Difference between revisions of "Satori/OpinionsProposal"

Latest revision as of 20:57, 4 March 2014

Specification for Blueprint https://blueprints.launchpad.net/satori/+spec/poc-resource-opinions

As Satori gathers information about a network location it accumulates a list of resources that are related. Some examples of related resources:

• DNS information for the netloc
• Nova host with an IP that the netloc resolves to
• SSL certificate of netloc
• Neutron LBaaS that the netloc resolves to (not yet implemented in Satori)

A user-provided Python module should be loaded at runtime that will allow the user to add "opinions" to the resources based on their attributes.

"Opinions" Purpose

Opinions are statements based on the current state of a discovered resource or resources. They are responsible for inspecting resource data and determining if the current state is okay or not.

Proposed Opinion Data Structure

 opinions = {
 	'opinion_group1': {
 		'opinion1': {
                        'id': 'SOMETHING0001',
			'title': 'My Title',
			'description': 'My description',
			'status': 'Warning'
		}
	}
 }
 

ID

A pylint-like rule number. The rule number should be a zero-filled four digit number that is prefixed by a rule name.

Title

The title should contain a title-cased string without trailing punctuation.

Description

The description should contain a string that contains context. For example, good context would be "Server was rebooted 4 minutes ago" not "Server was rebooted recently"

Status

One of the following values:

Ok
Warning
Error

Example Use Case

Bob expects to renew SSL certificates within 30 days of their expiration and does not want his operations teams to deploy instances with flavor ID 4 into production. His Satori discovery on `https://domain.com` reveals that the SSL certificate is not going to expire soon but the Nova flavor is a violation of his best practices.

His opinions module would alter Satori's resource data and the resulting mashup would look like the following:

 resources = {
	'ssl-certificate://domain.com': {
		'type': 'OS::Barbican::SSLCertificate',
		'domain': 'domain.com',
		'expires': datetime(2020, 1, 1),
		'opinions': {
			'certificate': {
				'expiration': {
                                        'id': 'CERT0001',
					'title': 'SSL Renewal Check',
					'description': 'domain.com expires in 2000 days',
					'status': 'Ok'
				}
			}
		}
	'https://nova.api.somecloud.com/v2/111222/servers/d9119040-f767-414',
		'type': 'OS::Nova::Server',
		'flavor': 4,
		'region': 'westcoast',
		'opinions': {
			'nova': {
				'flavor': {
                                        'id': 'COMPUTE0001',
					'title': 'Production Server Size',
					'description': 'Flavor ID 4 is too small for production use-cases'
					'status': 'Warning'
				}
			}
		}
	}
 }

Note: The type field contains Heat's resource types. Heat does not currently have Barbican resources.

Command line usage

$ satori https://domain.com --opinions myopinions.production

Proposed Implementation Plan

1. Write example built-in opinions.
   1. Create `satori/opinions/examples.py`
   2. Opinion 1 - Nova: Warn if the hostname of a discovered nova instance is not a FQDN.
   3. Opinion 2: - DNS: Warn if their are fewer than two authoritative nameservers.
2. In a separate repo, create a 3rd party opinions module template
3. Alter `satori/discovery.py run()` to load the built-in example opinions if the `--opinions satori.opinions` command is provided. This should also work for the 3rd party opinions module with `--opinions mypython.module.name`.
4. Call the provided module's opinions() function for every resource and append the data to the resource record.
5. Update the shell code to output the opinions data.