openstack/kolla-ansible
Code Issues Proposed changes

docs: Improve policy documentation

Browse Source 
Change-Id: Iede747ceaafa54a00186761943fe2f4ac13f9559
This commit is contained in:
Mark Goddard 2021-03-30 10:04:07 +01:00
parent 93c4448365
commit 030a9a28d7
1 changed files with 21 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
doc/source/admin/advanced-configuration.rst
View File

@ -176,27 +176,34 @@ operator needs to create ``/etc/kolla/config/global.conf`` with content:
[database] [database]
max_pool_size = 100 max_pool_size = 100
In case the operators want to customize ``policy.json`` file, they should OpenStack policy customisation
create a full policy file for specific project in the same directory like above ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
and Kolla will overwrite default policy file with it. Be aware, with some
projects are keeping full policy file in source code, operators just need to
copy it but with some others are defining default rules in codebase, they have
to generate it.
For example to overwrite ``policy.json`` file of Neutron project, the operator OpenStack services allow customisation of policy. Since the Queens release,
needs to grab ``policy.json`` from Neutron project source code, update rules default policy configuration is defined within the source code for each
and then put it to ``/etc/kolla/config/neutron/policy.json``. service, meaning that operators only need to override rules they wish to
change. Projects typically provide documentation on their default policy
configuration, for example, :keystone-doc:`Keystone <configuration/policy>`.
.. note:: Policy can be customised via JSON or YAML files. As of the Wallaby release, the
JSON format is deprecated in favour of YAML. One major benefit of YAML is that
it allows for the use of comments.
Currently kolla-ansible only support JSON and YAML format for policy file. For example, to customise the Neutron policy in YAML format, the operator
should add the customised rules in ``/etc/kolla/config/neutron/policy.yaml``.
The operator can make these changes after services were already deployed by The operator can make these changes after services have been deployed by using
using following command: the following command:
.. code-block:: console .. code-block:: console
kolla-ansible reconfigure kolla-ansible deploy
In order to present a user with the correct interface, Horizon includes policy
for other services. Customisations made to those services may need to be
replicated in Horizon. For example, to customise the Neutron policy in YAML
format for Horizon, the operator should add the customised rules in
``/etc/kolla/config/horizon/neutron_policy.yaml``.
IP Address Constrained Environments IP Address Constrained Environments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~