Difference between revisions of "PolicyGuidedFulfillmentLibertyPlanning Remediation"
(Created page with "This topic is part of PolicyGuidedFulfillmentLibertyPlanning == Remediation == ** Example: execute[murano:muranoaction(env-id, obj-id, 'restart')] :- watchdog:not-re...") |
|||
| Line 2: | Line 2: | ||
== Remediation == | == Remediation == | ||
| + | |||
| + | Congress' action execution feature will trigger Mistral workflow implementing remediation for given situation/breach. Mistral workflow can use Murano components action, any O~S API, ... | ||
| + | |||
| + | Example of remediation can be recovery of failed node in a cluster. If failed cluster node is detected, then given workflow is executed, which connects to Murano, where action to create new cluster node is executed. | ||
| + | |||
| + | |||
| + | Requirements | ||
| + | * execution of Mistral workflow from Congress | ||
| + | ** Mistral Congress datasource driver with execute-api has to be provided. | ||
| + | *** Datasource driver can populate data from Mistral to Congress, but it is not required now. | ||
| + | |||
| + | * access from Mistral to Murano | ||
| + | ** invocation of actions of Murano applications in given environment under given identity | ||
| + | *** Murano client in Mistral has to be added (like other OpenStack clients are added) | ||
| + | *** identity management | ||
| + | **** now we can use user in admin role, but in future we need general solution for management of identity trusts for Murano, Mistral and Congress | ||
| + | |||
** Example: | ** Example: | ||
| + | |||
| + | *** Example of workflow execution | ||
| + | Following rule invokes Murano environment action ''restart'' on given environment and object when watch dog detects that given application is not responding. | ||
| + | |||
| + | execute[mistral:workflow("remediate-scalable-node-failure", env=env-id, obj=obj-id)] :- watchdog:not-responding(server-uuid), murano:properties(vmid,'server',server-uuid), murano:objects(vmid, parent, 'Instance'), murano:connected(env-id, vm-id), murano:objects(env-id, p2, 'io.murano.Environment') | ||
| + | |||
| + | |||
| + | workflow ''remediate-scalable-node-failure'' | ||
| + | version: '2.0' | ||
| + | remediate: | ||
| + | description: destroys given node in cluster (obj) in environment (env) and adds new cluster node | ||
| + | type: direct | ||
| + | input: | ||
| + | - env | ||
| + | - obj | ||
| + | output: | ||
| + | url: <% $.url %> | ||
| + | .... | ||
| + | |||
| + | |||
| + | *** Example of calling murano action directly | ||
execute[murano:muranoaction(env-id, obj-id, 'restart')] :- watchdog:not-responding(server-uuid), murano:properties(vmid,'server',server-uuid), murano:objects(vmid, parent, 'Instance'), murano:connected(env-id, vm-id), murano:objects(env-id, p2, 'Environment') | execute[murano:muranoaction(env-id, obj-id, 'restart')] :- watchdog:not-responding(server-uuid), murano:properties(vmid,'server',server-uuid), murano:objects(vmid, parent, 'Instance'), murano:connected(env-id, vm-id), murano:objects(env-id, p2, 'Environment') | ||
Revision as of 12:19, 13 May 2015
This topic is part of PolicyGuidedFulfillmentLibertyPlanning
Remediation
Congress' action execution feature will trigger Mistral workflow implementing remediation for given situation/breach. Mistral workflow can use Murano components action, any O~S API, ...
Example of remediation can be recovery of failed node in a cluster. If failed cluster node is detected, then given workflow is executed, which connects to Murano, where action to create new cluster node is executed.
Requirements
- execution of Mistral workflow from Congress
- Mistral Congress datasource driver with execute-api has to be provided.
- Datasource driver can populate data from Mistral to Congress, but it is not required now.
- Mistral Congress datasource driver with execute-api has to be provided.
- access from Mistral to Murano
- invocation of actions of Murano applications in given environment under given identity
- Murano client in Mistral has to be added (like other OpenStack clients are added)
- identity management
- now we can use user in admin role, but in future we need general solution for management of identity trusts for Murano, Mistral and Congress
- invocation of actions of Murano applications in given environment under given identity
- Example:
- Example of workflow execution
Following rule invokes Murano environment action restart on given environment and object when watch dog detects that given application is not responding.
execute[mistral:workflow("remediate-scalable-node-failure", env=env-id, obj=obj-id)] :- watchdog:not-responding(server-uuid), murano:properties(vmid,'server',server-uuid), murano:objects(vmid, parent, 'Instance'), murano:connected(env-id, vm-id), murano:objects(env-id, p2, 'io.murano.Environment')
workflow remediate-scalable-node-failure
version: '2.0'
remediate:
description: destroys given node in cluster (obj) in environment (env) and adds new cluster node
type: direct
input:
- env
- obj
output:
url: <% $.url %>
....
- Example of calling murano action directly
execute[murano:muranoaction(env-id, obj-id, 'restart')] :- watchdog:not-responding(server-uuid), murano:properties(vmid,'server',server-uuid), murano:objects(vmid, parent, 'Instance'), murano:connected(env-id, vm-id), murano:objects(env-id, p2, 'Environment')
