RETIRED, Congress
Go to file
Zuul b15aa16c7f Merge "Fix swift auth issue by specifying version in url" 2018-02-08 04:16:42 +00:00
antlr3runtime Fix for broken antlr3 in stand-alone install 2016-03-21 21:40:23 -07:00
bin Fix relative import path in source tree 2014-07-08 16:25:36 -07:00
congress Merge "Fix swift auth issue by specifying version in url" 2018-02-08 04:16:42 +00:00
contrib/nova Implement horizon plugin model 2016-08-10 03:49:44 +00:00
devstack Merge "Configure tempest service_availability correctly" 2018-02-05 12:35:56 +00:00
doc/source Update congress documentation 2018-02-07 16:47:20 +05:30
etc Merge "Agent for configuration file validation" 2018-01-04 21:42:44 +00:00
examples use . instead of source. 2018-01-29 14:23:39 +00:00
library Library policy for tag-based network security zone 2017-12-12 16:11:11 -08:00
playbooks/legacy Enable congress-tempest-plugin to use in congress 2018-01-25 09:17:57 +05:30
releasenotes Merge "Fix swift auth issue by specifying version in url" 2018-02-08 04:16:42 +00:00
scripts Update manual testing script and output 2018-02-06 14:47:40 -08:00
thirdparty Remove antlr3 files except Python runtime 2017-01-25 16:05:04 -08:00
tools remove new_arch in tox 2016-09-05 11:35:46 +05:30
.coveragerc Update .coveragerc after the removal of openstack directory 2016-10-17 17:44:34 +05:30
.gitignore Update .gitignore with .idea 2015-05-24 13:41:12 -07:00
.gitreview Update .gitreview file to reflect repo rename 2015-04-18 00:37:35 +00:00
.mailmap Restructure to follow OpenStack cookiecutter template 2014-01-07 15:31:36 -08:00
.testr.conf remove new_arch in tox 2016-09-05 11:35:46 +05:30
.zuul.yaml Merge "Zuul: Remove project name" 2018-02-05 06:52:16 +00:00
CONTRIBUTING.rst move docs into new structure and fix links 2017-08-08 06:58:30 +00:00
HACKING.rst Update the doc link 2017-11-08 21:33:20 +08:00
LICENSE Restructure to follow OpenStack cookiecutter template 2014-01-07 15:31:36 -08:00
Makefile Remove antlr3 files except Python runtime 2017-01-25 16:05:04 -08:00
README.rst move docs into new structure and fix links 2017-08-08 06:58:30 +00:00
babel.cfg Restructure to follow OpenStack cookiecutter template 2014-01-07 15:31:36 -08:00
bindep.txt local HA tests 2016-11-01 18:20:39 -07:00
future-features.txt Fixed some misspellings 2015-07-01 10:36:17 +08:00
requirements.txt Updated from global requirements 2018-02-08 00:09:08 +00:00
run_tests.sh Cleanup unused Oslo Incubator code and references 2016-03-18 14:26:24 -04:00
setup.cfg Remove intree tempest tests 2018-02-05 11:27:54 +05:30
setup.py Updated from global requirements 2017-03-07 01:55:59 +00:00
test-requirements.txt DB operations retry on deadlock 2018-02-07 11:46:23 -08:00
thirdparty-requirements.txt Move monascaclient to requirements.txt 2017-04-05 10:49:40 +05:30
tox.ini Merge "Agent for configuration file validation" 2018-01-04 21:42:44 +00:00

README.rst

Welcome to Congress

Team and repository tags

image

What is Congress

Congress is an open policy framework for the cloud. With Congress, a cloud operator can declare, monitor, enforce, and audit "policy" in a heterogeneous cloud environment. Congress gets inputs from a cloud's various cloud services; for example in OpenStack, Congress fetches information about VMs from Nova, and network state from Neutron, etc. Congress then feeds input data from those services into its policy engine where Congress verifies that the cloud's actual state abides by the cloud operator's policies. Congress is designed to work with any policy and any cloud service.

Why is Policy Important

The cloud is a collection of autonomous services that constantly change the state of the cloud, and it can be challenging for the cloud operator to know whether the cloud is even configured correctly. For example,

  • The services are often independent from each other and do not support transactional consistency across services, so a cloud management system can change one service (create a VM) without also making a necessary change to another service (attach the VM to a network). This can lead to incorrect behavior.
  • Other times, we have seen a cloud operator allocate cloud resources and then forget to clean them up when the resources are no longer in use, effectively leaving garbage around the system and wasting resources.
  • The desired cloud state can also change over time. For example, if a security vulnerability is discovered in Linux version X, then all machines with version X that were ok in the past are now in an undesirable state. A version number policy would detect all the machines in that undesirable state. This is a trivial example, but the more complex the policy, the more helpful a policy system becomes.

Congress's job is to help people manage that plethora of state across all cloud services with a succinct policy language.

Using Congress

Setting up Congress involves writing policies and configuring Congress to fetch input data from the cloud services. The cloud operator writes policy in the Congress policy language, which receives input from the cloud services in the form of tables. The language itself resembles datalog. For more detail about the policy language and data format see Policy <policy>.

To add a service as an input data source, the cloud operator configures a Congress "driver," and the driver queries the service. Congress already has drivers for several types of service, but if a cloud operator needs to use an unsupported service, she can write a new driver without much effort and probably contribute the driver to the Congress project so that no one else needs to write the same driver.

Finally, when using Congress, the cloud operator must choose what Congress should do with the policy it has been given:

  • monitoring: detect violations of policy and provide a list of those violations
  • proactive enforcement: prevent violations before they happen (functionality that requires other services to consult with Congress before making changes)
  • reactive enforcement: correct violations after they happen (a manual process that Congress tries to simplify)

In the future, Congress will also help the cloud operator audit policy (analyze the history of policy and policy violations).

Congress is free software and is licensed with Apache.

  • Free software: Apache license

Installing Congress

Please refer to the installation guide