Search
Thavamaniraja S

How to set and enforce tagging policies in HPE GreenLake for Private Cloud Enterprise

August 3, 2020

Editor’s Note – NAME CHANGE: HPE GreenLake for Private Cloud is now part of HPE GreenLake for Private Cloud Enterprise.

Introduction

HPE GreenLake for private cloud allows customers to assign metadata to their instances in the form of tags. An instance is a set of virtual machines that compose a horizontally scalable entity or a service suite, like a database. Tags help customers manage, report and filter their instances, providing a business context to resource consumption and cost. The goal of this article is to discuss tags and the process of creating and enforcing tagging policies.

Tags

A tag is simply a label that consists of a customer-defined key and value that makes it easier to manage and filter instances. Tags allow you to categorize your instances in different ways. For example, you could define a set of tags for your instances that help you track each instances’ owner, department, and purpose.

The following diagram illustrates how tagging works. In this example, I assigned two tags to each instance. One tag defines the key Owner and the other delineates the key Purpose.

b1

Tag Policies

With HPE GreenLake for private cloud tag policies, you can enforce a tag with a specific key and value or you can enforce the value coming from a specific list of values when an instance is provisioned. The list of acceptable values you designate can be any Option List that already exists in HPE GreenLake for private cloud.

Option Lists can be populated in a number of ways including manually within HPE GreenLake for private cloud or from a REST API. In this article, I will illustrate the process of creating Option Lists designated as type "Manual".

NOTE: Refer to HPE GreenLake for private cloud documentation to obtain more information on Option Lists

Other Tag Policy capabilities include: - Multiple tag policies can be combined to enforce a comprehensive tag compliance program - An Instance details page will warn when tags are not in compliance - Administrators have the option to enable strict enforcement, stopping instance provisioning that would violate the tag policies

Creating an Option List of Type "Manual"

  • Navigate to Provisioning - Library - OPTIONS LISTS and select +ADD key.

b2

  • Enter a NAME for the Option List, select "MANUAL" type, provide DATASET and click on SAVE CHANGES.

b3

NOTE: JSON entries must be formatted as shown in the following example.

[{"name": "Purpose1","value": "Development"},{"name": "Purpose2","value": "Production"}]

Creating a Tag Policy

  • Navigate to Administration - Policies and select +ADD POLICY key.
  • In the TYPE drop-down, select Tags. The new policy modal will show options pertaining specifically to tagging, as shown below:

b4

  • Set the options as required. In this example, the following options are set:
    • TYPE: Tags
    • NAME: A name given to this specific policy
    • ENABLED: When checked, the policy will be put into effect upon Save
    • STRICT ENFORCEMENT: When checked, new instances will not be provisioned if they violate the tag policy. When unchecked, users are only warned for non-compliance.
    • KEY: HPE GreenLake for private cloud requires a tag be added with the entered Key
    • VALUE LIST: If set, a tag with the key indicated above must have a value contained in the Option List selected
    • SCOPE: In this example case, it is set to Global, but tag policies can also be targeted to Groups, Clouds, Users and Roles

b5

Once you have clicked "SAVE CHANGES", the policy is in effect so long as the "ENABLED" box is checked (which is true by default for new policies).

Checking the Tag Policy enforcement

With the Tag Policy currently in place, you can see it in action when trying to provision an instance. Since I am enforcing a tag with key "Purpose" to exist with STRICT ENFORCEMENT, the provisioning wizard will not allow me to progress past the configuration tab if the tag is not set as shown below.

b6

If an Option List is associated with the Tag Policy, you will see a similar validation error if you enter a tag key with no value or with a value that is not in the Option List.

b7

If you return to the policy and deselect the "STRICT ENFORCEMENT" option, you will no longer be prevented from provisioning it, even when the tags violate the policy. You will, however see a message on the instance details page with information on which tag policy is being violated by the given instance, as shown below:

In a future blog entry, I’ll show how you can use tags to provide showback reporting and budgeting with business context in Consumption Analytics. Make sure you check the HPE DEV blog site often to find future posts related to this topic. If you have questions, please feel free to connect with me on the HPE DEV Slack channel.

Related

Akash Patel, Guoping Jia, Sonu Sudhakaran

A guide to enabling a managed Istio service mesh in a Kubernetes cluster on HPE GreenLake for Private Cloud Enterprise

Feb 16, 2023
Ron Dharma

Using HPE GreenLake Console's API Gateway for Data Services Cloud Console

Nov 30, 2021
Paul Zinn

Automate ITOps: announcing foundational APIs for the HPE GreenLake edge-to-cloud platform

Dec 1, 2023
Chaitra Mylarappachar

Bare metal provisioning on HPE GreenLake using Terraform

Mar 20, 2023
Michael Rose Jr.

Configuring Azure AD as the SAML IDP with HPE Greenlake Cloud Platform and Aruba Central

Jul 11, 2022
Prabhu Murthy - Cloud Operations

How to implement a single sign-on solution to authenticate users onto the HPE GreenLake edge-to-cloud platform

Nov 29, 2023
Guoping Jia

Create a General-Purpose Kubeconfig File in HPE GreenLake for Private Cloud Enterprise

May 20, 2022
Thavamaniraja.S and Vinnarasu Ganesan

Curate and Expose Service Catalog Items using HPE GreenLake for Private Cloud Enterprise

Feb 16, 2022

HPE Developer Newsletter

Stay in the loop.

Sign up for the HPE Developer Newsletter or visit the Newsletter Archive to see past content.

By clicking on “Subscribe Now”, I agree to HPE sending me personalized email communication about HPE and select HPE-Partner products, services, offers and events. I understand that my email address will be used in accordance with HPE Privacy Statement. You may unsubscribe from receiving HPE and HPE-Partner news and offers at any time by clicking on the Unsubscribe button at the bottom of the newsletter.

For more information on how HPE manages, uses, and protects your personal data please refer to HPE Privacy Statement.