Difference between revisions of "PolicyGuidedFulfillmentDemo"

Revision as of 13:54, 25 February 2015

Policy Guided Fulfillment Demo

This topic provides information on demo of Policy Guided Fulfillment .

Demo Scenario

• The cloud admin(s) sets 2 policy rules:
  • Tenant A can only use MySQL as a DB vendor
  • Tenant B can only use PostgreSQL as a DB vendor
• The admin wishes to model a Tomcat application that depends on a DB
  • Tenant A admin models it with a MySQL DB
  • Tenant B admin models it with a PostgreSQL DB
• Application developer want to add a workflow to the application deployment that will verify the Tomcat is up and running (by sending a GET request) and will send an email notifying whether the deployment has completed successfully or not.
• The admins deploy the application models to Murano. The package will also include the Mistral workflow (so we will not depend on it being pre-deployed to Mistral)
• End user of tenant A wishes to deploy the Tomcat application that relies on PostgreSQL
  • Deployment fails since the policy rules restrict this DB for tenant A
• End user of tenant A asks Murano to deploy tomcat with MySQL DB
  • Application is deployed
  • At the end of deployment phase, the workflow is deployed to Mistral (programmatically, by this specific application deployment logic)
  • The workflow is triggered by the application class
  • A mail will be sent to the end user indicating whether Tomcat has been deployed and whether it is responsive

Demo Setup Guide

Prerequisities

• OpenStack
  • enabled services Murano, Mistral, and Congress
  • configured networking
• VM images
  • Ubuntu based image
  • Centos (RedHat) based image
  • Each image
    • installed Murano Agent
    • if you are behind proxy, then image has to have proxy support enabled
• Networking
  • Access to internet is required
    • if you have proxy access to internet, you have to configured it in our lab, and VM images

Demo Application

Application is based on packages used in murano-apps, murano-app-incubator, and hello-world-servlet .

Application packages are available here: https://github.com/filip-blaha/policy-guided-fulfillment-demo :

• io.murano.apps.java.HelloWorld
  • main application package.
  • it install web application from https://github.com/filip-blaha/hello-world-servlet to Tomcat and configures database.
  • has dependency on SqlDatabase, so one of MySql, PostgreSql can be choosen
  • has dependency on Tomcat
• io.murano.apps.apache.Tomcat
  • Installs Tomcat
• io.murano.databases.SqlDatabase
  • Base package for databases. It defines base actions for database configuration.
• io.murano.databases.MySql
  • MySql database package
• io.murano.databases.PostgreSql
  • Postgres database package

Demo Policy Rules

# allowed app main rules
openstack congress policy rule create murano_system 'predeploy_errors(eid,oid,msg) :- murano:objects(oid,eid,type), murano:properties(eid,"tenant_id",tid), murano:parent_types(oid,"io.murano.Application"), tenantName(tid,tname), not allowedApp(type, tname),concat("Unsupported application detected: ", type, tmsg1),concat(tmsg1, ", ", tmsg2),objName(oid, oname), concat(tmsg2, oname, msg)'

openstack congress policy rule create murano_system 'objName(oid,oname) :- murano:properties(oid, "name", oname)'

openstack congress policy rule create murano_system 'tenantName(tid, tname) :- keystone:tenants(en,desc,tname,tid)'

#demo tenant
openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.MySql", "demo")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "demo")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "demo")'

#qa tenant
openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.PostgreSql", "qa")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "qa")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")'