Hello,

I would like to announce integration of 
Murano<https://wiki.openstack.org/wiki/Murano> Application catalog and 
Congress<https://wiki.openstack.org/wiki/Congress> policy service. We call it 
Policy guided fulfillment.

The idea (which is currently implemented) is to use Congress as authority 
controlling deployment of Murano applications. Openstack administrator defines 
policy rules detecting validation of his business policies. When end user is 
about to deploy Murano environment with applications, the Congress decides 
whether the environment is ok (i.e., Murano deploys the environment) or not 
(i.e., Murano cancels the deployment).
In future Congress policies will be used to react to various events generated 
by an application, Openstack, ... e.g., scaling, remediation, ... .

More implementation details

*         Murano environment (i.e., application/services + its properties + 
relationships) is mapped (decomposed) to Congress data model (i.e., simple 
rules, ...)

*         There is a predefined policy rule predeploy_error which has to be 
defined by an Administrator to detect the 'errors'

o   example - do not allow use instances with more than 2048MB in the 
environment

?  rule explanation - in an environment (eid), find Murano object (obj_id) with 
property 'flavor' and check if the flavor's RAM size is over given limit 
(2048MB), If so, then create error message.

?  Congress rules are written in datalog - check 
Congress<https://wiki.openstack.org/wiki/Congress> for the documentation

predeploy_errors(eid, obj_id, msg) :-
   murano:objects(obj_id, eid, type),
   murano:properties(obj_id, "flavor", flavor_name),
   flavor_ram(flavor_name, ram),
   gt(ram, 2048),
   murano:properties(obj_id, "name", obj_name),
   concat(obj_name, ": instance flavor has RAM size over 2048MB", msg)


*         Murano enforces the policy check on deploy action as follows

o   Murano uses Congress' simulation API for policy rule validations

?  In this case Congress temporary stores the decomposed Murano environment in 
order to evaluate the rules

o   Murano creates simulation sequence describing the environment decomposition

o   Murano calls the simulation API and process the result - base on that 
Murano either continue deployment, or deployment is failed.


You can find all necessary steps to make it running, example and developer 
documentation as part of Murano documentation  
http://murano.readthedocs.org/en/latest/articles/policy_enf_index.html .

You can also vote for our call for speaker summit presentations if you are 
interested :)

*         
https://www.openstack.org/vote-vancouver/Presentation/introducing-policy-guided-fulfillment-to-openstack-allowing-your-organization-to-set-business-policies-to-affect-application-deployment

*         
https://www.openstack.org/vote-vancouver/Presentation/governing-murano-application-deployment-with-congress-policy


  regards,

Radek
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Reply via email to