summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVincent Cojot <vcojot@redhat.com>2017-04-19 01:29:53 +0530
committerVincent Cojot <vcojot@redhat.com>2017-04-19 01:29:53 +0530
commitc1fccc6537b6dc1a07ee38fbcf6a76a147e095b8 (patch)
treefacc344f5750518928198fd517b875e8f8ed34f3
parentfcfa4a6d8b1640a905c4977cdfabfce718dfb8ac (diff)
downloadopenstack-access-policy-c1fccc6537b6dc1a07ee38fbcf6a76a147e095b8.zip
openstack-access-policy-c1fccc6537b6dc1a07ee38fbcf6a76a147e095b8.tar.gz
openstack-access-policy-c1fccc6537b6dc1a07ee38fbcf6a76a147e095b8.tar.xz
Update README.md
-rw-r--r--README.md18
1 files changed, 17 insertions, 1 deletions
diff --git a/README.md b/README.md
index 3647257..633cd55 100644
--- a/README.md
+++ b/README.md
@@ -12,4 +12,20 @@ This project includes several areas:
both the undercloud and overcloud. An ASCII version of the MOP is provided
in this repository.
-This work on the 'readonly' was a request of the VZW HQ Planning group. \ No newline at end of file
+This work on the 'readonly' was a request of the VZW HQ Planning group.
+
+Here is how it works:
+
+On the undercloud, as the 'stack' user perform the following steps:
+
+1) source stackrc
+2) git clone https://gitlab.cee.redhat.com/vcojot/OSP-Readonly-Policies/tree/master
+3) ./policydir/files/push_readonly_policies_to_overcloud.sh
+
+(this will auto-detect the controllers and push the appropriate policies)
+
+To restrict a user, then simply do add the 'readonly' role to the user, do a:
+openstack role add --project <tenant_name> --user <user_name> readonly
+
+To lift the restrictions and re-enable modifications to the overcloud, do a:
+openstack role remove --project <tenant_name> --user <user_name> readonly