Skip to main contentIBM Cloud Pak Playbook

Red Hat CloudForms Policies

This section covers policy management using Red Hat CloudForms 5.0 for Cloud Pak for Multicloud Management.

Policies in CloudForms

CloudForms policies are definitions that can enforce actions to a set of resources.

In general, policies are definitions that can cause actions to be taken by CloudForms. The anatomy of a policy is shown here:

CloudForms policy

Based on that diagram, the element of a policy are:

  • Scope: The scope defines a set of filters that selects the resources that this policy will applies to. If you do not specify a scope, all resources will be evaluated for this policy. The scope is important as the filter to limit which resources will be evaluated against this policy.

  • Condition: The condition evaluates the resources that will trigger the policy event. This condition can be a simple or compound conditions. The condition can check the resource attributes or an aggregate of the resources under the selected resources, such as total memory used by all pods in an OpenShift project.

  • Event: Once the condition evaluates to true for the resource, an event is generated. The event is defined in the policy. This event will be used to trigger the action(s) that is/are defined in the policy.

  • Action: The actual management tasks to be launched based on the event. These action tasks are common actions that are available from CloudForms itself, such as VM operations, tagging a resource and others.

There are 2 types of policy:

  • Control policy: Control policy is a policy used to control the resources under CloudForms, it automates management actions for new or changed resources by automating checks and performing management tasks. Some examples of usage:
    • Automatic restart of critical machines
    • Automated backup of VM, when last backup is older than 7 days
  • Compliance policy: The compliance policy automatically add the action to flag the resource as not-compliant; the non-compliant resources are listed in the summary screen. Some examples of usage:
    • For ubuntu machines, running apt-get upgrade if found not compliance package
    • Checking administrator password based on dictionary word and mark it non-compliant

Policy Resources

Policies can be used to control resources on different levels. Some resources can be used to evaluate an aggregate value of the enclosed resources. The following lists the resources that can have policy defined:

  • Provider: managing the provider domain status:
    • Cloud provider such as Amazon, Azure or OpenStack;
    • Infrastructure provider such as Microsoft VMM, VMware vSphere, RHV, OpenStack Platform Director
    • Physical infrastructure provider Lenovo XClarity,
    • Container provider RedHat OpenShift v3.
  • Physical Server: managing physical infrastructure servers
  • Host: infrastructure provider hosts
  • VM: managing cloud and infrastructure provider instances (EC2. Azure, OpenStack), VMs (vSphere)
  • Container Project: managing OpenShift v3 namespaces
  • Container Node: managing OpenShift v3 nodes
  • Container Image: managing OpenShift v3 container images
  • Replicator: managing OpenShift v3 workload such as statefulset, daemonset, deployment, deploymentconfig, replicaset
  • Pod: managing OpenShift v3 pods

    Using Policies

    The following are some screen shots on defining policy.

    1. From the main menu go to Control > Explorer. Policy control
    2. Expand the menu Policies > Policy > Control Policy or Compliance Policy > policy type. Policy tree
    3. Select the policy type that you want to create and then select Configuration > Add new … PolicyNew policy
    4. Specify the scope condition(s) - based on fields, counts or tags; click Commit and click Add. Define scope
    5. Define Configuration > Create a new Condition assigned to this Policy and specify the conditions. Define condition Specify the condition that you wanted to check, such as number of users more than 5; click Commit and click Add.
      Add condition
    6. Select the event (which is the same as the policy name) Configuration > Edit Actions from Policy Event. Event action
    7. Specify the actions on whether the condition is true or not. Click Save when done. Action policy

    The resulting policy is shown below.
    Full policy