Skip to content

Commit

Permalink
Merge "docs: Improve policy documentation"
Browse files Browse the repository at this point in the history
  • Loading branch information
@openstack-gerrit
Zuul authored and openstack-gerrit committed Apr 26, 2021
2 parents 2be34ed + 030a9a2 commit 9d0734f
Showing 1 changed file with 21 additions and 14 deletions.
35 changes: 21 additions & 14 deletions doc/source/admin/advanced-configuration.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,27 +176,34 @@ operator needs to create ``/etc/kolla/config/global.conf`` with content:
[database]
max_pool_size = 100
In case the operators want to customize ``policy.json`` file, they should
create a full policy file for specific project in the same directory like above
and Kolla will overwrite default policy file with it. Be aware, with some
projects are keeping full policy file in source code, operators just need to
copy it but with some others are defining default rules in codebase, they have
to generate it.
OpenStack policy customisation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

For example to overwrite ``policy.json`` file of Neutron project, the operator
needs to grab ``policy.json`` from Neutron project source code, update rules
and then put it to ``/etc/kolla/config/neutron/policy.json``.
OpenStack services allow customisation of policy. Since the Queens release,
default policy configuration is defined within the source code for each
service, meaning that operators only need to override rules they wish to
change. Projects typically provide documentation on their default policy
configuration, for example, :keystone-doc:`Keystone <configuration/policy>`.

.. note::
Policy can be customised via JSON or YAML files. As of the Wallaby release, the
JSON format is deprecated in favour of YAML. One major benefit of YAML is that
it allows for the use of comments.

Currently kolla-ansible only support JSON and YAML format for policy file.
For example, to customise the Neutron policy in YAML format, the operator
should add the customised rules in ``/etc/kolla/config/neutron/policy.yaml``.

The operator can make these changes after services were already deployed by
using following command:
The operator can make these changes after services have been deployed by using
the following command:

.. code-block:: console
kolla-ansible reconfigure
kolla-ansible deploy
In order to present a user with the correct interface, Horizon includes policy
for other services. Customisations made to those services may need to be
replicated in Horizon. For example, to customise the Neutron policy in YAML
format for Horizon, the operator should add the customised rules in
``/etc/kolla/config/horizon/neutron_policy.yaml``.

IP Address Constrained Environments
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Expand Down

0 comments on commit 9d0734f

Please sign in to comment.