PolicyGuidedFulfillment
Revision as of 11:30, 4 November 2014 by Jan Alexander (talk | contribs)
Contents
Business Use Case
- Facilitating reusable policies across workloads:
- Enforcing Policies on Murano Environments Following Company Policies
- Facilitate distribution of Workload across hosts
- Facilitate specification of Monitoring and subsequent remediation (e.g. auto-Scaling)
- Deployment of specific workload in specific security zones
- Customer Examples:
- Desire to use same IT policies on “traditional” and for workload on OpenStack
- DevOps with “Ops” setup added at production without other changes
- Evolution towards Autonomous IT beyond just Auto-Scaling
Objectives
- Add ability to use policies to guide provisioning workloads and their subsequent management:
- Declaratively attached to models
- Separation of concern from development (e.g. can change across stages)
- Examples of Use Cases:
- Provisioning: Select how to best provision among options
- E.g. Placement (location, security zone, Staging zone) choices; Requirements on infrastructure
- Monitoring: Setup OpenStack or external systems to monitor the workload / Environment:
- Performance/Ops
- Security
- Usage
- Compliance
- Events/Incident handling: where to aggregate/Process/Notify
- Remediation: How to fix issues (e.g. Auto-scale – Who decides, What to do; Reaction in production to security threat or compliance issue)
- Provisioning: Select how to best provision among options
Next Steps
- Agreement to support the use cases
- Setup a Coordinated activity across Murano, Congress and Mistral
- Agreed division of roles between projects and technical direction + blueprints
Background - Possible Technical Approach
Proposed Approach
- Evolve Murano Models to support binding to policies
- Compatible with existing model approach
- Expand Congress to widen the set of use cases
- Evolve Murano/Mistral to fulfill (Provision then manage) the Environment guided by the policies:
- Policies can modify model
- Execution plans are precompiled and impacted by policies
- Execution plans are executed in mistral by orchestrating:
- OpenStack APIs
- HOT/Heat
- Ansible
- Python
- …
- Instances are tracked for subsequent manual or policy driven management