Difference between revisions of "Heat/Blueprints/Multi Region Support for Heat"
(→First solution) |
(→First solution) |
||
Line 74: | Line 74: | ||
− | We will add possibility to represent the context as a template resources | + | We will add possibility to represent the context as a template resources. This will allow us to specify for other resources which context to |
provision within. This soultion is more generic than multi-region because because we will be able not only specify different region but also different user credentials or tenant. | provision within. This soultion is more generic than multi-region because because we will be able not only specify different region but also different user credentials or tenant. | ||
Revision as of 16:13, 4 November 2013
--bartosz-gorski (talk) 23:51, 15 July 2013 (UTC)
Overview
Introduction
Most of enterprises are focusing on Multi-cloud (using both private and public clouds) as enterprise cloud strategy. They will not completely migrate to Service Provider's cloud (public cloud). They will still keep their mission critical information assets to their premise or collocation space (private cloud).
Our goal is to create Hybrid-cloud (combination of public and private cloud). Creating Hybrid-cloud requires:
- Seamless operation among heterogeneous environment
- End-to-end automatic provisioning based on system template (VM, network, topology)
- Unified control and monitoring
- Multi-Hypervisor including bare-metal
- Multi-Region control
- Secure network access via Internet (VPN connection)
Requirements
Requirements for Heat:
- mapping between Regions and API endpoints (multi-region keystone catalog)
- mapping between Regions and Images (Mapping section inside template)
- specifying region for resource
- support for VPN as resource
- support dependencies between resource in different regions
- horizon interface for Heat with multi regions
Goal
First Use Case Scenario (no dependencies)
We have two regions (RegionOne and RegionTwo) with separate OpenStack installations. We want to use Heat with multi region support to create in both regions:
- Neutron Network
- Neutron Subnet
- 10.1.0.0/24 in RegionOne
- 10.2.0.0/24 in RegionTwo
- Router
- Router Interface for created subnet
- Router Gateway for external network
- VPN Service for created router
- IKE Policy
- IPsec Policy
- VPN Connection
- Server connected to created subnet
Created servers should be able to see each other using local IP address.
First_Use_Case.template - template file for it in appendix.
Second Use Case Scenario (with dependencies)
Similar to the first use case but creation of the second server depends on the first one. We want to deploy web service (ex. wordpress) on two servers. One server with application (ex. apache and wordpress) and second server with database (ex. mysql server). Befor creating server with application we need to know the IP address of the server with database so we need to wait until it will be created.
Second_Use_Case.template - template file for it in appendix.
Architecture
Overview
Description:
- more than one region (for example two: RegionOne and RegionTwo)
- separate OpenStack installation (Nova, Glance, Swift, Neutron and Cinder) in each region
- one Keystone service for all regions
- one Horizon with multi region support
- one Heat service to orchestrate more than one region
First solution
Currently Heat launches the stack using context which includes:
- keystone endpoint
- tenant/project
- user credentials
We will add possibility to represent the context as a template resources. This will allow us to specify for other resources which context to
provision within. This soultion is more generic than multi-region because because we will be able not only specify different region but also different user credentials or tenant.
In the first version of the proposed solution we will only allow to specify different context for nested stacks.
Challenges & Problems
Challenge | Solution |
---|---|
How to represent credentials for different clouds? | ? |
How to assign a given resource to a region/cloud (assign an entire nested stack to a particular region/cloud is enough?) | |
How to avoid single point of failure? | ? |
What is the better way to pass template file for nested stack than url to file? | ? |
What should happen if one of the region fails? | ? |
What needs to be done
Heat
Engine
VPN support
Context as Resource
Property | Description |
---|---|
name | User friendly name of the context |
description | Context description. |
project_name | Name of the keystone project. |
region_name | Name of the region. |
heat_endpoint | URL to the Heat API in specified region. If not provided Heat will query keystone service to get it. |
username | Username of the keystone account. |
password | Password for provided username. |
... "Resources" : { ... "MyContext": { "Type": "OS::Cloud::Context", "Properties": { "name": "My context", "descirption": "My new context description", "project_name" : "demo", "region_name" : "RegionOne", "username" : { "Ref" : "Username" }, "password" : { "Ref" : "Password" } } }, ... } ...
Nested Stack
Property | Description | Implementation |
---|---|---|
Context | Context which will be used to create nested stack | Not started |
TemplateURL | Url address to nested stack tempalte file | Done |
TimeoutInMinutes | Creation timeout in minutes | Done |
Parameters | Values for nested stack parameters | Done |
... "Resources" : { ... "NewStackTemplate": { "Type": "AWS::CloudFormation::Stack", "Properties": { "TemplateURL": "https://raw.github.com/openstack/heat-templates/master/cfn/NestedStack.template", "Context" : { "Ref" : "MyContext" }, "Parameters": { "ParameterName1" : "Value1", "ParameterName2" : "Value2", "ParameterName3" : "Value3", ... } } }, ... } ...
UI
Existing UI views:
- Stack List for Tenant
- Launch new Stack
- Stack Details
- Resource Details
What about views for nested stack?
Horizon support for multi regions
Dropbox will appear only if more than one region is available in keystone catalog.
- Project Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Project Tab)
- Admin Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Admin Tab)
Dependencies & References
- BL: Implement a Heat UI for managing stacks (MERGED)
- BL: Support multiple endpoints for the same service (MERGED)
- BL: VPN as a Service providing IPsec VPN with Static routing (UNDER REVIEW)
Appendix
Templates
Github repository with templates
- First_Use_Case.template
- Second_USe_Case.template