Difference between revisions of "Heat/Blueprints/Multi Region Support for Heat"

Revision as of 10:40, 31 July 2013

--bartosz-gorski (talk) 23:51, 15 July 2013 (UTC)

Overview

Introduction

Most of enterprises are focusing on Multi-cloud (using both private and public clouds) as enterprise cloud strategy. They will not completely migrate to Service Provider's cloud (public cloud). They will still keep their mission critical information assets to their premise or collocation space (private cloud).

Our goal is to create Hybrid-cloud (combination of public and private cloud). Creating Hybrid-cloud requires:

Seamless operation among heterogeneous environment
End-to-end automatic provisioning based on system template (VM, network, topology)
Unified control and monitoring
- Multi-Hypervisor including bare-metal
- Multi-Region control
- Secure network access via Internet (VPN connection)

Hybrid-cloud

Requirements & Challenges

Requirements for Heat:

Mapping between Regions and API endpoints
Mapping between Regions and Images
Specifying Region for each resource
Support for VPN as resource
Horizon interface for Heat with multi regions

Challenges:

dealing with dependencies between resources in different regions
minimizing number of single region templates for which multi region template will be split
figure out efficient way to update multi region stack

Goal

First Use Case Scenario (no dependencies)

Multi region first use case

We have two regions (East and West) with separate OpenStack installations. We want to use Heat with multi region support to create in both regions:

Quantum Network
Quantum Subnet
- 10.1.0.0/24 in East
- 10.2.0.0/24 in West
Router
- Router Interface for created subnet
- Router Gateway for external network
VPN Service for created router
- IKE Policy
- IPsec Policy
- VPN Connection
Server connected to created subnet

Template file example in appendix (Multiregion.template).

Second Use Case Scenario (with dependencies)

TBD

Architecture

Overview

Description:

More than one region (for example two: East and West)
Separate OpenStack installation (Nova, Glance, Swift, Neutron and Cinder) in each region
One Keystone service for all regions
One Horizon with multi region support
One Heat for multi region orchestration - to be clear right now it does not exist

Context as Resource

Property	Description	Default Value
Tenant/Project
Region/Endpoint
User credentails

...
"Resources" : {
    ...
    "NetworkEast": {
        "Type": "OS::Quantum::Net",
        "RegionName" : { "Ref" : "RegionEast" },
        "Properties": {
            "name": "East Region Network"
        }
    },
    ...
}
...

Nested Stack

Property	Description	Default Value
Context
TemplateURL
Parameters

...
"Resources" : {
    ...
    "NewStackTemplate": {
        "Type": "AWS::CloudFormation::Stack",
        "Properties": {
            "TemplateURL": "https://raw.github.com/openstack/heat-templates/master/cfn/NestedStack.template",
            "Parameters": {
                "ParameterName1" : "Value1",
                "ParameterName2" : "Value2",
                "ParameterName3" : "Value3",
                ...
            }
        }
    },
    ...
}
...

Master Template

TBD

Stack Launch Flow

Challenges & Solutions

Challenge	First step	Future work
Dependencies between resources from different regions.

What needs to be done

Heat

Engine

Blueprint for VPaaS support

API/CLI

Probably we do not need to add any new command.

UI

Existing UI views:

Horizon support for multi regions

Dropbox will appear only if more than one region is available in keystone catalog.

Project Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Project Tab)
Admin Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Admin Tab)

Dependencies & References

BL: Implement a Heat UI for managing stacks (MERGED)
- Patch
BL: Support multiple endpoints for the same service (MERGED)
- Patch
BL: VPN as a Service providing IPsec VPN with Static routing (UNDER REVIEW)

Appendix

Templates

Multiregion.template

NTTI3

@@ Line 197: / Line 197: @@
 * Multiregion.template
 <pre><nowiki>
-{
-  "AWSTemplateFormatVersion" : "2010-09-09",
-  "Description" : "Creates VPN connection between to different regions and lanuches one server in each region",
-  "Parameters" : {
-    "KeyName" : {
-      "Description" : "Name of an existing EC2 KeyPair to enable SSH access to the instances",
-      "Type" : "String"
-    },
-    "InstanceType" : {
-      "Description" : "EC2 instance type",
-      "Type" : "String",
-      "Default" : "m1.small",
-      "AllowedValues" : [ "m1.tiny", "m1.small", "m1.medium", "m1.large", "m1.xlarge" ],
-      "ConstraintDescription" : "must be a valid EC2 instance type."
-    },
-    "LinuxDistribution": {
-      "Default": "U12",
-      "Description" : "Distribution of choice",
-      "Type": "String",
-      "AllowedValues" : [ "F17", "U12" ]
-    },
-    "RegionEast" : {
-      "Description" : "Name of the East region",
-      "Type" : "String",
-      "Default" : "RegionOne",
-      "ConstraintDescription" : "must be a existing OpenStack region"
-    },
-    "RegionWest" : {
-      "Description" : "Name of the West region",
-      "Type" : "String",
-      "Default" : "RegionTwo",
-      "ConstraintDescription" : "must be a existing OpenStack region"
-    },
-    "ExternalNetworkIdEast" : {
-      "Description" : "External network id on East",
-      "Type" : "String",
-      "ConstraintDescription" : "must be a id of existing external network on East"
-    },
-    "ExternalNetworkIdWest" : {
-      "Description" : "External network id on West",
-      "Type" : "String",
-      "ConstraintDescription" : "must be a id of existing external network on West"
-    },
-    "ExternalGatewayIPAddressEast" : {
-      "Description" : "External Gateway IP address on East",
-      "Type" : "String",
-      "ConstraintDescription" : "must be an IP address of external gateway on East"
-    },
-    "ExternalGatewayIPAddressWest" : {
-      "Description" : "External Gateway IP address on West",
-      "Type" : "String",
-      "ConstraintDescription" : "must be an IP address of external gateway on West"
-    }
-  },
-  "Mappings" : {
-    "OpenstackRegion2Image" : {
-      "RegionOne" : {
-	"F17" : "F17-x86_64-cfntools",
-	"U12" : "ubuntu-vm-heat-cfntools"
-      },
-      "RegionTwo" : {
-	"F17" : "F17-x86_64-cfntools",
-	"U12" : "ubuntu-vm-heat-cfntools"
-      }
-    }
-  },
-  "Resources" : {
-    "NetworkEast": {
-      "Type": "OS::Quantum::Net",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "name": "East Region Network"
-      }
-    },
-    "SubnetEast": {
-      "Type": "OS::Quantum::Subnet",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "network_id": { "Ref" : "NetworkEast" },
-        "ip_version": 4,
-        "cidr": "10.1.0.0/24",
-        "allocation_pools": [ {
-          "start": "10.1.0.10",
-          "end": "10.1.0.200"
-          }
-        ]
-      }
-    },
-    "RouterEast": {
-      "Type": "OS::Quantum::Router",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "name": "East Router"
-      }
-    },
-    "RouterInterfaceEast": {
-      "Type": "OS::Quantum::RouterInterface",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "router_id": { "Ref" : "RouterEast" },
-        "subnet_id": { "Ref" : "SubnetEast" }
-      }
-    },
-    "RouterGatewayEast": {
-      "Type": "OS::Quantum::RouterGateway",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "router_id": { "Ref" : "RouterEast" },
-        "network_id": { "Ref" : "ExternalNetworkIdEast" }
-      }
-    },
-    "NetworkWest": {
-      "Type": "OS::Quantum::Net",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "name": "West Region Network"
-      }
-    },
-    "SubnetWest": {
-      "Type": "OS::Quantum::Subnet",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "network_id": { "Ref" : "NetworkWest" },
-        "ip_version": 4,
-        "cidr": "10.2.0.0/24",
-        "allocation_pools": [ {
-          "start": "10.2.0.10",
-          "end": "10.2.0.200"
-          }
-        ]
-      }
-    },
-    "RouterWest": {
-      "Type": "OS::Quantum::Router",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "name": "West Router"
-      }
-    },
-    "RouterInterfaceWest": {
-      "Type": "OS::Quantum::RouterInterface",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "router_id": { "Ref" : "RouterWest" },
-        "subnet_id": { "Ref" : "SubnetWest" }
-      }
-    },
-    "RouterGatewayWest": {
-      "Type": "OS::Quantum::RouterGateway",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "router_id": { "Ref" : "RouterWest" },
-        "network_id": { "Ref" : "ExternalNetworkIdWest" }
-      }
-    },
-    "VPNServiceEast" : {
-      "Type" : "OS::Quantum::VPNService",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties" : {
-        "name" : "VPNServiceEast",
-        "description" : "My new VPN service on East",
-        "router_id" : { "Ref" : "RouterEast" },
-        "subnet_id" : { "Ref" : "SubnetEast" }
-      }
-    },
-   "IKEPolicyEast" : {
-      "Type" : "OS::Quantum::IKEPolicy",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties" : {
-        "name" : "IKEPolicyEast",
-        "description" : "My new IKE policy on East"
-      }
-    },
-    "IPsecPolicyEast" : {
-      "Type" : "OS::Quantum::IPsecPolicy",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties" : {
-        "name" : "IPsecPolicyEast",
-        "description" : "My new IPsec policy on East"
-      }
-    },
-    "VPNConnectionEast" : {
-      "Type" : "OS::Quantum::VPNConnection",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties" : {
-        "name" : "VPNConnectionEast",
-        "description" : "My new VPN connection on East",
-        "peer_address" : { "Ref" : "ExternalGatewayIPAddressEast" },
-        "peer_id" : { "Ref" : "ExternalGatewayIPAddressEast" },
-        "peer_cidrs" : [ "10.2.0.0/24" ],
-        "psk" : "secret",
-        "ikepolicy_id" : { "Ref" : "IKEPolicyEast" },
-        "ipsecpolicy_id" : { "Ref" : "IPsecPolicyEast" },
-        "vpnservice_id" : { "Ref" : "VPNServiceEast" }
-      }
-    },
-    "VPNServiceWest" : {
-      "Type" : "OS::Quantum::VPNService",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties" : {
-        "name" : "VPNServiceWest",
-        "description" : "My new VPN service on West",
-        "router_id" : { "Ref" : "RouterWest" },
-        "subnet_id" : { "Ref" : "SubnetWest" }
-      }
-    },
-   "IKEPolicyWest" : {
-      "Type" : "OS::Quantum::IKEPolicy",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties" : {
-        "name" : "IKEPolicyWest",
-        "description" : "My new IKE policy on West"
-      }
-    },
-    "IPsecPolicyWest" : {
-      "Type" : "OS::Quantum::IPsecPolicy",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties" : {
-        "name" : "IPsecPolicyWest",
-        "description" : "My new IPsec policy on West"
-      }
-    },
-    "VPNConnectionWest" : {
-      "Type" : "OS::Quantum::VPNConnection",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties" : {
-        "name" : "VPNConnectionWest",
-        "description" : "My new VPN connection on West",
-        "peer_address" : { "Ref" : "ExternalGatewayIPAddressWest" },
-        "peer_id" : { "Ref" : "ExternalGatewayIPAddressWest" },
-        "peer_cidrs" : [ "10.1.0.0/24" ],
-        "psk" : "secret",
-        "ikepolicy_id" : { "Ref" : "IKEPolicyWest" },
-        "ipsecpolicy_id" : { "Ref" : "IPsecPolicyWest" },
-        "vpnservice_id" : { "Ref" : "VPNServiceWest" }
-      }
-    },
-    "ServerEast" : {
-      "Type": "AWS::EC2::Instance",
-      "RegionName" : { "Ref" : "RegionEast" },
-      "Properties": {
-        "ImageId"      : { "Fn::FindInMap" : [ "OpenstackRegion2Image",
-                                               { "Ref" : "RegionEast" },
-                                               { "Ref" : "LinuxDistribution" } ] },
-        "InstanceType" : { "Ref" : "InstanceType" },
-        "KeyName"      : { "Ref" : "KeyName" },
-        "SubnetId"     : { "Ref" : "SubnetEast" }
-      }
-    },
-    "ServerWest" : {
-      "Type": "AWS::EC2::Instance",
-      "RegionName" : { "Ref" : "RegionWest" },
-      "Properties": {
-        "ImageId"      : { "Fn::FindInMap" : [ "OpenstackRegion2Image",
-                                               { "Ref" : "RegionWest" },
-                                               { "Ref" : "LinuxDistribution" } ] },
-        "InstanceType" : { "Ref" : "InstanceType" },
-        "KeyName"      : { "Ref" : "KeyName" },
-        "SubnetId"     : { "Ref" : "SubnetWest" }
-      }
-    }
-  },
-  "Outputs" : {
-    "ServerEastIP" : {
-      "Description" : "East Server IP address",
-      "Value" : { "Fn::GetAtt" : [ "ServerEast", "PublicIp" ] }
-    },
-    "ServerWestIP" : {
-      "Description" : "West Server IP address",
-      "Value" : { "Fn::GetAtt" : [ "ServerWest", "PublicIp" ] }
-    }
-  }
-}
 </nowiki></pre>
 [[File:Ntti3 logo.png|framed|center|NTTI3]]

Difference between revisions of "Heat/Blueprints/Multi Region Support for Heat"

Revision as of 10:40, 31 July 2013

Contents

Overview

Introduction

Requirements & Challenges

Goal

First Use Case Scenario (no dependencies)

Second Use Case Scenario (with dependencies)

Architecture

Overview

Context as Resource

Nested Stack

Master Template

Stack Launch Flow

Challenges & Solutions

What needs to be done

Heat

Engine

API/CLI

UI

Horizon support for multi regions

Dependencies & References

Appendix

Templates