Adapting nova POLICY.JSON

Latest response

Hi folks,

another query for you.
Openstack pike is the platform we are currently run.
Adapting nova policy.json file seems to be not possible.
/etc/nova/policy.json is also empty by default and every manual change did not affect the stack at all.

any suggestion?
Thanks

Br
Niko

NR
Log in to join the conversation

Responses

Daniel Macpherson's picture Red Hat Expert 1065 points
30 July 2018 12:28 PM

Hi Niko,

You should be able to set Nova policies using NovaApiPolicies in an environment file. The parameter takes a json hash containing your policies. For example:

parameter_defaults:
  NovaApiPolicies: { nova-context_is_admin: { key: context_is_admin, value: 'role:admin' } }

More info here:

This is better than editing policy files manually after a deployment because the edits do not persist when you rerun openstack overcloud deploy.

NR Active Contributor 245 points
30 July 2018 12:54 PM

Hi Daniel, thanks for the quick response. To deploy the overcloud we are using .yaml files which they located in /home/stack/templates/ Which environment file must be adapted accordingly?

thanks Br Niko

Daniel Macpherson's picture Red Hat Expert 1065 points
30 July 2018 1:05 PM

Any environment file should work. If need be, you can create an additional environment (e.g. policies.yaml) and include that with your deployment. Or you can include it with an existing environment file. It comes down to how you prefer to manage your environment files (i.e. one per each feature, or as few as possible to limit the number of ifles to include with the deployment command).

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.