Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
K
Kolla Ansible
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Very Demiurge Very Mindful
Kolla Ansible
Commits
030a9a28
Commit
030a9a28
authored
3 years ago
by
Mark Goddard
Browse files
Options
Downloads
Patches
Plain Diff
docs: Improve policy documentation
Change-Id: Iede747ceaafa54a00186761943fe2f4ac13f9559
parent
93c44483
No related branches found
Branches containing commit
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
doc/source/admin/advanced-configuration.rst
+21
-14
21 additions, 14 deletions
doc/source/admin/advanced-configuration.rst
with
21 additions
and
14 deletions
doc/source/admin/advanced-configuration.rst
+
21
−
14
View file @
030a9a28
...
...
@@ -176,27 +176,34 @@ operator needs to create ``/etc/kolla/config/global.conf`` with content:
[database]
max_pool_size = 100
In case the operators want to customize ``policy.json`` file, they should
create a full policy file for specific project in the same directory like above
and Kolla will overwrite default policy file with it. Be aware, with some
projects are keeping full policy file in source code, operators just need to
copy it but with some others are defining default rules in codebase, they have
to generate it.
OpenStack policy customisation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For example to overwrite ``policy.json`` file of Neutron project, the operator
needs to grab ``policy.json`` from Neutron project source code, update rules
and then put it to ``/etc/kolla/config/neutron/policy.json``.
OpenStack services allow customisation of policy. Since the Queens release,
default policy configuration is defined within the source code for each
service, meaning that operators only need to override rules they wish to
change. Projects typically provide documentation on their default policy
configuration, for example, :keystone-doc:`Keystone <configuration/policy>`.
.. note::
Policy can be customised via JSON or YAML files. As of the Wallaby release, the
JSON format is deprecated in favour of YAML. One major benefit of YAML is that
it allows for the use of comments.
Currently kolla-ansible only support JSON and YAML format for policy file.
For example, to customise the Neutron policy in YAML format, the operator
should add the customised rules in ``/etc/kolla/config/neutron/policy.yaml``.
The operator can make these changes after services
were already
deployed by
using
following command:
The operator can make these changes after services
have been
deployed by
using
the
following command:
.. code-block:: console
kolla-ansible reconfigure
kolla-ansible deploy
In order to present a user with the correct interface, Horizon includes policy
for other services. Customisations made to those services may need to be
replicated in Horizon. For example, to customise the Neutron policy in YAML
format for Horizon, the operator should add the customised rules in
``/etc/kolla/config/horizon/neutron_policy.yaml``.
IP Address Constrained Environments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
