Difference between revisions of "PolicyGuidedFulfillmentDemo"
Line 28: | Line 28: | ||
** enabled services [[Murano]], [[Mistral]], and [[Congress]] | ** enabled services [[Murano]], [[Mistral]], and [[Congress]] | ||
** enabled policy enforcement in Murano documentation http://murano.readthedocs.org/en/latest/articles/policy_enf.html#introduction | ** enabled policy enforcement in Murano documentation http://murano.readthedocs.org/en/latest/articles/policy_enf.html#introduction | ||
+ | ** create '''qa''' tenant | ||
+ | *** assign '''demo''' user to roles ''Member'', ''anotherrole'' in the tenant (same roles as demo user has in demo tenant) | ||
+ | *** assign '''admin''' user to role ''admin'' in the tenant (same roles as admin user has in demo tenant) | ||
* '''VM images''' | * '''VM images''' | ||
** Ubuntu based image | ** Ubuntu based image | ||
Line 95: | Line 98: | ||
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "qa")' | openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "qa")' | ||
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")' | openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")' | ||
+ | |||
+ | |||
+ | == Demo Steps == | ||
+ | |||
+ | * The cloud admin(s) sets 2 policy rules: | ||
+ | ** Tenant A can only use MySQL as a DB vendor | ||
+ | ** Tenant B can only use PostgreSQL as a DB vendor | ||
+ | Done by creating policy rules in setup guide. | ||
+ | |||
+ | |||
+ | * The admin wishes to model a Tomcat application that depends on a DB | ||
+ | ** Tenant A admin models it with a MySQL DB | ||
+ | ** Tenant B admin models it with a PostgreSQL DB | ||
+ | Done by uploading application packages | ||
+ | |||
+ | |||
+ | * Application developer want to add a workflow to the application deployment that will verify the Tomcat is up and running (by sending a GET request) and will send an email notifying whether the deployment has completed successfully or not. | ||
+ | TBD | ||
+ | |||
+ | |||
+ | * The admins deploy the application models to Murano. The package will also include the Mistral workflow (so we will not depend on it being pre-deployed to Mistral) | ||
+ | TBD | ||
+ | |||
+ | |||
+ | * End user of tenant A wishes to deploy the Tomcat application that relies on PostgreSQL | ||
+ | ** Deployment fails since the policy rules restrict this DB for tenant A | ||
+ | TBD | ||
+ | |||
+ | |||
+ | * End user of tenant A asks Murano to deploy tomcat with MySQL DB | ||
+ | ** Application is deployed | ||
+ | ** At the end of deployment phase, the workflow is deployed to Mistral (programmatically, by this specific application deployment logic) | ||
+ | ** The workflow is triggered by the application class | ||
+ | ** A mail will be sent to the end user indicating whether Tomcat has been deployed and whether it is responsive | ||
+ | TBD |
Revision as of 14:25, 25 February 2015
Contents
Policy Guided Fulfillment Demo
This topic provides information on demo of Policy Guided Fulfillment .
Demo Scenario
- The cloud admin(s) sets 2 policy rules:
- Tenant A can only use MySQL as a DB vendor
- Tenant B can only use PostgreSQL as a DB vendor
- The admin wishes to model a Tomcat application that depends on a DB
- Tenant A admin models it with a MySQL DB
- Tenant B admin models it with a PostgreSQL DB
- Application developer want to add a workflow to the application deployment that will verify the Tomcat is up and running (by sending a GET request) and will send an email notifying whether the deployment has completed successfully or not.
- The admins deploy the application models to Murano. The package will also include the Mistral workflow (so we will not depend on it being pre-deployed to Mistral)
- End user of tenant A wishes to deploy the Tomcat application that relies on PostgreSQL
- Deployment fails since the policy rules restrict this DB for tenant A
- End user of tenant A asks Murano to deploy tomcat with MySQL DB
- Application is deployed
- At the end of deployment phase, the workflow is deployed to Mistral (programmatically, by this specific application deployment logic)
- The workflow is triggered by the application class
- A mail will be sent to the end user indicating whether Tomcat has been deployed and whether it is responsive
Demo Setup Guide
Prerequisities
- OpenStack
- enabled services Murano, Mistral, and Congress
- enabled policy enforcement in Murano documentation http://murano.readthedocs.org/en/latest/articles/policy_enf.html#introduction
- create qa tenant
- assign demo user to roles Member, anotherrole in the tenant (same roles as demo user has in demo tenant)
- assign admin user to role admin in the tenant (same roles as admin user has in demo tenant)
- VM images
- Ubuntu based image
- Centos (RedHat) based image
- Images have to have installed Murano Agent
- if you are behind proxy, then images have to have configured proxy
- Networking
- Access to internet is required
- if you have proxy access to internet, you have to configured it in our lab, and VM images
- Access to internet is required
Application
Application is based on packages used in murano-apps, murano-app-incubator, and hello-world-servlet .
Application packages are available here: https://github.com/filip-blaha/policy-guided-fulfillment-demo :
- io.murano.apps.java.HelloWorld
- main application package.
- it install web application from https://github.com/filip-blaha/hello-world-servlet to Tomcat and configures database.
- has dependency on SqlDatabase, so one of MySql, PostgreSql can be choosen
- has dependency on Tomcat
- io.murano.apps.apache.Tomcat
- Installs Tomcat
- io.murano.databases.SqlDatabase
- Base package for databases. It defines base actions for database configuration.
- io.murano.databases.MySql
- MySql database package
- io.murano.databases.PostgreSql
- Postgres database package
Create packages and upload them into OpenStack:
git clone https://github.com/filip-blaha/policy-guided-fulfillment-demo cd policy-guided-fulfillment-demo . ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually ./package-manager.sh io.murano.apps.apache.Tomcat ./package-manager.sh io.murano.apps.java.HelloWorld ./package-manager.sh io.murano.databases.MySql ./package-manager.sh io.murano.databases.PostgreSql ./package-manager.sh io.murano.databases.SqlDatabase
Policy Rules
Following policy rules defines predeploy enforcement of the demo.
Execute following commands to create the policies:
. ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually
# allowed app main rules openstack congress policy rule create murano_system 'predeploy_errors(eid,oid,msg) :- murano:objects(oid,eid,type), murano:properties(eid,"tenant_id",tid), murano:parent_types(oid,"io.murano.Application"), tenantName(tid,tname), not allowedApp(type, tname),concat("Unsupported application detected: ", type, tmsg1),concat(tmsg1, ", ", tmsg2),objName(oid, oname), concat(tmsg2, oname, msg)'
openstack congress policy rule create murano_system 'objName(oid,oname) :- murano:properties(oid, "name", oname)'
openstack congress policy rule create murano_system 'tenantName(tid, tname) :- keystone:tenants(en,desc,tname,tid)'
#demo tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.MySql", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "demo")'
#qa tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.PostgreSql", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")'
Demo Steps
* The cloud admin(s) sets 2 policy rules: ** Tenant A can only use MySQL as a DB vendor ** Tenant B can only use PostgreSQL as a DB vendor
Done by creating policy rules in setup guide.
* The admin wishes to model a Tomcat application that depends on a DB ** Tenant A admin models it with a MySQL DB ** Tenant B admin models it with a PostgreSQL DB
Done by uploading application packages
* Application developer want to add a workflow to the application deployment that will verify the Tomcat is up and running (by sending a GET request) and will send an email notifying whether the deployment has completed successfully or not.
TBD
- The admins deploy the application models to Murano. The package will also include the Mistral workflow (so we will not depend on it being pre-deployed to Mistral)
TBD
* End user of tenant A wishes to deploy the Tomcat application that relies on PostgreSQL ** Deployment fails since the policy rules restrict this DB for tenant A
TBD
* End user of tenant A asks Murano to deploy tomcat with MySQL DB ** Application is deployed ** At the end of deployment phase, the workflow is deployed to Mistral (programmatically, by this specific application deployment logic) ** The workflow is triggered by the application class ** A mail will be sent to the end user indicating whether Tomcat has been deployed and whether it is responsive
TBD