Jump to: navigation, search


Policy Guided Fulfillment - Liberty Planning

Policy Guided Fulfillment Main Page

Completed work in Kilo

  • Murano - Congress integration
    • Murano updated to check with Congress policy as part of provisioning steps
      • predeployment enforcement
    • New Murano data source in Congress
    • Contributed to adding reactive policy enforcement using action execution in Congress
  • Murano - Mistral Integration
    • Added the option to invoke a Mistral workflow as part of Murano application model

Check topic PolicyGuidedFulfillmentDemo for demo of features.

Planning topics for Liberty


  • Improving Murano API/core-model for better integration with Congress datasource
    • Goal is to improve Murano Congress Datasource
    • API: listing of environments from all tenants, more topo/type info in responses
    • Core topology model: provide more details on provisioned core components - e.g., server id and heat id in Instance,...
  • see PolicyGuidedFulfillmentLibertyPlanning_MuranoAPI

  • Workflow embracement
    • Currently it is possible to use Mistral workflow in Murano component action. The next step is to create component completely from the Mistral workflow, so any component action will be implemented by an action. During embracement (i.e., process of component creation from workflows) it should be possible to specify a) dependencies of the component on other components (e.g., Instance); b) mapping of workflow's input and output from/to component properties.
  • see PolicyGuidedFulfillmentLibertyPlanning_WorkflowEmbracement

  • Workflow based deployment
    • When all components in an environment will be built from workflows, it will be possible to create master workflow which orchestrate deployment of whole environment. Complete deployment execution on workflow engine will be scalable, reliable and robust.
    • To provide this, we need to have dual (supports both MuranoPL and Workflow components) or alternative implementation of core classes (e.g., Environment, Instance, Neutron network, ...).
  • see PolicyGuidedFulfillmentLibertyPlanning_WorkflowBasedDeployment

  • Policy based monitoring enabling (Ceilometer/Monasca) during provisioning and subsequent monitoring and enforcement
    • Goal is to be able to simply control application scalability via Congress policies using telemetry (e.g., Ceilometer, Monasca) data.
  • see PolicyGuidedFulfillmentLibertyPlanning_PolicyBasedMonitoring

  • Support any workflow engine in Murano //[avigail] seems that this already exist in Murano. we are currently verifying it.
    • [Radek] Avigail/Natasha will provide more info latter


  • Remediation via Mistral workflows
    • Congress' action execution feature will trigger Mistral workflow implementing remediation for given situation/breach. Mistral workflow can use Murano components action, any O~S API, ...
  • see PolicyGuidedFulfillmentLibertyPlanning_Remediation
  • Enable datasources to contribute policy statements
    • Remove the manual creation of murano_system policy for simulate calls
    • https://blueprints.launchpad.net/congress/+spec/datasource-rule-contributions
    • The datasource driver knows of some convenient helper tables that can be defined on top of its explicit tables and should therefore be able to insert them into its policy. The presence of these rules only serves to extend the tables provided by the datasource; it does not require the policy writer to use them or even know about them.

  • Improve the basic action execution based on usage
    • see above remediation story.
  • Accelerate the Datalog Horizon UI work started in Kilo
    • Try to make more user friendly
    • Able to define complex rules
    • Ability to defines rules without datalog syntax knowledge
  • Follow the delegation PoC work and updates at summit demo
    • Track the progress and understand the implementation
  • Add new Monasca data source driver
    • How Monasca monitoring works with Ceilometer monitoring
  • Evaluate/contribute to Heat data source driver
    • Use Heat id from Murano for associating to Nova/Nuetron for post deployment policies