openstack-access-policy

Clone
Source Code
GIT

Files

  1.   671534358b384af53595419a62c12870fa3586fe
etc
README.md
README.md

This is a repository of the files/tools we are developping around integrating the sevone (monitoring software) into RH-OSP.

This project includes several areas: - Add policy files to the overcloud to restrict the 'readonly' role and prevent update/create/delete operations.

  • Add tooling (OBSOLETE since this will be done through node-payload in the osp10 templates) to push/update policies on the overcloud.

  • Provide a MOP (Method of procedure) to enable Sevone pre-requisites on both the undercloud and overcloud. An ASCII version of the MOP is provided in this repository.

This work on the 'readonly' role was a request of the VZW HQ Planning group.

Here is how it works:

On the undercloud, as the 'stack' user perform the following steps:

1) source stackrc  
2) git clone https://gitlab.cee.redhat.com/vcojot/OSP-Readonly-Policies/tree/master  
3) ./policydir/files/push_readonly_policies_to_overcloud.sh  
4) source overcloudrc
5) openstack role create readonly

(this will auto-detect the controllers and push the appropriate policies)

To restrict a user, then simply do add the 'readonly' role to the user, do a: 

openstack role add --project <tenant_name> --user <user_name> readonly

To lift the restrictions and re-enable modifications to the overcloud, do a: 

openstack role remove --project <tenant_name> --user <user_name> readonly
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.