|
||||
|
||||
# policyd override constants
|
||||
policyd_service_name = 'aodh'
|
||||
|
||||
@staticmethod
|
||||
def reload_and_restart():
|
||||
if ch_host.init_is_systemd():
|
||||
|
|
|
@ -22,3 +22,8 @@ subordinate: false
|
|||
requires:
|
||||
mongodb:
|
||||
interface: mongodb
|
||||
resources:
|
||||
policyd-override:
|
||||
type: file
|
||||
filename: policyd-override.zip
|
||||
description: The policy.d overrides file
|
|
@ -52,7 +52,7 @@ applications:
|
|||
to:
|
||||
- '4'
|
||||
mongodb:
|
||||
charm: cs:trusty/mongodb
|
||||
charm: cs:trusty/mongodb-53
|
||||
num_units: 1
|
||||
to:
|
||||
- '5'
|
||||
|
|
|
@ -11,6 +11,14 @@ machines:
|
|||
3: {}
|
||||
4: {}
|
||||
5: {}
|
||||
6: {}
|
||||
7: {}
|
||||
8: {}
|
||||
9: {}
|
||||
10: {}
|
||||
11: {}
|
||||
12: {}
|
||||
13: {}
|
||||
|
||||
# We specify machine placements for these to improve iteration
|
||||
# time, given that machine "0" comes up way before machine "7"
|
||||
|
@ -51,14 +59,50 @@ applications:
|
|||
openstack-origin: *openstack-origin
|
||||
to:
|
||||
- '4'
|
||||
ceph-osd:
|
||||
charm: cs:~openstack-charmers-next/ceph-osd
|
||||
num_units: 3
|
||||
storage:
|
||||
osd-devices: 'cinder,10G'
|
||||
options:
|
||||
source: *openstack-origin
|
||||
to:
|
||||
- '5'
|
||||
- '6'
|
||||
- '7'
|
||||
ceph-mon:
|
||||
charm: cs:~openstack-charmers-next/ceph-mon
|
||||
num_units: 3
|
||||
options:
|
||||
expected-osd-count: 3
|
||||
monitor-count: '3'
|
||||
source: *openstack-origin
|
||||
to:
|
||||
- '8'
|
||||
- '9'
|
||||
- '10'
|
||||
gnocchi:
|
||||
charm: cs:~openstack-charmers-next/gnocchi
|
||||
num_units: 1
|
||||
options:
|
||||
openstack-origin: *openstack-origin
|
||||
to:
|
||||
- '11'
|
||||
memcached:
|
||||
charm: cs:~memcached-team/memcached
|
||||
num_units: 1
|
||||
to:
|
||||
- '12'
|
||||
mongodb:
|
||||
charm: cs:xenial/mongodb
|
||||
num_units: 1
|
||||
to:
|
||||
- '5'
|
||||
- '13'
|
||||
relations:
|
||||
- - 'keystone:shared-db'
|
||||
- 'percona-cluster:shared-db'
|
||||
- - 'ceph-osd:mon'
|
||||
- 'ceph-mon:osd'
|
||||
- - 'aodh:shared-db'
|
||||
- 'percona-cluster:shared-db'
|
||||
- - 'aodh:amqp'
|
||||
|
@ -75,3 +119,13 @@ relations:
|
|||
- 'mongodb:database'
|
||||
- - 'ceilometer:identity-service'
|
||||
- 'keystone:identity-service'
|
||||
- - 'ceilometer:metric-service'
|
||||
- 'gnocchi:metric-service'
|
||||
- - 'gnocchi:identity-service'
|
||||
- 'keystone:identity-service'
|
||||
- - 'gnocchi:shared-db'
|
||||
- 'percona-cluster:shared-db'
|
||||
- - 'gnocchi:storage-ceph'
|
||||
- 'ceph-mon:client'
|
||||
- - 'gnocchi:coordinator-memcached'
|
||||
- 'memcached:cache'
|
||||
|
|
Loading…
Reference in New Issue