Difference between revisions of "PolicyGuidedFulfillmentDemo"
| Line 27: | Line 27: | ||
* '''OpenStack''' | * '''OpenStack''' | ||
** enabled services [[Murano]], [[Mistral]], and [[Congress]] | ** enabled services [[Murano]], [[Mistral]], and [[Congress]] | ||
| + | ** enabled policy enforcement in Murano documentation http://murano.readthedocs.org/en/latest/articles/policy_enf.html#introduction | ||
* '''VM images''' | * '''VM images''' | ||
** Ubuntu based image | ** Ubuntu based image | ||
| Line 59: | Line 60: | ||
'''Create packages and upload them into OpenStack:''' | '''Create packages and upload them into OpenStack:''' | ||
| − | + | . ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually | |
./package-manager.sh io.murano.apps.apache.Tomcat | ./package-manager.sh io.murano.apps.apache.Tomcat | ||
./package-manager.sh io.murano.apps.java.HelloWorld | ./package-manager.sh io.murano.apps.java.HelloWorld | ||
| Line 68: | Line 69: | ||
=== Policy Rules === | === Policy Rules === | ||
| + | |||
| + | Following policy rules defines predeploy enforcement of the demo. | ||
| + | |||
| + | '''Execute following commands to create the policies:''' | ||
| + | |||
| + | . ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually | ||
# allowed app main rules | # allowed app main rules | ||
Revision as of 14:11, 25 February 2015
Contents
Policy Guided Fulfillment Demo
This topic provides information on demo of Policy Guided Fulfillment .
Demo Scenario
- The cloud admin(s) sets 2 policy rules:
- Tenant A can only use MySQL as a DB vendor
- Tenant B can only use PostgreSQL as a DB vendor
- The admin wishes to model a Tomcat application that depends on a DB
- Tenant A admin models it with a MySQL DB
- Tenant B admin models it with a PostgreSQL DB
- Application developer want to add a workflow to the application deployment that will verify the Tomcat is up and running (by sending a GET request) and will send an email notifying whether the deployment has completed successfully or not.
- The admins deploy the application models to Murano. The package will also include the Mistral workflow (so we will not depend on it being pre-deployed to Mistral)
- End user of tenant A wishes to deploy the Tomcat application that relies on PostgreSQL
- Deployment fails since the policy rules restrict this DB for tenant A
- End user of tenant A asks Murano to deploy tomcat with MySQL DB
- Application is deployed
- At the end of deployment phase, the workflow is deployed to Mistral (programmatically, by this specific application deployment logic)
- The workflow is triggered by the application class
- A mail will be sent to the end user indicating whether Tomcat has been deployed and whether it is responsive
Demo Setup Guide
Prerequisities
- OpenStack
- enabled services Murano, Mistral, and Congress
- enabled policy enforcement in Murano documentation http://murano.readthedocs.org/en/latest/articles/policy_enf.html#introduction
- VM images
- Ubuntu based image
- Centos (RedHat) based image
- Images have to have installed Murano Agent
- if you are behind proxy, then images have to have configured proxy
- Networking
- Access to internet is required
- if you have proxy access to internet, you have to configured it in our lab, and VM images
- Access to internet is required
Application
Application is based on packages used in murano-apps, murano-app-incubator, and hello-world-servlet .
Application packages are available here: https://github.com/filip-blaha/policy-guided-fulfillment-demo :
- io.murano.apps.java.HelloWorld
- main application package.
- it install web application from https://github.com/filip-blaha/hello-world-servlet to Tomcat and configures database.
- has dependency on SqlDatabase, so one of MySql, PostgreSql can be choosen
- has dependency on Tomcat
- io.murano.apps.apache.Tomcat
- Installs Tomcat
- io.murano.databases.SqlDatabase
- Base package for databases. It defines base actions for database configuration.
- io.murano.databases.MySql
- MySql database package
- io.murano.databases.PostgreSql
- Postgres database package
Create packages and upload them into OpenStack:
. ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually ./package-manager.sh io.murano.apps.apache.Tomcat ./package-manager.sh io.murano.apps.java.HelloWorld ./package-manager.sh io.murano.databases.MySql ./package-manager.sh io.murano.databases.PostgreSql ./package-manager.sh io.murano.databases.SqlDatabase
Policy Rules
Following policy rules defines predeploy enforcement of the demo.
Execute following commands to create the policies:
. ~/devstack/openrc admin admin # if you are using devstack, otherwise you have to setup env manually
# allowed app main rules
openstack congress policy rule create murano_system 'predeploy_errors(eid,oid,msg) :- murano:objects(oid,eid,type), murano:properties(eid,"tenant_id",tid), murano:parent_types(oid,"io.murano.Application"), tenantName(tid,tname), not allowedApp(type, tname),concat("Unsupported application detected: ", type, tmsg1),concat(tmsg1, ", ", tmsg2),objName(oid, oname), concat(tmsg2, oname, msg)'
openstack congress policy rule create murano_system 'objName(oid,oname) :- murano:properties(oid, "name", oname)'
openstack congress policy rule create murano_system 'tenantName(tid, tname) :- keystone:tenants(en,desc,tname,tid)'
#demo tenant
openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.MySql", "demo")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "demo")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "demo")'
#qa tenant
openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.PostgreSql", "qa")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.HelloWorld", "qa")'
openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")'
