Policyd override implementation
This patchset implements policy overrides for gnocchi Change-Id: Ie7a02c536d5085cd2548b84d94b7a6bf8ac6a315 Closed-Bug: #1741723
This commit is contained in:
parent
c77934ee52
commit
7bec3ddee6
|
@ -36,4 +36,32 @@ Gnocchi is configured to be deployed by default with Ceph, however,
|
|||
it can also connect to an S3 storage backend. To configure Gnocchi with S3,
|
||||
configuration options (`storage-backend`, `s3-region-name`, `s3-endpoint-url`,
|
||||
`s3-access-key-id` and `s3-secret-access-key`) must be provided.
|
||||
Please take a look at `config.yaml` for more details.
|
||||
Please take a look at `config.yaml` for more details.
|
||||
|
||||
## Policy Overrides
|
||||
|
||||
Policy overrides is an **advanced** feature that allows an operator to override
|
||||
the default policy of an OpenStack service. The policies that the service
|
||||
supports, the defaults it implements in its code, and the defaults that a charm
|
||||
may include should all be clearly understood before proceeding.
|
||||
|
||||
> **Caution**: It is possible to break the system (for tenants and other
|
||||
services) if policies are incorrectly applied to the service.
|
||||
|
||||
Policy statements are placed in a YAML file. This file (or files) is then (ZIP)
|
||||
compressed into a single file and used as an application resource. The override
|
||||
is then enabled via a Boolean charm option.
|
||||
|
||||
Here are the essential commands (filenames are arbitrary):
|
||||
|
||||
zip overrides.zip override-file.yaml
|
||||
juju attach-resource gnocchi policyd-override=overrides.zip
|
||||
juju config gnocchi use-policyd-override=true
|
||||
|
||||
See appendix [Policy Overrides][cdg-appendix-n] in the [OpenStack Charms
|
||||
Deployment Guide][cdg] for a thorough treatment of this feature.
|
||||
|
||||
<!-- LINKS -->
|
||||
|
||||
[cdg]: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide
|
||||
[cdg-appendix-n]: https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/latest/app-policy-overrides.html
|
||||
|
|
|
@ -40,4 +40,12 @@ options:
|
|||
default: 50
|
||||
description: |
|
||||
The maximum number of connections to keep in a connection pool. (integer value).
|
||||
Minimum value: 1
|
||||
Minimum value: 1
|
||||
use-policyd-override:
|
||||
type: boolean
|
||||
default: False
|
||||
description: |
|
||||
If True then use the resource file named 'policyd-override' to install
|
||||
override YAML files in the service's policy.d directory. The resource
|
||||
file should be a ZIP file containing at least one yaml file with a .yaml
|
||||
or .yml extension. If False then remove the overrides.
|
||||
|
|
|
@ -109,7 +109,8 @@ class GnocchiCharmRelationAdapters(adapters.OpenStackAPIRelationAdapters):
|
|||
}
|
||||
|
||||
|
||||
class GnocchiCharmBase(charms_openstack.charm.HAOpenStackCharm,
|
||||
class GnocchiCharmBase(charms_openstack.plugins.PolicydOverridePlugin,
|
||||
charms_openstack.charm.HAOpenStackCharm,
|
||||
charms_openstack.plugins.BaseOpenStackCephCharm):
|
||||
|
||||
"""
|
||||
|
@ -136,6 +137,9 @@ class GnocchiCharmBase(charms_openstack.charm.HAOpenStackCharm,
|
|||
|
||||
adapters_class = GnocchiCharmRelationAdapters
|
||||
|
||||
# policyd override constants
|
||||
policyd_service_name = 'gnocchi'
|
||||
|
||||
def enable_webserver_site(self):
|
||||
"""Enable Gnocchi Webserver sites if rendered or installed"""
|
||||
pass
|
||||
|
|
|
@ -24,3 +24,8 @@ requires:
|
|||
storage-ceph:
|
||||
interface: ceph-client
|
||||
optional: True
|
||||
resources:
|
||||
policyd-override:
|
||||
type: file
|
||||
filename: policyd-override.zip
|
||||
description: The policy.d overrides file
|
||||
|
|
Loading…
Reference in New Issue