Difference between revisions of "Heat/Blueprints/Multi Region Support for Heat"
< Heat
(→Nested Stack) |
|||
| (29 intermediate revisions by the same user not shown) | |||
| Line 15: | Line 15: | ||
[[File:Multi Region Heat.png|800x525px|framed|center|Hybrid-cloud]] | [[File:Multi Region Heat.png|800x525px|framed|center|Hybrid-cloud]] | ||
| − | === Requirements | + | === Requirements === |
Requirements for Heat: | Requirements for Heat: | ||
| − | * | + | * mapping between Regions and API endpoints (multi-region keystone catalog) |
| − | * | + | * mapping between Regions and Images (Mapping section inside template) |
| − | * | + | * specifying region for resource |
| − | * | + | * support for VPN as resource |
| − | * | + | * support dependencies between resource in different regions |
| − | + | * horizon interface for Heat with multi regions | |
| − | |||
| − | |||
| − | |||
| − | |||
=== Goal === | === Goal === | ||
| Line 35: | Line 31: | ||
==== First Use Case Scenario (no dependencies) ==== | ==== First Use Case Scenario (no dependencies) ==== | ||
| − | We have two regions ( | + | We have two regions (RegionOne and RegionTwo) with separate OpenStack installations. We want to use Heat with multi region support to create in both regions: |
| − | * | + | * Neutron Network |
| − | * | + | * Neutron Subnet |
| − | ** 10.1.0.0/24 in | + | ** 10.1.0.0/24 in RegionOne |
| − | ** 10.2.0.0/24 in | + | ** 10.2.0.0/24 in RegionTwo |
* Router | * Router | ||
** Router Interface for created subnet | ** Router Interface for created subnet | ||
| Line 64: | Line 60: | ||
Description: | Description: | ||
| − | * | + | * more than one region (for example two: RegionOne and RegionTwo) |
| − | * | + | * separate OpenStack installation (Nova, Glance, Swift, Neutron and Cinder) in each region |
| − | * | + | * one Keystone service for all regions |
| − | * | + | * one Horizon with multi region support |
| + | * two Heat services (one in each region) which can create remote resources in other regions | ||
| + | |||
| + | === First solution === | ||
| + | |||
| + | Currently Heat launches the stack using context which includes: | ||
| + | * keystone endpoint | ||
| + | * tenant/project | ||
| + | * user credentials | ||
| − | |||
| − | + | We will add possibility to represent the context as a template resources. This will allow us to specify for other resources which context to | |
| − | + | provision within. This soultion is more generic than multi-region because because we will be able not only specify different region but also different user credentials or tenant. | |
| − | |||
| − | + | In the first version of the proposed solution we will only allow to specify different context for nested stacks. | |
| − | + | === Challenges & Problems === | |
{| class="wikitable" | {| class="wikitable" | ||
|- | |- | ||
| − | ! Challenge !! | + | ! Challenge !! Solution |
| + | |- | ||
| + | | How to represent credentials for different clouds? || ? | ||
| + | |- | ||
| + | | How to avoid single point of failure (HA)? || ? | ||
| + | |- | ||
| + | | What is the better way to pass template file for nested stack than url to file? || ? | ||
| + | |- | ||
| + | | What should happen if one of the region fails? || ? | ||
|- | |- | ||
| − | |||
|} | |} | ||
| Line 93: | Line 102: | ||
[[Heat/Blueprints/VPaaS_Support|Blueprint for VPaaS support]] | [[Heat/Blueprints/VPaaS_Support|Blueprint for VPaaS support]] | ||
| − | ==== | + | ==== Nested Stack ==== |
{| class="wikitable" | {| class="wikitable" | ||
| Line 99: | Line 108: | ||
! Property !! Description | ! Property !! Description | ||
|- | |- | ||
| − | | | + | | context || Context which will be used to create nested stack |
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | | | + | | -> tenant_name || Name of the keystone project. |
|- | |- | ||
| − | | | + | | -> region_name || Name of the region. |
|- | |- | ||
| − | | username || Username of the keystone account. | + | | -> username || Username of the keystone account. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
| − | + | | -> password || Password for provided username. | |
|- | |- | ||
| − | | | + | | -> auth_url || URL to the authentication service. |
|- | |- | ||
| − | | | + | | template || nested stack template file |
|- | |- | ||
| − | | | + | | timeout || Creation timeout in minutes |
|- | |- | ||
| − | | | + | | parameters || Values for nested stack parameters |
|- | |- | ||
|} | |} | ||
| Line 153: | Line 130: | ||
<pre><nowiki> | <pre><nowiki> | ||
... | ... | ||
| − | + | resources : | |
... | ... | ||
| − | + | NewStackTemplate: | |
| − | + | type: OS::Heat::Stack | |
| − | + | properties: | |
| − | + | template: { get_file: NestedStack.yaml } | |
| − | + | context: | |
| − | + | tenant_name : demo | |
| − | + | region_name: RegionOne | |
| − | + | username: { get_param: username } | |
| + | password: { get_param: password } | ||
| + | parameters: | ||
| + | parameter_name1: value_1 | ||
| + | parameter_name2: value_2 | ||
| + | parameter_name3: value_3 | ||
... | ... | ||
| − | |||
| − | |||
| − | |||
... | ... | ||
| − | |||
... | ... | ||
</nowiki></pre> | </nowiki></pre> | ||
| Line 182: | Line 160: | ||
** [https://wiki.openstack.org/wiki/File:Heat_ui_stack_detail_events_tab.png Events Tab] | ** [https://wiki.openstack.org/wiki/File:Heat_ui_stack_detail_events_tab.png Events Tab] | ||
* [https://wiki.openstack.org/wiki/File:Heat_ui_resource_detail.png Resource Details] | * [https://wiki.openstack.org/wiki/File:Heat_ui_resource_detail.png Resource Details] | ||
| + | |||
What about views for nested stack? | What about views for nested stack? | ||
| Line 205: | Line 184: | ||
** [https://review.openstack.org/#/c/29811/ API Patch] | ** [https://review.openstack.org/#/c/29811/ API Patch] | ||
** [https://wiki.openstack.org/wiki/Quantum/VPNaaS/HowToInstall Instruction] | ** [https://wiki.openstack.org/wiki/Quantum/VPNaaS/HowToInstall Instruction] | ||
| + | * Getting gateway IP address for created neutron router inside the template file [NOT SUPPORTED RIGHT NOT - MISSING FEATURE] | ||
== Appendix == | == Appendix == | ||
| + | |||
| + | [https://etherpad.openstack.org/p/icehouse-summit-heat-multi-region-cloud Etherpad from IceHouse design summit session] | ||
=== Templates === | === Templates === | ||
| + | [https://github.com/hanney/mr-heat-templates Github repository with templates] | ||
| + | * First_Use_Case.template | ||
| + | * Second_USe_Case.template | ||
| − | * | + | === POC version === |
| − | + | ||
| − | + | * [https://review.openstack.org/#/c/53313/ Patch with proof of concept version] | |
| + | * [http://www.youtube.com/watch?v=kXOVoRWixu8 Live demo] | ||
[[File:Ntti3 logo.png|framed|center|NTTI3]] | [[File:Ntti3 logo.png|framed|center|NTTI3]] | ||
Latest revision as of 10:29, 21 July 2014
--bartosz-gorski (talk) 23:51, 15 July 2013 (UTC)
Overview
Introduction
Most of enterprises are focusing on Multi-cloud (using both private and public clouds) as enterprise cloud strategy. They will not completely migrate to Service Provider's cloud (public cloud). They will still keep their mission critical information assets to their premise or collocation space (private cloud).
Our goal is to create Hybrid-cloud (combination of public and private cloud). Creating Hybrid-cloud requires:
- Seamless operation among heterogeneous environment
- End-to-end automatic provisioning based on system template (VM, network, topology)
- Unified control and monitoring
- Multi-Hypervisor including bare-metal
- Multi-Region control
- Secure network access via Internet (VPN connection)
Hybrid-cloud
Requirements
Requirements for Heat:
- mapping between Regions and API endpoints (multi-region keystone catalog)
- mapping between Regions and Images (Mapping section inside template)
- specifying region for resource
- support for VPN as resource
- support dependencies between resource in different regions
- horizon interface for Heat with multi regions
Goal
Multi region first use case
First Use Case Scenario (no dependencies)
We have two regions (RegionOne and RegionTwo) with separate OpenStack installations. We want to use Heat with multi region support to create in both regions:
- Neutron Network
- Neutron Subnet
- 10.1.0.0/24 in RegionOne
- 10.2.0.0/24 in RegionTwo
- Router
- Router Interface for created subnet
- Router Gateway for external network
- VPN Service for created router
- IKE Policy
- IPsec Policy
- VPN Connection
- Server connected to created subnet
Created servers should be able to see each other using local IP address.
First_Use_Case.template - template file for it in appendix.
Second Use Case Scenario (with dependencies)
Similar to the first use case but creation of the second server depends on the first one. We want to deploy web service (ex. wordpress) on two servers. One server with application (ex. apache and wordpress) and second server with database (ex. mysql server). Befor creating server with application we need to know the IP address of the server with database so we need to wait until it will be created.
Second_Use_Case.template - template file for it in appendix.
Architecture
Overview
Components Diagram
Description:
- more than one region (for example two: RegionOne and RegionTwo)
- separate OpenStack installation (Nova, Glance, Swift, Neutron and Cinder) in each region
- one Keystone service for all regions
- one Horizon with multi region support
- two Heat services (one in each region) which can create remote resources in other regions
First solution
Currently Heat launches the stack using context which includes:
- keystone endpoint
- tenant/project
- user credentials
We will add possibility to represent the context as a template resources. This will allow us to specify for other resources which context to
provision within. This soultion is more generic than multi-region because because we will be able not only specify different region but also different user credentials or tenant.
In the first version of the proposed solution we will only allow to specify different context for nested stacks.
Challenges & Problems
| Challenge | Solution |
|---|---|
| How to represent credentials for different clouds? | ? |
| How to avoid single point of failure (HA)? | ? |
| What is the better way to pass template file for nested stack than url to file? | ? |
| What should happen if one of the region fails? | ? |
What needs to be done
Heat
Engine
VPN support
Nested Stack
| Property | Description |
|---|---|
| context | Context which will be used to create nested stack |
| -> tenant_name | Name of the keystone project. |
| -> region_name | Name of the region. |
| -> username | Username of the keystone account. |
| -> password | Password for provided username. |
| -> auth_url | URL to the authentication service. |
| template | nested stack template file |
| timeout | Creation timeout in minutes |
| parameters | Values for nested stack parameters |
...
resources :
...
NewStackTemplate:
type: OS::Heat::Stack
properties:
template: { get_file: NestedStack.yaml }
context:
tenant_name : demo
region_name: RegionOne
username: { get_param: username }
password: { get_param: password }
parameters:
parameter_name1: value_1
parameter_name2: value_2
parameter_name3: value_3
...
...
...
UI
Existing UI views:
- Stack List for Tenant
- Launch new Stack
- Stack Details
- Resource Details
What about views for nested stack?
Horizon support for multi regions
Dropbox will appear only if more than one region is available in keystone catalog.
- Project Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Project Tab)
- Admin Tab
- Dropbox to choose one of the available regions (Horizon Multi Region Admin Tab)
Dependencies & References
- BL: Implement a Heat UI for managing stacks (MERGED)
- BL: Support multiple endpoints for the same service (MERGED)
- BL: VPN as a Service providing IPsec VPN with Static routing (UNDER REVIEW)
- Getting gateway IP address for created neutron router inside the template file [NOT SUPPORTED RIGHT NOT - MISSING FEATURE]
Appendix
Etherpad from IceHouse design summit session
Templates
Github repository with templates
- First_Use_Case.template
- Second_USe_Case.template
POC version
NTTI3
