Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

On Wed, Mar 26, 2014 at 11:25 AM, Keith Bray keith.b...@rackspace.comwrote:



 On 3/25/14 11:55 AM, Ruslan Kamaldinov rkamaldi...@mirantis.com wrote:

 * Murano DSL will focus on:
   a. UI rendering


 One of the primary reasons I am opposed to using a different DSL/project
 to accomplish this is that the person authoring the HOT template is
 usually the system architect, and this is the same person who has the
 technical knowledge to know what technologies you can swap in/out and
 still have that system/component work, so they are also the person who
 can/should define the rules of what component building blocks can and
 can't work together.  There has been an overwhelmingly strong preference
 from the system architects/DevOps/ApplicationExperts I [1] have talked to
 for the ability to have control over those rules directly within the HOT
 file or immediately along-side the HOT file but feed the whole set of
 files to a single API endpoint.  I'm not advocating that this extra stuff
 be part of Heat Engine (I understand the desire to keep the orchestration
 engine clean)... But from a barrier to adoption point-of-view, the extra
 effort for the HOT author to learn another DSL and use yet another system
 (or even have to write multiple files) should not be underestimated.
 These people are not OpenStack developers, they are DevOps folks and
 Application Experts.  This is why the Htr[2] project was proposed and
 threads were started to add extra data to HOT template that Heat engine
 could essentially ignore, but would make defining UI rendering and
 component connectivity easy for the HOT author.


I think that this is a wrong way to go. First of all there is an issue with
separation of concerns as you will have one super-template which will
describe the whole world. UI part is only one of the use cases, but when
Murano will need some extra parameter will it go to HOT? When Solum will
need to define application build sequence to make an app binary from source
will this also go to HOT?

I think the reason for such talks was the fact that Heat engine accepts
only a single file as an input. Which is completely understandable as Heat
engine is designed to process a template which describes a set of resources
and their relations.

While we talk with our customers who want use Murano they are happy to have
multiple files keep each one small and simple. In Murano UI definition is a
separate file and application developer can have multiple UI file
definitions to quickly change look and feel without changing the deploymen
template part of application at all. Heat supports template nesting, this
is no obvious how the UI for this case will be rendered as this nesting
will be processed by Heat engine and final set of resources will be
produced by engine.

I don't see a big difference in learning between one huge DSL which covers
the all possible aspects and a set of small simpler DSLs focused on each
specific area. Having one big DSL is worse as the user can construct some
complex structures mixing the DSL functions from different are. It will be
a nightmare to create an engine which will validate and process such
template.



 I'm all for contributions to OpenStack, so I encourage the Murano team to
 continue doing its thing if they find it adds value to themselves or
 others. However, I'd like to see the Orchestration program support the
 surrounding things the users of the Heat engine want/need from their cloud
 system instead of having those needs met by separate projects seeking
 incubation. There are technical ways to keep the core engine clean while
 having the Orchestration Program API Service move up the stack in terms of
 cloud user experience.


I just think this is a conceptually wrong. The whole idea of OpenStack to
have a clean set of API\components focused on specific functionality. Cloud
users want to have VMs with attached volumes and networks but is does not
mean that it should be single service in OpenStack. This is a power of
OpenStack which shows that the proper separation of concern and having
multiple services is a right way which allow one to move forward fast
making the development process for each service very effective due to
narrow scope and functionality focus.

I am glad to hear that you want to have something higher up to stack that
the current available functionality. I think this support our observation
of a huge demand for such higher level functionality in OpenStack. At the
same time I am against the proposed way of doing that by extending the
Orchestration program mission moving it to upper levels. Having clean
layers responsible for particular area is a benefit and strong side of
OpenStack from its global architecture view point.



   b. HOT generation
   c. Setup other services (like put Mistral tasks to Mistral and bind
  them with events)
 
 Speaking about new DSL for Murano. We're speaking about Application
 Lifecycle
 Management. There are a lot of existing tools - 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Ruslan Kamaldinov]

On Thu, Mar 27, 2014 at 7:42 PM, Georgy Okrokvertskhov
gokrokvertsk...@mirantis.com wrote:
 Given that I don't see the huge overlap here with Murano functionality as
 even if Solum stated that as a part of solution Heat template will be
 generated it does not necessarily mean that Solum itself will do this. From
 what is listed on the Solum page, in Solum sense - ALM is a  way how the
 application build from source promoted between different CI\CD environments
 Dev, QA, Stage, Production. Solum can use other service to do this keeping
 its own focus on the target area. Specifically to the environments - Solum
 can use Murano environments which for Murano is just a logical unity of
 multiple applications. Solum can add CI\CD specific stuff on top of it
 keeping using Murano API for the environment management under the hood.
 Again, this is a typical OpenStack approach to have different services
 integrated to achieve the larger goal, keeping services itself very focused.


Folks,

I'd like to call for a cross-project work group to identify approaches for
application description and management in the OpenStack cloud. As this thread
shows there are several parties involved - Heat, Mistral, Murano, Solum (did I
miss anyone?), there is no clear vision among us where and how we should
describe things on top of Heat.

We could spend another couple of months in
debates, but I feel that focused group of dedicated people (i.e 2 from each
project) would progress much faster and will be much more productive.

What I'd suggest to expect from this joint group:
* Identify how different aspects of applications and their lifecycle can be
  described and how they can coexist in OpenStack
* Define a multi-layered structure to keep each layer with clear focus and set
  of responsibilities
* End goal of the work for this group will be a document with a clear vision of
  covering areas higher up to Heat stack and how OpenStack should address that.
  This vision is not clear now for TC and that is the reason they say that it is
  to big step which Murano did
* Agree on further direction
* Come to ATL summit, agree again and drink beer

Focused group would require additional communication channels:
* Calls (Google Hangouts for instance)
* Additional IRC meetings
* Group work on design documents


From Murano project I'd like to propose the following participants:
* Stan Lagun (sla...@mirantis.com)
* Ruslan Kamaldinov (rkamaldi...@mirantis.com)

Do colleagues from Heat, Solum and Mistral feel the same way and would like to
support this movement and delegate their participants to this working group?
Is this idea viable?


--
Ruslan

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Adrian Otto]

 On Mar 27, 2014, at 11:27 AM, Ruslan Kamaldinov rkamaldi...@mirantis.com 
 wrote:
 
 On Thu, Mar 27, 2014 at 7:42 PM, Georgy Okrokvertskhov
 gokrokvertsk...@mirantis.com wrote:
 Given that I don't see the huge overlap here with Murano functionality as
 even if Solum stated that as a part of solution Heat template will be
 generated it does not necessarily mean that Solum itself will do this. From
 what is listed on the Solum page, in Solum sense - ALM is a  way how the
 application build from source promoted between different CI\CD environments
 Dev, QA, Stage, Production. Solum can use other service to do this keeping
 its own focus on the target area. Specifically to the environments - Solum
 can use Murano environments which for Murano is just a logical unity of
 multiple applications. Solum can add CI\CD specific stuff on top of it
 keeping using Murano API for the environment management under the hood.
 Again, this is a typical OpenStack approach to have different services
 integrated to achieve the larger goal, keeping services itself very focused.
 
 
 Folks,
 
 I'd like to call for a cross-project work group to identify approaches for
 application description and management in the OpenStack cloud. As this thread
 shows there are several parties involved - Heat, Mistral, Murano, Solum (did I
 miss anyone?), there is no clear vision among us where and how we should
 describe things on top of Heat.
 
 We could spend another couple of months in
 debates, but I feel that focused group of dedicated people (i.e 2 from each
 project) would progress much faster and will be much more productive.
 
 What I'd suggest to expect from this joint group:
 * Identify how different aspects of applications and their lifecycle can be
  described and how they can coexist in OpenStack
 * Define a multi-layered structure to keep each layer with clear focus and set
  of responsibilities
 * End goal of the work for this group will be a document with a clear vision 
 of
  covering areas higher up to Heat stack and how OpenStack should address that.
  This vision is not clear now for TC and that is the reason they say that it 
 is
  to big step which Murano did
 * Agree on further direction
 * Come to ATL summit, agree again and drink beer
 
 Focused group would require additional communication channels:
 * Calls (Google Hangouts for instance)
 * Additional IRC meetings
 * Group work on design documents
 
 
 From Murano project I'd like to propose the following participants:
 * Stan Lagun (sla...@mirantis.com)
 * Ruslan Kamaldinov (rkamaldi...@mirantis.com)
 
 Do colleagues from Heat, Solum and Mistral feel the same way and would like to
 support this movement and delegate their participants to this working group?
 Is this idea viable?

I will participate on behalf of Solum: Adrian Otto adrian.o...@rackspace.com

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Adrian Otto]

Keith is my co-worker. I deeply respect his opinion, and agree with his 
perspective with respect to devops users. That's exactly the persona that 
OpenStack appeals to today. However, devops is not the only perspective to 
consider.

OpenStack has not yet crossed the barrier into attracting Application 
Developers en-masse. The Application Developer persona has a different 
perspective, and would prefer not to use a DSL at all when they are building 
applications based on common design patterns. One such example is the 
three-tier-web application. Solum intends to address these use patterns using 
sensible selectable defaults such that most application developers do not need 
to use a DSL at all to run apps on OpenStack. They instead use parameters to 
select well understood and well documented patterns. We will generate HOT files 
as outputs and feed them into Heat for orchestration.

For the smaller minority of application developers who do want a DSL to 
describe their app topology, we can offer them a choice:

1) Use the Heat DSL, and describe it in terms of infra resources.
2) Use an application-centric DSL that does not directly pertain to the 
resources in the Heat DSL.

In cases where #2 is used, #1 will probably also be used as a complimentary 
input. There are reasons for having other DSL options that allow modeling of 
things that are not infrastructure resources. We would be fools to think that 
HOT is the only home for all that. HOT is about orchestration, not universal 
entity modeling and management. Devops users will naturally select HOT, not any 
alternate DSL. With that said, Solum aims to use HOT to the fullest extent. We 
may also offer to add features to it. Some things still do not fit there.

Rather than debating the technical merits of a new DSL, and how it could be 
accomplished by tweaking existing projects, it would be wise for us to ask (and 
listen) carefully about WHY the alternate approach is desired. Some of it can 
certainly be addressed by HOT, and should. Some of it has no business in the 
orchestration system at all. Let's not quickly dismiss alternate approaches in 
cases where they do not overlap, or where the style and approach are 
essentially the same.

Example: We have numerous programming languages today. Each one exists for a 
reason. Understanding those reasons and selecting the right tool for the job is 
a key to success as a computer scientist.

I look forward to further discussions with the Heat team, and other StackForge 
projects to work to find more common ground and identify those areas where we 
should splinter off to innovate. Based on my in-person discussions with Georgy 
from Mirantis this week, I am convinced that they do intend to use Heat to the 
extent practical in Murano. I am continuing to keep an open mind about the 
desire to have other DSL systems that work on different planes and for 
different reasons than Heat.

Adrian

 On Mar 26, 2014, at 1:27 PM, Keith Bray keith.b...@rackspace.com wrote:
 
 On 3/25/14 11:55 AM, Ruslan Kamaldinov rkamaldi...@mirantis.com wrote:
 
 * Murano DSL will focus on:
 a. UI rendering
 
 One of the primary reasons I am opposed to using a different DSL/project
 to accomplish this is that the person authoring the HOT template is
 usually the system architect, and this is the same person who has the
 technical knowledge to know what technologies you can swap in/out and
 still have that system/component work, so they are also the person who
 can/should define the rules of what component building blocks can and
 can't work together.  There has been an overwhelmingly strong preference
 from the system architects/DevOps/ApplicationExperts I [1] have talked to
 for the ability to have control over those rules directly within the HOT
 file or immediately along-side the HOT file but feed the whole set of
 files to a single API endpoint.  I'm not advocating that this extra stuff
 be part of Heat Engine (I understand the desire to keep the orchestration
 engine clean)... But from a barrier to adoption point-of-view, the extra
 effort for the HOT author to learn another DSL and use yet another system
 (or even have to write multiple files) should not be underestimated.
 These people are not OpenStack developers, they are DevOps folks and
 Application Experts.  This is why the Htr[2] project was proposed and
 threads were started to add extra data to HOT template that Heat engine
 could essentially ignore, but would make defining UI rendering and
 component connectivity easy for the HOT author.
 
 I'm all for contributions to OpenStack, so I encourage the Murano team to
 continue doing its thing if they find it adds value to themselves or
 others. However, I'd like to see the Orchestration program support the
 surrounding things the users of the Heat engine want/need from their cloud
 system instead of having those needs met by separate projects seeking
 incubation. There are technical ways to keep the core engine clean 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Dmitry]

Hi Thomas,
Can you share some documentation of what you're doing right now with
TOSCA-compliant layer?
We would like to join to this effort.

Thanks,
Dmitry


On Wed, Mar 26, 2014 at 10:38 AM, Thomas Spatzier 
thomas.spatz...@de.ibm.com wrote:

 Excerpt from Zane Bitter's message on 26/03/2014 02:26:42:

  From: Zane Bitter zbit...@redhat.com
  To: openstack-dev@lists.openstack.org
  Date: 26/03/2014 02:27
  Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
 

 snip

   Cloud administrators are usually technical guys that are capable of
   learning HOT and writing YAML templates. They know exact configuration
   of their cloud (what services are available, what is the version of
   OpenStack cloud is running) and generally understands how OpenStack
   works. They also know about software they intent to install. If such
 guy
   wants to install Drupal he knows exactly that he needs HOT template
   describing Fedora VM with Apache + PHP + MySQL + Drupal itself. It is
   not a problem for him to write such HOT template.
 
  I'm aware that TOSCA has these types of constraints, and in fact I
  suggested to the TOSCA TC that maybe this is where we should draw the
  line between Heat and some TOSCA-compatible service: HOT should be a
  concrete description of exactly what you're going to get, whereas some
  other service (in this case Murano) would act as the constraints solver.
  e.g. something like an image name would not be hardcoded in a Murano
  template, you have some constraints about which operating system and
  what versions should be allowed, and it would pick one and pass it to
  Heat. So I am interested in this approach.

 I can just support Zane's statements above. We are working on exactly those
 issues in the TOSCA YAML definition, so it would be ideal to just
 collaborate on this. As Zane said, there currently is a thinking that some
 TOSCA-compliant layer could be a (maybe thin) layer above Heat that
 resolves a more abstract (thus more portable) template into something
 concrete, executable. We have started developing code (early versions are
 on stackforge already) to find out the details.

 
  The worst outcome here would be to end up with something that was
  equivalent to TOSCA but not easily translatable to the TOSCA Simple
  Profile YAML format (currently a Working Draft). Where 'easily
  translatable' preferably means 'by just changing some names'. I can't
  comment on whether this is the case as things stand.
 

 The TOSCA Simple Profile in YAML is a working draft at the moment, so we
 are pretty much open for any input. So let's see to get the right folks
 together and get it right. Since the Murano folks have indicated before
 that they are evaluating the option to join the OASIS TC, I am optimistic
 that we can get the streams together. Having implementation work going on
 here in this community in parallel to the standards work, and both streams
 inspiring each other, will be fun :-)


 Regards,
 Thomas


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Thomas Spatzier]

Hi Dimitry,

the current working draft for the simplified profile in YAML is available
at [1]. Note that this is still work in progress, but should already give a
good impression of where we want to go. And as I said, we are open for
input.

The stackforge project [2] that Sahdev from our team created is in its
final setup phase (gerrit review still has to be set up), as far as I
understood it. My information is that parser code for TOSCA YAML according
to the current working draft is going to get in by end of the week. This
code is currently maintained in Sahdev's own github repo [3]. Sahdev (IRC
spzala) would be the best contact for the moment when it comes to detail
questions on the code.

[1]
https://www.oasis-open.org/committees/document.php?document_id=52571wg_abbrev=tosca
[2] https://github.com/stackforge/heat-translator
[3] https://github.com/spzala/heat-translator

Regards,
Thomas

 From: Dmitry mey...@gmail.com
 To: OpenStack Development Mailing List (not for usage questions)
 openstack-dev@lists.openstack.org
 Date: 26/03/2014 11:17
 Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

 Hi Thomas,
 Can you share some documentation of what you're doing right now with
 TOSCA-compliant layer?
 We would like to join to this effort.

 Thanks,
 Dmitry


 On Wed, Mar 26, 2014 at 10:38 AM, Thomas Spatzier
thomas.spatz...@de.ibm.com
  wrote:
 Excerpt from Zane Bitter's message on 26/03/2014 02:26:42:

  From: Zane Bitter zbit...@redhat.com
  To: openstack-dev@lists.openstack.org
  Date: 26/03/2014 02:27
  Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
 

 snip

   Cloud administrators are usually technical guys that are capable of
   learning HOT and writing YAML templates. They know exact
configuration
   of their cloud (what services are available, what is the version of
   OpenStack cloud is running) and generally understands how OpenStack
   works. They also know about software they intent to install. If such
 guy
   wants to install Drupal he knows exactly that he needs HOT template
   describing Fedora VM with Apache + PHP + MySQL + Drupal itself. It is
   not a problem for him to write such HOT template.
 
  I'm aware that TOSCA has these types of constraints, and in fact I
  suggested to the TOSCA TC that maybe this is where we should draw the
  line between Heat and some TOSCA-compatible service: HOT should be a
  concrete description of exactly what you're going to get, whereas some
  other service (in this case Murano) would act as the constraints
solver.
  e.g. something like an image name would not be hardcoded in a Murano
  template, you have some constraints about which operating system and
  what versions should be allowed, and it would pick one and pass it to
  Heat. So I am interested in this approach.

 I can just support Zane's statements above. We are working on exactly
those
 issues in the TOSCA YAML definition, so it would be ideal to just
 collaborate on this. As Zane said, there currently is a thinking that
some
 TOSCA-compliant layer could be a (maybe thin) layer above Heat that
 resolves a more abstract (thus more portable) template into something
 concrete, executable. We have started developing code (early versions are
 on stackforge already) to find out the details.

 
  The worst outcome here would be to end up with something that was
  equivalent to TOSCA but not easily translatable to the TOSCA Simple
  Profile YAML format (currently a Working Draft). Where 'easily
  translatable' preferably means 'by just changing some names'. I can't
  comment on whether this is the case as things stand.
 

 The TOSCA Simple Profile in YAML is a working draft at the moment, so we
 are pretty much open for any input. So let's see to get the right folks
 together and get it right. Since the Murano folks have indicated before
 that they are evaluating the option to join the OASIS TC, I am optimistic
 that we can get the streams together. Having implementation work going on
 here in this community in parallel to the standards work, and both
streams
 inspiring each other, will be fun :-)


 Regards,
 Thomas


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Dmitry]

Thank you very much for the info!


On Wed, Mar 26, 2014 at 6:07 PM, Thomas Spatzier thomas.spatz...@de.ibm.com
 wrote:

 Hi Dimitry,

 the current working draft for the simplified profile in YAML is available
 at [1]. Note that this is still work in progress, but should already give a
 good impression of where we want to go. And as I said, we are open for
 input.

 The stackforge project [2] that Sahdev from our team created is in its
 final setup phase (gerrit review still has to be set up), as far as I
 understood it. My information is that parser code for TOSCA YAML according
 to the current working draft is going to get in by end of the week. This
 code is currently maintained in Sahdev's own github repo [3]. Sahdev (IRC
 spzala) would be the best contact for the moment when it comes to detail
 questions on the code.

 [1]

 https://www.oasis-open.org/committees/document.php?document_id=52571wg_abbrev=tosca
 [2] https://github.com/stackforge/heat-translator
 [3] https://github.com/spzala/heat-translator

 Regards,
 Thomas

  From: Dmitry mey...@gmail.com
  To: OpenStack Development Mailing List (not for usage questions)
  openstack-dev@lists.openstack.org
  Date: 26/03/2014 11:17
  Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
 
  Hi Thomas,
  Can you share some documentation of what you're doing right now with
  TOSCA-compliant layer?
  We would like to join to this effort.
 
  Thanks,
  Dmitry
 

  On Wed, Mar 26, 2014 at 10:38 AM, Thomas Spatzier
 thomas.spatz...@de.ibm.com
   wrote:
  Excerpt from Zane Bitter's message on 26/03/2014 02:26:42:
 
   From: Zane Bitter zbit...@redhat.com
   To: openstack-dev@lists.openstack.org
   Date: 26/03/2014 02:27
   Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
  
 
  snip
 
Cloud administrators are usually technical guys that are capable of
learning HOT and writing YAML templates. They know exact
 configuration
of their cloud (what services are available, what is the version of
OpenStack cloud is running) and generally understands how OpenStack
works. They also know about software they intent to install. If such
  guy
wants to install Drupal he knows exactly that he needs HOT template
describing Fedora VM with Apache + PHP + MySQL + Drupal itself. It is
not a problem for him to write such HOT template.
  
   I'm aware that TOSCA has these types of constraints, and in fact I
   suggested to the TOSCA TC that maybe this is where we should draw the
   line between Heat and some TOSCA-compatible service: HOT should be a
   concrete description of exactly what you're going to get, whereas some
   other service (in this case Murano) would act as the constraints
 solver.
   e.g. something like an image name would not be hardcoded in a Murano
   template, you have some constraints about which operating system and
   what versions should be allowed, and it would pick one and pass it to
   Heat. So I am interested in this approach.

  I can just support Zane's statements above. We are working on exactly
 those
  issues in the TOSCA YAML definition, so it would be ideal to just
  collaborate on this. As Zane said, there currently is a thinking that
 some
  TOSCA-compliant layer could be a (maybe thin) layer above Heat that
  resolves a more abstract (thus more portable) template into something
  concrete, executable. We have started developing code (early versions are
  on stackforge already) to find out the details.
 
  
   The worst outcome here would be to end up with something that was
   equivalent to TOSCA but not easily translatable to the TOSCA Simple
   Profile YAML format (currently a Working Draft). Where 'easily
   translatable' preferably means 'by just changing some names'. I can't
   comment on whether this is the case as things stand.
  

  The TOSCA Simple Profile in YAML is a working draft at the moment, so we
  are pretty much open for any input. So let's see to get the right folks
  together and get it right. Since the Murano folks have indicated before
  that they are evaluating the option to join the OASIS TC, I am optimistic
  that we can get the streams together. Having implementation work going on
  here in this community in parallel to the standards work, and both
 streams
  inspiring each other, will be fun :-)
 
 
  Regards,
  Thomas
 
 
  ___
  OpenStack-dev mailing list
  OpenStack-dev@lists.openstack.org
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
  ___
  OpenStack-dev mailing list
  OpenStack-dev@lists.openstack.org
  http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Keith Bray]

On 3/25/14 11:55 AM, Ruslan Kamaldinov rkamaldi...@mirantis.com wrote:

* Murano DSL will focus on:
  a. UI rendering


One of the primary reasons I am opposed to using a different DSL/project
to accomplish this is that the person authoring the HOT template is
usually the system architect, and this is the same person who has the
technical knowledge to know what technologies you can swap in/out and
still have that system/component work, so they are also the person who
can/should define the rules of what component building blocks can and
can't work together.  There has been an overwhelmingly strong preference
from the system architects/DevOps/ApplicationExperts I [1] have talked to
for the ability to have control over those rules directly within the HOT
file or immediately along-side the HOT file but feed the whole set of
files to a single API endpoint.  I'm not advocating that this extra stuff
be part of Heat Engine (I understand the desire to keep the orchestration
engine clean)... But from a barrier to adoption point-of-view, the extra
effort for the HOT author to learn another DSL and use yet another system
(or even have to write multiple files) should not be underestimated.
These people are not OpenStack developers, they are DevOps folks and
Application Experts.  This is why the Htr[2] project was proposed and
threads were started to add extra data to HOT template that Heat engine
could essentially ignore, but would make defining UI rendering and
component connectivity easy for the HOT author.

I'm all for contributions to OpenStack, so I encourage the Murano team to
continue doing its thing if they find it adds value to themselves or
others. However, I'd like to see the Orchestration program support the
surrounding things the users of the Heat engine want/need from their cloud
system instead of having those needs met by separate projects seeking
incubation. There are technical ways to keep the core engine clean while
having the Orchestration Program API Service move up the stack in terms of
cloud user experience.

  b. HOT generation
  c. Setup other services (like put Mistral tasks to Mistral and bind
 them with events)

Speaking about new DSL for Murano. We're speaking about Application
Lifecycle
Management. There are a lot of existing tools - Heat/HOT, Python, etc,
but none
of them was designed with ALM in mind as a goal.

Solum[3] is specifically designed for ALM and purpose built for
OpenStack... It has declared that it will generate HOT templates and setup
other services, including putting together or executing supplied workflow
definition (using Mistral if applicable).  Like Murano, Solum is also not
an OpenStack incubated project, but it has been designed with community
collaboration (based on shared pain across multiple contributors) with the
ALM goal in mind from the very beginning.

-Keith


[1] I regularly speak with DevOps, Application Specialists, and cloud
customers, specifically about Orchestration and Heat.. HOT is somewhat
simple enough for the most technical of them (DevOps  App Specialists) to
grasp and have interest in adopting, but their is strong push back from
the folks I talk to about having to learn one more thing... Since Heat
adopters are exactly the same people who have the knowledge to define the
overall system capabilities including component connectivity and how UI
should be rendered, I'd like to keep it simple for them. The more we can
do to have the Orchestration service look/feel like one thing (even if
it's Engine + Other things under the hood), or reuse other OpenStack core
components (e.g. Glance) the better for adoption.
[2] https://wiki.openstack.org/wiki/Heat/htr
[3] http://solum.io



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

Hi Thomas,

I think we went to the second loop of the discussion about generic language
concepts.  Murano does not use a new language for the sole purpose of
having parameters, constraints and polymorphism. These are generic concepts
which are common for different languages, so keeping arguing about these
generic concepts is just like a holy war  like Python vs. C. Keeping these
arguments is just like to say that we don't need Python as functions and
parameters already exists in C which is used under the hood in Python.

Yes Murano DSL have some generic concepts similar to HOT. I think this is a
benefit as user will see the familiar syntax constructions and it will be a
lower threshold for him to start using Murano DSL.

In a simplified view Murano uses DSL for application definition to solve
several particular problems:
a) control UI rendering of Application Catalog
b) control HOT template generation

These aspects are not covered in HOT and probably should not be covered. I
don't like an idea of expressing HOT template generation in HOT as it
sounds like a creation another Lisp like language :-)

I don't think that your statement that most of the people in the community
are against new DSL is a right summary. There are some disagreements how it
should look like and what are the goals. You will be probably surprised but
we are not the first who use DSL for HOT templates generation. Here is an
e-mail thread right about Ruby based DSL used in IBM for the same purpose:
http://lists.openstack.org/pipermail/openstack-dev/2014-February/026606.html

The term Orchestration is quite generic. Saying that orchestration should
be Heat job sounds like a well know Henry Ford's phrase You can have any
colour as long as it's black..
I think this is again a lack of understanding of the difference between
Orchestration program and Heat project. There are many aspects of
Orchestration and OpenStack has the Orchestration program for the projects
which are focused on some aspects of orchestration. Heat is one of the
project inside Orchestration program but it does not mean that Heat should
cover everything. That is why we discussed in this thread how workflows
aspects should be aligned and how they should be placed into this
Orchestration program.

Thanks
Georgy


On Mon, Mar 24, 2014 at 8:28 AM, Dmitry mey...@gmail.com wrote:

 MuranoPL supposed to provide a solution for the real needs to manage
 services in the centralized manner and to allow cloud provider customers to
 create their own services.
 The application catalog similar to AppDirect (www.appdirect.com) natively
 supported by OpenStack is a huge step forward.
 Think about Amazon which provides different services for the different
 needs: Amazon Cloud Formation, Amazon OpsWorks and Amazon Beanstalk.
 Following the similar logic (which is fully makes sense for me), OpenStack
 should provide resource reservation and orchestration (Heat and Climate),
 Application Catalog (Murano) and PaaS (Solum).
 Every project can live in harmony with other and contribute for the cloud
 service provider service completeness.
 This is my opinion and i would happy to use Murano in our internal
 solution.

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284


On Mon, Mar 24, 2014 at 5:13 AM, Thomas Herve thomas.he...@enovance.comwrote:

 Hi Stan,

 Comments inline.

  Zane,
 
  I appreciate your explanations on Heat/HOT. This really makes sense.
  I didn't mean to say that MuranoPL is better for Heat. Actually HOT is
 good
  for Heat's mission. I completely acknowledge it.
  I've tried to avoid comparison between languages and I'm sorry if it felt
  that way. This is not productive as I don't offer you to replace HOT with
  MuranoPL (although I believe that certain elements of MuranoPL syntax
 can be
  contributed to HOT and be valuable addition there). Also people tend to
  protect what they have developed and invested into and to be fair this is
  what we did in this thread to great extent.
 
  What I'm trying to achieve is that you and the rest of Heat team
 understand
  why it was designed the way it is. I don't feel that Murano can become
  full-fledged member of OpenStack ecosystem without a bless from Heat
 team.
  And it would be even better if we agree on certain design, join our
 efforts
  and contribute to each other for sake of Orchestration program.

 Note that I feel that most people outside of the Murano project are
 against the idea of using a DSL. You should feel that it could block the
 integration in OpenStack.

  I'm sorry for long mail texts written in not-so-good English and
 appreciate
  you patience reading and answering them.
 
  Having said that let me step backward and explain our design 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Thomas Herve]

 
 What I can say is that I'm not convinced. The only use-case for a DSL would
 be if you have to upload user-written code, but what you mentioned is a Web
 interface, where the user doesn't use the DSL, and the cloud provider is the
 developer. There is no reason in this case to have a secure environment for
 the code.
 
 I didn't say that. There are at least 2 different roles application
 developers/publishers and application users. Application developer is not
 necessary cloud provider. The whole point of AppCatalog is to support
 scenario when anyone can create and package some application and that
 package can be uploaded by user alone. Think Apple AppStore or Google Play.
 Some cloud providers may configure ACLs so that user be allowed to consume
 applications they decided while others may permit to upload applications to
 some configurable scope (e.g. apps that would be visible to all cloud users,
 to particular tenant or be private to the user). We also think to have some
 of peer relations so that it would be possible to have application upload in
 one catalog to become automatically available in all connected catalogs.
 
 This is similar to how Linux software repos work - AppCatalog is repo, Murano
 package is what DEB/RPMs are to repo and DSL is what DEB/RPMs manifests are
 to packages. Just that is run on cloud and designed to handle complex
 multi-node apps as well as trivial ones in which case this may be narrowed
 to actual installation of DEB/RPM

I'm glad that you bring packages up. This is a really good example of why you 
don't need a new programming language. Packages uses whatever technology they 
prefer to handle their scripting needs. They then have an declarative interface 
which hides the imperative parts behind.

You trust OpenStack developers with their code, you trust package developers 
with their code, why not trust catalog developers?

-- 
Thomas

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Thomas Herve]

 Hi Thomas,
 
 I think we went to the second loop of the discussion about generic language
 concepts. Murano does not use a new language for the sole purpose of having
 parameters, constraints and polymorphism. These are generic concepts which
 are common for different languages, so keeping arguing about these generic
 concepts is just like a holy war like Python vs. C. Keeping these arguments
 is just like to say that we don't need Python as functions and parameters
 already exists in C which is used under the hood in Python.
 
 Yes Murano DSL have some generic concepts similar to HOT. I think this is a
 benefit as user will see the familiar syntax constructions and it will be a
 lower threshold for him to start using Murano DSL.
 
 In a simplified view Murano uses DSL for application definition to solve
 several particular problems:
 a) control UI rendering of Application Catalog
 b) control HOT template generation
 
 These aspects are not covered in HOT and probably should not be covered. I
 don't like an idea of expressing HOT template generation in HOT as it sounds
 like a creation another Lisp like language :-)

I'm not saying that HOT will cover all your needs. I think it will cover a 
really good portion. And I'm saying that for the remaining part, you can use an 
existing language and not create a new one.

 I don't think that your statement that most of the people in the community
 are against new DSL is a right summary. There are some disagreements how it
 should look like and what are the goals. You will be probably surprised but
 we are not the first who use DSL for HOT templates generation. Here is an
 e-mail thread right about Ruby based DSL used in IBM for the same purpose:
 http://lists.openstack.org/pipermail/openstack-dev/2014-February/026606.html
 
 The term Orchestration is quite generic. Saying that orchestration should
 be Heat job sounds like a well know Henry Ford's phrase You can have any
 colour as long as it's black..

That worked okay for him :).

 I think this is again a lack of understanding of the difference between
 Orchestration program and Heat project. There are many aspects of
 Orchestration and OpenStack has the Orchestration program for the projects
 which are focused on some aspects of orchestration. Heat is one of the
 project inside Orchestration program but it does not mean that Heat should
 cover everything. That is why we discussed in this thread how workflows
 aspects should be aligned and how they should be placed into this
 Orchestration program.

Well, today Heat is the one and only program in the Orchestration program. If 
and when you have orchestration needs not covered, we are there to make sure 
Heat is not the best place to handle them. The answer will probably not Heat 
forever, but we need good use cases to delegate those needs to another project.


-- 
Thomas

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

On Tue, Mar 25, 2014 at 3:32 AM, Thomas Herve thomas.he...@enovance.comwrote:


  Hi Thomas,
 
  I think we went to the second loop of the discussion about generic
 language
  concepts. Murano does not use a new language for the sole purpose of
 having
  parameters, constraints and polymorphism. These are generic concepts
 which
  are common for different languages, so keeping arguing about these
 generic
  concepts is just like a holy war like Python vs. C. Keeping these
 arguments
  is just like to say that we don't need Python as functions and parameters
  already exists in C which is used under the hood in Python.
 
  Yes Murano DSL have some generic concepts similar to HOT. I think this
 is a
  benefit as user will see the familiar syntax constructions and it will
 be a
  lower threshold for him to start using Murano DSL.
 
  In a simplified view Murano uses DSL for application definition to solve
  several particular problems:
  a) control UI rendering of Application Catalog
  b) control HOT template generation
 
  These aspects are not covered in HOT and probably should not be covered.
 I
  don't like an idea of expressing HOT template generation in HOT as it
 sounds
  like a creation another Lisp like language :-)

 I'm not saying that HOT will cover all your needs. I think it will cover a
 really good portion. And I'm saying that for the remaining part, you can
 use an existing language and not create a new one.


As a user can't run arbitrary python code in openstack we used Python
language to create a new API for the remaining parts. This API service
accepts a yaml based description of what should be done. There is no
intention to create a new generic programming language. We used OpenStack
approach and created a service for specific functions around Application
Catalog features. Due to dynamic nature of applications we had to add a bit
of dynamics to the service input just because of the same reason why Heat
uses templates.



  I don't think that your statement that most of the people in the
 community
  are against new DSL is a right summary. There are some disagreements how
 it
  should look like and what are the goals. You will be probably surprised
 but
  we are not the first who use DSL for HOT templates generation. Here is an
  e-mail thread right about Ruby based DSL used in IBM for the same
 purpose:
 
 http://lists.openstack.org/pipermail/openstack-dev/2014-February/026606.html
 
  The term Orchestration is quite generic. Saying that orchestration
 should
  be Heat job sounds like a well know Henry Ford's phrase You can have any
  colour as long as it's black..

 That worked okay for him :).


Not really. The world acknowledged his inventions and new approaches. Other
manufacturers adopted his ideas and moved forward, providing more variety,
while Ford stuck with his model-T, which was very successful though. The
history shows that variety won the battle over single approach and now we
have different colors, shapes, engines :-)


  I think this is again a lack of understanding of the difference between
  Orchestration program and Heat project. There are many aspects of
  Orchestration and OpenStack has the Orchestration program for the
 projects
  which are focused on some aspects of orchestration. Heat is one of the
  project inside Orchestration program but it does not mean that Heat
 should
  cover everything. That is why we discussed in this thread how workflows
  aspects should be aligned and how they should be placed into this
  Orchestration program.

 Well, today Heat is the one and only program in the Orchestration program.
 If and when you have orchestration needs not covered, we are there to make
 sure Heat is not the best place to handle them. The answer will probably
 not Heat forever, but we need good use cases to delegate those needs to
 another project.


That is exactly the reason why we have these discussions :-) We have the
use cases for new functionality and we are trying to find a place for it.



 --
 Thomas

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

On Tue, Mar 25, 2014 at 2:27 PM, Thomas Herve thomas.he...@enovance.comwrote:


  What I can say is that I'm not convinced. The only use-case for a DSL
 would
  be if you have to upload user-written code, but what you mentioned is a
 Web
  interface, where the user doesn't use the DSL, and the cloud provider
 is the
  developer. There is no reason in this case to have a secure environment
 for
  the code.
 
  I didn't say that. There are at least 2 different roles application
  developers/publishers and application users. Application developer is not
  necessary cloud provider. The whole point of AppCatalog is to support
  scenario when anyone can create and package some application and that
  package can be uploaded by user alone. Think Apple AppStore or Google
 Play.
  Some cloud providers may configure ACLs so that user be allowed to
 consume
  applications they decided while others may permit to upload applications
 to
  some configurable scope (e.g. apps that would be visible to all cloud
 users,
  to particular tenant or be private to the user). We also think to have
 some
  of peer relations so that it would be possible to have application
 upload in
  one catalog to become automatically available in all connected catalogs.
 
  This is similar to how Linux software repos work - AppCatalog is repo,
 Murano
  package is what DEB/RPMs are to repo and DSL is what DEB/RPMs manifests
 are
  to packages. Just that is run on cloud and designed to handle complex
  multi-node apps as well as trivial ones in which case this may be
 narrowed
  to actual installation of DEB/RPM

 I'm glad that you bring packages up. This is a really good example of why
 you don't need a new programming language. Packages uses whatever
 technology they prefer to handle their scripting needs. They then have an
 declarative interface which hides the imperative parts behind.


The same is true for Murano. MuranoPL is not used to express what should be
deployed. In Murano there is object model that describes view of the word.
It serves for the same purpose as HOT in Heat but it is simpler because it
says just what need to be deployed but not how it should be accomplished as
this information is already contained in application definitions. There is
REST API to edit/submit Object Model which is again has nothing to do with
MuranoPL. UI dashboard talks to AppCatalog to see what applications/classes
are available and AppCatalog also knows what are the properties of those
classes. This is needed for UI so that it can ask user for appropriate
input. This is similar to how Horizon asks user to input parameters that
are declared in HOT template. But all the imperative stuff is hidden inside
Murano packages and is not used for anything outside Murano engine.
MuranoPL is not a replacement for scripting languages. You still use
bash/puppet/PowerShell/whatever you like for actual deployment. No MuranoPL
code is executed on VM side. So the analogy with RPMs manifests is valid.




 You trust OpenStack developers with their code, you trust package
 developers with their code, why not trust catalog developers?


They do trust catalog developers (hopefully). But catalog developers have
nothing to do with catalog contents. Anyone can create and upload
application to App Catalog the same way how anyone can upload his
application to Google Play. The fact that I trust Google doesn't mean that
I trust all applications in Google Play. The fact that I trust catalog
developers doesn't mean that I (as a cloud operator) is going to allow
execution of untrusted code in that catalog. Unless that code is sandboxed
by design. Similar to that I can navigate to any web site google points me
out and let it execute any JavaScript it wants unless it it JavaScript and
not browser plugin or desktop application.




 --
 Thomas

 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com
sla...@mirantis.com
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Ruslan Kamaldinov]

Murano folks,

I guess we should stop our debates with the Heat team about MuranoPL. What
we should do instead is to carefully read this thread couple of times and
collect and process all the feedback we've got. Steve and Zane did a very good
job helping us to find a way to align with Heat and Orhcestration program. Let
me outline the most important (imho) quotes:

# START quotes

Steven Dake:

 I see no issue with HOT remaining simple and tidy focused entirely on
 orchestration (taking a desired state and converting that into reality) with
 some other imperative language layered on top to handle workflow and ALM.  I
 believe this separation of concerns is best for OpenStack and should be the
 preferred development path.


Zane Bitter:

 I do think we should implement the hooks I mentioned at the start of this
 thread to allow tighter integration between Heat and a workflow engine
 (i.e. Mistral).

 So building a system on top of Heat is good. Building it on top of Mistral as
 well would also be good, and that was part of the feedback from the TC.

 To me, building on top means building on top of the languages (which users
 will have to invest a lot of work in learning) as well, rather than having a
 completely different language and only using the underlying implementation(s).

 To me that implies that Murano should be a relatively thin wrapper that ties
 together HOT and Mistral's DSL.


Steve Dake:
---
 I don't think HOT can do these things and I don't think we want HOT to do
 these things.  I am ok with that, since I don't see the pushback on having
 two languages for two different things in OpenStack.  I got from gokrove on
 iRC today that the rationale for the pushback was the TC wanted Murano folks
 to explore how to integrate better with Heat and possibly the orchestration
 program.  I don't see HOT as a place where there is an opportunity for scope
 expansion.  I see instead Murano creating HOT blobs and feeding them to Heat.


Zane Bitter:

 Because there have to be some base types that you can use as building blocks.
 In the case of Heat, those base types are the set of things that you can
 create by talking to OpenStack APIs authenticated with the user's token.
 In the case of Mistral, I would expect it to be the set of actions that you
 can take by talking to OpenStack APIs authenticated with the user's token.
 And in the case of Murano, I would expect it to be the union of those two.


 Everything is a combination of existing resources, because the set of existing
 resources is the set of things which the operator provides as-a-Service. The
 set of things that the operator provides as a service plus the set of things
 that you can implement yourself on your own server (virtual or not) covers
 the entire universe of things. What you appear to be suggesting is that
 OpenStack must provide *Everything*-as-a-Service by allowing users to write
 their own services and have the operator execute them as-a-Service. This
 would be a breathtakingly ambitious undertaking, and I don't mean that in
 a good way.

 When the TC said Murano is slightly too far up the stack at this point to
 meet the measured progression of openstack as a whole requirement, IMO
 one of the major things they meant was that you're inventing your own
 workflow thing, leading to duplication of effort between this and Workflow
 as a Service. (And Mistral folks are in turn doing the same thing by not
 using the same workflow library, taskflow, as the rest of OpenStack.)
 Candidly, I'm surprised that this is not the #1 thing on your priority list
 because IMO it's the #1 thing that will delay getting the project incubated.

# END quotes

Also I should quote what Georgy Okrokvertkhov said:
 Having this aligned I see a Murano package as an archive with all necessary
 definitions and resources and Murano service will just properly pass them to
 related services like Heat and Mistral. I think then Murano DSL will be much
 more simple and probably will be closer to declarative format with some
 specific data operations.


Summary:

I would like to propose further path for Murano evolution where it evolves as
an OpenStack project, aligned with others and developed in agreement between
all the interested sides. Here is the plan:

* Step forward and implement hooks (for workflow customization) in Heat. We
  will register a blueprint, discuss it with the Heat team and implement it
* Use our cross-project session on ATL summit to set clear goals and
  expectations
* Build pilot in Murano which:
   a. Uses new HOT Software components to do VM side software deployments
   b. Uses Mistral DSL to describe workflow. It'll require more focused
  discussion with Mistral team
   c. Bundles all that into an application package using new Murano DSL
   d. Allows users to combine applications in a single environenment
* Continuously align with the Heat team
* Continuously re-evaluate current state of pilot 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Zane Bitter]

On 21/03/14 18:58, Stan Lagun wrote:

Zane,

I appreciate your explanations on Heat/HOT. This really makes sense.
I didn't mean to say that MuranoPL is better for Heat. Actually HOT is
good for Heat's mission. I completely acknowledge it.
I've tried to avoid comparison between languages and I'm sorry if it
felt that way. This is not productive as I don't offer you to replace


No problem, I didn't interpret it that way. I just wanted to use it as 
an opportunity to document a bit more information about Heat works that 
may be helpful to you.



HOT with MuranoPL (although I believe that certain elements of MuranoPL
syntax can be contributed to HOT and be valuable addition there). Also
people tend to protect what they have developed and invested into and to
be fair this is what we did in this thread to great extent.


Yes, we are all human and this is an unavoidable part of life :)


What I'm trying to achieve is that you and the rest of Heat team
understand why it was designed the way it is. I don't feel that Murano
can become full-fledged member of OpenStack ecosystem without a bless
from Heat team. And it would be even better if we agree on certain
design, join our efforts and contribute to each other for sake of
Orchestration program.


Thanks. To be clear, this is what I am looking for. At the beginning of 
this thread I proposed a very simple possible implementation, and I'm 
wanting folks to tell me what is missing from that model that would 
justify a more complicated approach.



I'm sorry for long mail texts written in not-so-good English and
appreciate you patience reading and answering them.

Having said that let me step backward and explain our design decisions.

Cloud administrators are usually technical guys that are capable of
learning HOT and writing YAML templates. They know exact configuration
of their cloud (what services are available, what is the version of
OpenStack cloud is running) and generally understands how OpenStack
works. They also know about software they intent to install. If such guy
wants to install Drupal he knows exactly that he needs HOT template
describing Fedora VM with Apache + PHP + MySQL + Drupal itself. It is
not a problem for him to write such HOT template.


I'm aware that TOSCA has these types of constraints, and in fact I 
suggested to the TOSCA TC that maybe this is where we should draw the 
line between Heat and some TOSCA-compatible service: HOT should be a 
concrete description of exactly what you're going to get, whereas some 
other service (in this case Murano) would act as the constraints solver. 
e.g. something like an image name would not be hardcoded in a Murano 
template, you have some constraints about which operating system and 
what versions should be allowed, and it would pick one and pass it to 
Heat. So I am interested in this approach.


The worst outcome here would be to end up with something that was 
equivalent to TOSCA but not easily translatable to the TOSCA Simple 
Profile YAML format (currently a Working Draft). Where 'easily 
translatable' preferably means 'by just changing some names'. I can't 
comment on whether this is the case as things stand.



Note that such template would be designed for very particular
configuration. There are hundreds of combinations that may be used to
install that Drupal - use RHEL/Windows/etc instead of Fedora, use
ngnix/IIS/etc instead of Apache, use FastCGI instead of mod_php,
PostgreSQL instead of MySQL. You may choose to have all software on
single VM or have one VM for database and another for Drupal. There are
also constraints to those combinations. For example you cannot have
Fedora + IIS on the same VM. You cannot have Apache and Drupal on
different VMs.

So the HOT template represent fixed combination of those software
components. HOT may have input parameters like username or
dbImageName but the overall structure of template is fixed. You cannot
have template that choses whether to use Windows or Linux based on
parameter value.


As Thomas mentioned, CloudFormation now has conditionals. If we were to 
add this feature in HOT (which seems likely), you would actually be able 
to do that.


http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/conditions-section-structure.html


You cannot write HOT that accepts number of instances
it allowed to create and then decide what would be installed on each of
them. This is just not needed for Heat users.


The path we've gone down in Heat is to introduce software component 
resources so that the definition of the software component to install is 
separated from the definition of the server it runs on, and may even be 
in a separate template file.


So you can write a template that launches a single server with (e.g.) 
both Wordpress and MySQL installed, or you can have a separate template 
(though with the conditional stuff above it could theoretically be the 
same template even) that launches two servers with Wordpress on one and 
MySQL on the 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Thomas Herve]

Hi Stan,

Comments inline.

 Zane,
 
 I appreciate your explanations on Heat/HOT. This really makes sense.
 I didn't mean to say that MuranoPL is better for Heat. Actually HOT is good
 for Heat's mission. I completely acknowledge it.
 I've tried to avoid comparison between languages and I'm sorry if it felt
 that way. This is not productive as I don't offer you to replace HOT with
 MuranoPL (although I believe that certain elements of MuranoPL syntax can be
 contributed to HOT and be valuable addition there). Also people tend to
 protect what they have developed and invested into and to be fair this is
 what we did in this thread to great extent.
 
 What I'm trying to achieve is that you and the rest of Heat team understand
 why it was designed the way it is. I don't feel that Murano can become
 full-fledged member of OpenStack ecosystem without a bless from Heat team.
 And it would be even better if we agree on certain design, join our efforts
 and contribute to each other for sake of Orchestration program.

Note that I feel that most people outside of the Murano project are against the 
idea of using a DSL. You should feel that it could block the integration in 
OpenStack.

 I'm sorry for long mail texts written in not-so-good English and appreciate
 you patience reading and answering them.
 
 Having said that let me step backward and explain our design decisions.
 
 Cloud administrators are usually technical guys that are capable of learning
 HOT and writing YAML templates. They know exact configuration of their cloud
 (what services are available, what is the version of OpenStack cloud is
 running) and generally understands how OpenStack works. They also know about
 software they intent to install. If such guy wants to install Drupal he
 knows exactly that he needs HOT template describing Fedora VM with Apache +
 PHP + MySQL + Drupal itself. It is not a problem for him to write such HOT
 template.
 
 Note that such template would be designed for very particular configuration.
 There are hundreds of combinations that may be used to install that Drupal -
 use RHEL/Windows/etc instead of Fedora, use ngnix/IIS/etc instead of Apache,
 use FastCGI instead of mod_php, PostgreSQL instead of MySQL. You may choose
 to have all software on single VM or have one VM for database and another
 for Drupal. There are also constraints to those combinations. For example
 you cannot have Fedora + IIS on the same VM. You cannot have Apache and
 Drupal on different VMs.
 
 So the HOT template represent fixed combination of those software components.
 HOT may have input parameters like username or dbImageName but the
 overall structure of template is fixed. You cannot have template that choses
 whether to use Windows or Linux based on parameter value. You cannot write
 HOT that accepts number of instances it allowed to create and then decide
 what would be installed on each of them. This is just not needed for Heat
 users.
 
 With Murano the picture looks the opposite. Typical Murano user is a guy who
 bought account from cloud hosting vendor (cloud operator) and want to run
 some software in the cloud. He may not even be aware that it is OpenStack.
 He knows nothing about programming in general and Heat in particular. He
 doesn't want to write YAMLs. He may not know how exactly Drupal is installed
 and what components it consists of.

So that's where I want to make a first stop. If your primary user is not a 
developer, there is no reason to introduce a DSL for security reasons. The 
provider can trust the code he writes, and there is no need to create a 
dedicated language.

 So what he does is he goes to his cloud (Murano) dashboard, browses through
 application catalog, finds Drupal and drags it onto his environment board
 (think like Visio-style designer). He can stop at this point, click deploy
 button and the system will deploy Drupal. In another words the system (or
 maybe better to say cloud operator or application developer) decides what
 set of components is going to be installed (like 1 Fedora VM for MySQL and 1
 CentOS VM for Apache-PHP-Drupal). But user may decide he wants to customize
 his environment. He digs down and sees that Drupal requires database
 instance and the default is MySQL. He clicks on a button to see what are
 other options available for that role.
 
 In Heat HOT developer is the user. But in Murano those are completely
 different roles. There are developers that write application definitions
 (that is DSL code) and there are end users who compose environments from
 those applications (components). Application developers may have nothing to
 do with particular cloud their application deployed on. As for Drupal
 application the developer knows that Drupal can be run with MySQL or
 PostgreSQL. But there may be many compatible implementations of those DBMSes
 - Galera MySQL, TroveMySQL, MMM MySQL etc. So to get a list of what
 components can be placed in a database role Murano needs to look at 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Alexander Tivelkov]

Hi,

 
 So that's where I want to make a first stop. If your primary user is not a
 developer, there is no reason to introduce a DSL for security reasons. The
 provider can trust the code he writes, and there is no need to create a
 dedicated language.


I thinks this need to be clarified.
The provider does not write code: the provider just hosts the cloud, acting
as a moderator.
The code is written by another category of end-users, called Application
Publishers. This category is untrusted - that's the nature of Application
Catalog: anybody can upload everything.

The publishers (who write DSL) should not be confused with users (who
define object models using it). These are different roles.





--
Regards,
Alexander Tivelkov
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

On Mon, Mar 24, 2014 at 4:13 PM, Thomas Herve thomas.he...@enovance.comwrote:

What I can say is that I'm not convinced. The only use-case for a DSL would
 be if you have to upload user-written code, but what you mentioned is a Web
 interface, where the user doesn't use the DSL, and the cloud provider is
 the developer. There is no reason in this case to have a secure environment
 for the code.


I didn't say that. There are at least 2 different roles application
developers/publishers and application users. Application developer is not
necessary cloud provider. The whole point of AppCatalog is to support
scenario when anyone can create and package some application and that
package can be uploaded by user alone. Think Apple AppStore or Google Play.
Some cloud providers may configure ACLs so that user be allowed to consume
applications they decided while others may permit to upload applications to
some configurable scope (e.g. apps that would be visible to all cloud
users, to particular tenant or be private to the user). We also think to
have some of peer relations so that it would be possible to have
application upload in one catalog to become automatically available in all
connected catalogs.

This is similar to how Linux software repos work - AppCatalog is repo,
Murano package is what DEB/RPMs are to repo and DSL is what DEB/RPMs
manifests are to packages. Just that is run on cloud and designed to handle
complex multi-node apps as well as trivial ones in which case this may be
narrowed to actual installation of DEB/RPM



-- 
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com
sla...@mirantis.com
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Zane Bitter]

I completely agree with Georgy, but you raised some questions about Heat 
that I want to answer in the interests of spreading knowledge about how 
Heat works. A heavily-snipped response follows...


On 21/03/14 05:11, Stan Lagun wrote:

3. Despite HOT being more secure on the surface it is not necessary so
in reality. There is a Python class behind each entry in resources
section of HOT template. That Python code is run with root privileges
and not guaranteed to be safe. People make mistakes, forget to validate
parameters, make incorrect assumptions etc. Even if the code is proven
to be secure every single commit can introduce security breach. And no
testing system can detect this.


Quite right, I should acknowledge that it would be crazy to assume that 
HOT is secure just because it is not a programming language, and I do 
not make that assumption. (Indeed, YAML itself has been the subject of 
many security problems, though afaik not in the safe mode that we use in 
Heat.) Thanks for pointing out that I was not clear.



The operator can install whatever plugins they want.

They do but that is a bad solution. The reason is that plugins can
introduce additional resource types but they cannot modify existing
code. Most of the time cloud operators need to customize existing
resources' logic for their needs rather then rewriting it from scratch.
And they want their changes to be opaque to end-users. Imagine that
cloud operator need thats to get permission from his proprietary quota
management system for each VM spawned. If he would create custom
MyInstance resource type end-users could bypass it by using standard
Instance resource rather than custom one. Patching existing Python code
is not good in that then operator need to maintain his private fork of
the Heat and have troubles with CD, upgrades to newer versions etc.


It's not as bad as you think. All of the things you mentioned were 
explicit design goals of the plugin system. If you install a plug-in 
resource with the same type as a built-in resource then it replaces the 
built-in one. And of course you can inherit from the existing plugin to 
customise it.


So in this example, the operator would create a plugin like this:

  from heat.engine.resources import server
  from my.package import do_my_proprietary_quota_thing

  class MyServer(server.Server):
  def handle_create(self):
  do_my_proprietary_quota_thing()
  return super(MyServer, self).handle_create()

  def resource_mapping():
  return {'OS::Nova::Server': MyServer}

and drop it in /usr/lib/heat. As you can see, this is a simple 
customisation (10 lines of code), completely opaque to end users 
(OS::Nova::Server is replaced), and highly unlikely to be broken by any 
changes in Heat (we consider the public APIs of 
heat.engine.resource.Resource as a contract with existing plugins that 
we can't break, at least without a lot of notice).


(I'm ignoring here that if this is needed for _every_ server, it makes 
no sense to do it in Heat, unless you don't expose the Nova API to users 
at all.)



Besides plugin system is not secure because plugins run with the
privileges of Heat engine and while I may trust Heat developers
(community) but not necessary trust 3rd party proprietary plugin.


I'm not sure who 'I' means in this context? As an end-user, you have no 
way of auditing what code your cloud provider is running in general.




What
if he wants that auto-scaling would be based on input from his
existing
Nagios infrastructure rather then Ceilometer?


This is supported already in autoscaling. Ceilometer just hits a URL
for an alarm, but you don't have to configure it this way. Anything
can hit the URL.

And this is a good example for our general approach - we provide a
way that works using built-in OpenStack services and a hook that
allows you to customise it with your own service, running on your
own machine (whether that be an actual machine or an OpenStack
Compute server). What we *don't* do is provide a way to upload your
own code that we then execute for you as some sort of secondary
Compute service.


1. Anything can hit the URL but it is auto-scaling resource that creates
Ceilometer alarms. And what should I do to make it create Nagios alarms
for example?


That's incorrect, autoscaling doesn't create any alarms. You create an 
alarm explicitly using the Ceilometer API, or using an 
OS::Ceilometer::Alarm resource in Heat. Or not, if you want to use some 
other source for alarms. You connect them together by getting the 
alarm_url attribute from the autoscaling policy resource and passing it 
to the Ceilometer alarm, but you could also allow any alarm source you 
care to use to hit that URL.


  [Ceilometer]  [Heat]
  Metrics --- Alarm - - - - - Policy --- Scaling Group
 ^
  (webhook)

A second option is that you can 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

Zane,

I appreciate your explanations on Heat/HOT. This really makes sense.
I didn't mean to say that MuranoPL is better for Heat. Actually HOT is good
for Heat's mission. I completely acknowledge it.
I've tried to avoid comparison between languages and I'm sorry if it felt
that way. This is not productive as I don't offer you to replace HOT with
MuranoPL (although I believe that certain elements of MuranoPL syntax can
be contributed to HOT and be valuable addition there). Also people tend to
protect what they have developed and invested into and to be fair this is
what we did in this thread to great extent.

What I'm trying to achieve is that you and the rest of Heat team understand
why it was designed the way it is. I don't feel that Murano can become
full-fledged member of OpenStack ecosystem without a bless from Heat team.
And it would be even better if we agree on certain design, join our efforts
and contribute to each other for sake of Orchestration program.

I'm sorry for long mail texts written in not-so-good English and appreciate
you patience reading and answering them.

Having said that let me step backward and explain our design decisions.

Cloud administrators are usually technical guys that are capable of
learning HOT and writing YAML templates. They know exact configuration of
their cloud (what services are available, what is the version of OpenStack
cloud is running) and generally understands how OpenStack works. They also
know about software they intent to install. If such guy wants to install
Drupal he knows exactly that he needs HOT template describing Fedora VM
with Apache + PHP + MySQL + Drupal itself. It is not a problem for him to
write such HOT template.

Note that such template would be designed for very particular
configuration. There are hundreds of combinations that may be used to
install that Drupal - use RHEL/Windows/etc instead of Fedora, use
ngnix/IIS/etc instead of Apache, use FastCGI instead of mod_php, PostgreSQL
instead of MySQL. You may choose to have all software on single VM or have
one VM for database and another for Drupal. There are also constraints to
those combinations. For example you cannot have Fedora + IIS on the same
VM. You cannot have Apache and Drupal on different VMs.

So the HOT template represent fixed combination of those software
components. HOT may have input parameters like username or dbImageName
but the overall structure of template is fixed. You cannot have template
that choses whether to use Windows or Linux based on parameter value. You
cannot write HOT that accepts number of instances it allowed to create and
then decide what would be installed on each of them. This is just not
needed for Heat users.

With Murano the picture looks the opposite. Typical Murano user is a guy
who bought account from cloud hosting vendor (cloud operator) and want to
run some software in the cloud. He may not even be aware that it is
OpenStack. He knows nothing about programming in general and Heat in
particular. He doesn't want to write YAMLs. He may not know how exactly
Drupal is installed and what components it consists of.

So what he does is he goes to his cloud (Murano) dashboard, browses through
application catalog, finds Drupal and drags it onto his environment board
(think like Visio-style designer). He can stop at this point, click
deploy button and the system will deploy Drupal. In another words the
system (or maybe better to say cloud operator or application developer)
decides what set of components is going to be installed (like 1 Fedora VM
for MySQL and 1 CentOS VM for Apache-PHP-Drupal). But user may decide he
wants to customize his environment. He digs down and sees that Drupal
requires database instance and the default is MySQL. He clicks on a button
to see what are other options available for that role.

In Heat HOT developer is the user. But in Murano those are completely
different roles. There are developers that write application definitions
(that is DSL code) and there are end users who compose environments from
those applications (components). Application developers may have nothing to
do with particular cloud their application deployed on. As for Drupal
application the developer knows that Drupal can be run with MySQL or
PostgreSQL. But there may be many compatible implementations of those
DBMSes - Galera MySQL, TroveMySQL, MMM MySQL etc. So to get a list of what
components can be placed in a database role Murano needs to look at all
applications in Application Catalog and find which of them are compatible
with MySQL and PostgreSQL so that user could choose what implementation is
better suits his needs (trade performance for high-availability etc.).

User can go deeper and to decide that he wants that MySQL instance (this
can be 1 or more VMs depending on implementation) to be shared between
Drupal and another application in that environment (say WordPress). He can
go even deeper to VM level and decide that he wants to have WordPress,

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Zane Bitter]

On 19/03/14 17:13, Stan Lagun wrote:




On Wed, Mar 19, 2014 at 9:18 PM, Zane Bitter zbit...@redhat.com
mailto:zbit...@redhat.com wrote:

On 19/03/14 05:00, Stan Lagun wrote:

Steven,

Agree with your opinion on HOT expansion. I see that inclusion of
imperative workflows and ALM would require major Heat redesign and
probably would be impossible without loosing compatibility with
previous
HOT syntax. It would blur Heat mission, confuse current users
and rise a
lot of questions what should and what should not be in Heat.
Thats why
we chose to built a system on top of Heat rather then expending HOT.


+1, I agree (as we have discussed before) that it would be a mistake
to shoehorn workflow stuff into Heat. I do think we should implement
the hooks I mentioned at the start of this thread to allow tighter
integration between Heat and a workflow engine (i.e. Mistral).

So building a system on top of Heat is good. Building it on top of
Mistral as well would also be good, and that was part of the
feedback from the TC.

To me, building on top means building on top of the languages (which
users will have to invest a lot of work in learning) as well, rather
than having a completely different language and only using the
underlying implementation(s).


1. Murano application developers (publishers) are using Heat directly.
It is not the case that Murano executes some HOT templates under the
hood but HOT templates are essential part of application definition.
Developers still write HOT templates in HOT syntax

2. Please get me right here. It is not that we wanted to develop another
language just for fun or to stand out from community. It is not that we
wrote DSL and then started to think how we gonna use it and prove to
others that is needed. We completely understand all concerns regarding
new language. The only reason is that we had very concrete list of
problems and use cases that we wanted to address in Murano. We did
investigate on using HOT, Mistral, JavaScript, Lua and BPEL and we found
overwhelming obstacles with each of those approaches. It don't pretend
that having own DSL is good. Just that not having it is much worse. I'm
also not a HOT expert as you are and thus can be (partially) wrong about
HOT and not aware of some of its power features. If so as a technical
guys we would quickly come to consensus.



Now I would like to clarify why have we chosen imperative
approach with DSL.

You see a DSL as an alternative to HOT but it is not. DSL is
alternative
to Python-encoded resources in Heat (heat/engine/resources/*.py).
Imagine how Heat would look like if you let untrusted users to
upload
Python plugins to Heat engine and load them on the fly. Heat
resources
are written in Python which is imperative language. So that
MuranoPL for
the same reason.


We had this exact problem in Heat, and we decided to solve it
with... HOT:

http://lists.openstack.org/__pipermail/openstack-dev/2013-__April/007989.html
http://lists.openstack.org/pipermail/openstack-dev/2013-April/007989.html

If I may be so bold as to quote myself:

...no cloud operator in the world - not even your friendly local IT
department - is going to let users upload Python code to run
in-memory in their orchestration engine along with all of the other
users' code.

If only there were some sort of language for defining OpenStack
services that could be safely executed by users...

Of course that's exactly what we're all about on this project :).
So my proposal is to allow users to define their own resource types
using a Heat template.



Excellent quotes! I can sign under each of them. No one would ever allow
to upload Python code so we haven't used Python (and it is not the only
reason not to use it)


There's a fine line between a domain-specific programming language (as 
opposed to a domain-specific modelling language like HOT) and a 
general-purpose programming language. The reason no-one would run 
untrusted Python code is that Python is a programming language, not that 
it is general-purpose.



If only there were some sort of language for defining OpenStack
services that could be safely executed by users...  - we created such
language.


And we found we already had one, that we successfully re-used for the 
purpose :)



It is exactly what you wanted to have then and now when it
exists you say it is useless. How this ironic.


I'm not saying it's useless; I'm saying that it's *too* powerful for the 
job. It's clear that you guys have done amazing work and I don't want to 
criticise it, especially after having become aware of it only very late, 
but I also have serious reservations as to whether this is the right 
solution for OpenStack.



It may be conceitedly to
assume that 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

Hi Zane,

Thank you for the deep analysis. I agree that doing these deep technical
debates around languages hides the real problem we should focus on. Thank
you for bringing back to the light.

You are right, TC highlighted that Murano did a huge step forward up to
stack probably passing some important areas which should be covered in
OpenStack before that. Workflows area is one of them. I think we need bring
Mistral team here to find out how to align this workflows stuff with all
three project Heat, Murano and Mistral.  As Heat also wants to have a hooks
mechanism to work with external workflow system and Murano uses Heat and
workflows I think it will a lot of sense to design this properly together.
It makes sense to bring TOSCA guys too as they have similar concepts in
standard and Heat eventually will support TOSCA format. Having this aligned
I see a Murano package as an archive with all necessary definitions and
resources and Murano service will just properly pass them to related
services like Heat and Mistral. I think then Murano DSL will be much more
simple and probably will be closer to declarative format with some specific
data operations.

What will be the best way to do this? I know that Heat team is pretty busy
now with Icehouse release which will happen pretty soon.

I would like to have some draft before summit in Atlanta. We can polish
them on the summit sessions but before some home work it will be hard.

Thanks
Georgy


On Thu, Mar 20, 2014 at 5:28 PM, Zane Bitter zbit...@redhat.com wrote:

 On 19/03/14 17:13, Stan Lagun wrote:




 On Wed, Mar 19, 2014 at 9:18 PM, Zane Bitter zbit...@redhat.com
 mailto:zbit...@redhat.com wrote:

 On 19/03/14 05:00, Stan Lagun wrote:

 Steven,

 Agree with your opinion on HOT expansion. I see that inclusion of
 imperative workflows and ALM would require major Heat redesign and
 probably would be impossible without loosing compatibility with
 previous
 HOT syntax. It would blur Heat mission, confuse current users
 and rise a
 lot of questions what should and what should not be in Heat.
 Thats why
 we chose to built a system on top of Heat rather then expending
 HOT.


 +1, I agree (as we have discussed before) that it would be a mistake
 to shoehorn workflow stuff into Heat. I do think we should implement
 the hooks I mentioned at the start of this thread to allow tighter
 integration between Heat and a workflow engine (i.e. Mistral).

 So building a system on top of Heat is good. Building it on top of
 Mistral as well would also be good, and that was part of the
 feedback from the TC.

 To me, building on top means building on top of the languages (which
 users will have to invest a lot of work in learning) as well, rather
 than having a completely different language and only using the
 underlying implementation(s).


 1. Murano application developers (publishers) are using Heat directly.
 It is not the case that Murano executes some HOT templates under the
 hood but HOT templates are essential part of application definition.
 Developers still write HOT templates in HOT syntax

 2. Please get me right here. It is not that we wanted to develop another
 language just for fun or to stand out from community. It is not that we
 wrote DSL and then started to think how we gonna use it and prove to
 others that is needed. We completely understand all concerns regarding
 new language. The only reason is that we had very concrete list of
 problems and use cases that we wanted to address in Murano. We did
 investigate on using HOT, Mistral, JavaScript, Lua and BPEL and we found
 overwhelming obstacles with each of those approaches. It don't pretend
 that having own DSL is good. Just that not having it is much worse. I'm
 also not a HOT expert as you are and thus can be (partially) wrong about
 HOT and not aware of some of its power features. If so as a technical
 guys we would quickly come to consensus.



 Now I would like to clarify why have we chosen imperative
 approach with DSL.

 You see a DSL as an alternative to HOT but it is not. DSL is
 alternative
 to Python-encoded resources in Heat (heat/engine/resources/*.py).
 Imagine how Heat would look like if you let untrusted users to
 upload
 Python plugins to Heat engine and load them on the fly. Heat
 resources
 are written in Python which is imperative language. So that
 MuranoPL for
 the same reason.


 We had this exact problem in Heat, and we decided to solve it
 with... HOT:
 http://lists.openstack.org/__pipermail/openstack-dev/2013-_
 _April/007989.html

 http://lists.openstack.org/pipermail/openstack-dev/2013-
 April/007989.html

 If I may be so bold as to quote myself:

 ...no cloud operator in the world - not even your friendly local IT
 department - is 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

:

 Georgy,

 In consideration of the can you express it instead of the who will
 generate it, I see Heat's HOT evolving to support the expression of
 complex
 multi-tier architectures and applications (I would argue you can already
 do
 this today, perhaps with some additional features desired, e.g. Ability
 to
 define cloud workflows and workflow execution rules which could come
 when we
 have a workflow service like Mistral).  Therefore, I would encourage
 Murano
 contributors to consider whether they can help make Heat sufficiently
 cover
 desired use cases.  I have never viewed Heat templates as isolated
 components of a multi-tier architecture.  Instead, a single template or a
 combination of master/subordinate templates together (using references,
 nesting, or inclusion) could express the complete architecture, both
 infrastructure and applications.

 If I've read your previous comments and threads correctly, you desire a
 way
 to express System Lifecycle Management across multiple related
 applications
 or components, whereby you view the System as a grouping of independently
 developed and/or deployed (but systematically related) components,
 whereby
 you view Components as individual disconnected Heat templates that
 independently describe different application stacks of the System.  Did I
 get that correct?   If so, perhaps the discussion here is one of scope
 of
 what can or should be expressed in a Heat template. Is it correct to
 state
 that your argument is that a separate system (such as Murano) should be
 used
 to express System Lifecycle Management as I've defined it here?  If so,
 why
 could we not use the Heat DSL to also define the System?  The System
 definition could be logically separated out into its own text file...
 But,
 we'd have a common DSL syntax and semantics for both lower level and
 higher
 level component interaction (a building block effect of sorts).

 As for who will generate it, ( with it being the Heat multi-tier
 application/infrastructure definition) I think that question will go
 through
 a lot more evolution and could be any number of sources: e.g. Solum,
 Murano,
 Horizon, Template Author with a text editor, etc.

 Basically, I'm a +1 for as few DSLs as possible. I support the position
 that
 we should evolve HOT if needed vs. having two separate DSLs that are both
 related to expressing application and infrastructure semantics.

 Workflow is quite interesting ... Should we be able to express imperative
 workflow semantics in HOT?  Or, should we only be able to declare
 workflow
 configurations that get configured in a service like Mistral whereby
 Mistral's execution of a workflow may need to invoke Heat hooks or Stack
 Updates?  Or, some other solution?

 I look forward to a design discussion on all this at the summit... This
 is
 fun stuff to think about!

 -Keith

 From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com

 Reply-To: OpenStack Development Mailing List (not for usage questions)
 openstack-dev@lists.openstack.org
 Date: Tuesday, March 18, 2014 1:49 PM

 To: OpenStack Development Mailing List (not for usage questions)
 openstack-dev@lists.openstack.org
 Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

 I see this in the following way - who will generate HOT template for my
 complex multi-tier applications when I have only templates for
 components?


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

  ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com
sla...@mirantis.com
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Renat Akhmerov]

On 19 Mar 2014, at 16:00, Stan Lagun sla...@mirantis.com wrote:

 We want application authors to be able to express application deployment and 
 maintenance logic of any complexity. This may involve communication with 3rd 
 party REST services (APIs of applications being deployed, external services 
 like DNS server API, application licensing server API, billing systems, some 
 hardware component APIs etc) and internal OpenStack services like Trove, 
 Sahara, Marconi and others including those that are not incubated yet and 
 those to come in the future. You cannot have such things in HOT and when you 
 required to you need to develop custom resource in Python. Independence  on 
 custom plugins is not good for Murano because they cannot be uploaded by end 
 users and thus he cannot write application definition that can be imported 
 to/run on any cloud and need to convince cloud administrator to install his 
 Python plugin (something that is unimaginable in real life).

+1. Makes perfect sense to me.

 Because DSL is a way to write custom resources (in Heats terminology) it has 
 to be Turing-complete and have all the characteristics of general-purpose 
 language. It also has to have domain-specific features because we cannot 
 expect that DSL users would be as skilled as Heat developers and could write 
 such resources without knowledge on hosting engine architecture and internals.

+1

Renat Akhmerov
@ Mirantis Inc.



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Zane Bitter]

 is that a separate system (such as
Murano) should be used
to express System Lifecycle Management as I've defined it
here?  If so, why
could we not use the Heat DSL to also define the System?
  The System
definition could be logically separated out into its own
text file... But,
we'd have a common DSL syntax and semantics for both lower
level and higher
level component interaction (a building block effect of sorts).

As for who will generate it, ( with it being the Heat
multi-tier
application/infrastructure definition) I think that question
will go through
a lot more evolution and could be any number of sources:
e.g. Solum, Murano,
Horizon, Template Author with a text editor, etc.

Basically, I'm a +1 for as few DSLs as possible. I support
the position that
we should evolve HOT if needed vs. having two separate DSLs
that are both
related to expressing application and infrastructure semantics.

Workflow is quite interesting ... Should we be able to
express imperative
workflow semantics in HOT?  Or, should we only be able to
declare workflow
configurations that get configured in a service like Mistral
whereby
Mistral's execution of a workflow may need to invoke Heat
hooks or Stack
Updates?  Or, some other solution?

I look forward to a design discussion on all this at the
summit... This is
fun stuff to think about!

-Keith

From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com
mailto:gokrokvertsk...@mirantis.com

Reply-To: OpenStack Development Mailing List (not for usage
questions)
openstack-dev@lists.__openstack.org
mailto:openstack-dev@lists.openstack.org
Date: Tuesday, March 18, 2014 1:49 PM

To: OpenStack Development Mailing List (not for usage
questions)
openstack-dev@lists.__openstack.org
mailto:openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

I see this in the following way - who will generate HOT
template for my
complex multi-tier applications when I have only templates
for components?


_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org

http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



_
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.__org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/__cgi-bin/mailman/listinfo/__openstack-dev 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com http://www.mirantis.com/
sla...@mirantis.com mailto:sla...@mirantis.com


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Steven Dake]

 effect of
sorts).

As for who will generate it, ( with it being the Heat
multi-tier
application/infrastructure definition) I think that
question will go through
a lot more evolution and could be any number of sources:
e.g. Solum, Murano,
Horizon, Template Author with a text editor, etc.

Basically, I'm a +1 for as few DSLs as possible. I support
the position that
we should evolve HOT if needed vs. having two separate
DSLs that are both
related to expressing application and infrastructure
semantics.

Workflow is quite interesting ... Should we be able to
express imperative
workflow semantics in HOT?  Or, should we only be able to
declare workflow
configurations that get configured in a service like
Mistral whereby
Mistral's execution of a workflow may need to invoke Heat
hooks or Stack
Updates?  Or, some other solution?

I look forward to a design discussion on all this at the
summit... This is
fun stuff to think about!

-Keith

From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com
mailto:gokrokvertsk...@mirantis.com

Reply-To: OpenStack Development Mailing List (not for
usage questions)
openstack-dev@lists.openstack.org
mailto:openstack-dev@lists.openstack.org
Date: Tuesday, March 18, 2014 1:49 PM

To: OpenStack Development Mailing List (not for usage
questions)
openstack-dev@lists.openstack.org
mailto:openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL
questions?

I see this in the following way - who will generate HOT
template for my
complex multi-tier applications when I have only templates
for components?


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
mailto:OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com http://www.mirantis.com/
sla...@mirantis.com mailto:sla...@mirantis.com


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Thomas Spatzier]

Excerpts from Zane Bitter's message on 19/03/2014 18:18:34:

 From: Zane Bitter zbit...@redhat.com
 To: openstack-dev@lists.openstack.org
 Date: 19/03/2014 18:21
 Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

 On 19/03/14 05:00, Stan Lagun wrote:
  Steven,
 
  Agree with your opinion on HOT expansion. I see that inclusion of
  imperative workflows and ALM would require major Heat redesign and
  probably would be impossible without loosing compatibility with
previous
  HOT syntax. It would blur Heat mission, confuse current users and rise
a
  lot of questions what should and what should not be in Heat. Thats why
  we chose to built a system on top of Heat rather then expending HOT.

 +1, I agree (as we have discussed before) that it would be a mistake to
 shoehorn workflow stuff into Heat. I do think we should implement the
 hooks I mentioned at the start of this thread to allow tighter
 integration between Heat and a workflow engine (i.e. Mistral).

+1 on not putting workflow stuff into Heat. Rather let's come up with a
nice way of Heat and a workflow service to work together.
That could be done in two ways: (1) let Heat hand off to a workflow service
for certains tasks or (2) let people define workflow tasks that can easily
work on Heat deployed resources. Maybe both make sense, but right now I am
more leaning towards (2).


 So building a system on top of Heat is good. Building it on top of
 Mistral as well would also be good, and that was part of the feedback
 from the TC.

 To me, building on top means building on top of the languages (which
 users will have to invest a lot of work in learning) as well, rather
 than having a completely different language and only using the
 underlying implementation(s).

That all sounds logical to me and would keep things clean, i.e. keep the
HOT language clean by not mixing it with imperative expression, and keep
the Heat engine clean by not blowing it up to act as a workflow engine.

When I think about the two aspects that are being brought up in this thread
(declarative description of a desired state and workflows) my thinking is
that much (and actually as much as possible) can be done declaratively the
way Heat does it with HOT. Then for bigger lifecycle management there will
be a need for additional workflows on top, because at some point it will be
hard to express management logic declaratively in a topology model.
Those additional flows on-top will have to be aware of the instance created
from a declarative template (i.e. a Heat stack) because it needs to act on
the respective resources to do something in addition.

So when thinking about a domain specific workflow language, it should be
possible to define tasks (in a template aware manner) like on resource XYZ
of the template, do something, or update resource XYZ of the template
with this state, then do this etc. At runtime this would resolve to the
actual resource instances created from the resource templates. Making such
constructs available to the workflow authors would make sense. Having a
workflow service able to execute this via the right underlying APIs would
be the execution part. I think from an instance API perspective, Heat
already brings a lot for this with the stack model, so workflow tasks could
be written to use the stack API to access instance information. Things like
update of resources is also something that is already there.

BTW, we have a similar concept (or are working on a refinement of it based
on latest discussions) in TOSCA and call it the plan portability API,
i.e. an API that a declarative engine would expose so that fit-for-purpose
workflow tasks can be defined on-top.

Regards,
Thomas



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

Hi,

I think notification mechanism proposed in Heat will work fine for
integration with external workflows. The approach which uses workflows
outside of Heat engine sounds consistent with our current approach in
Murano.

I am looking into new TOSCA yaml format and I also ask Mirantis management
to consider joining OASIS. The decision is not made yet, but hopefully will
be made on next week. We eager to jump onto TOSCA standard work and
contribute plan related parts.

Thanks
Georgy




On Wed, Mar 19, 2014 at 1:38 PM, Thomas Spatzier thomas.spatz...@de.ibm.com
 wrote:

 Excerpts from Zane Bitter's message on 19/03/2014 18:18:34:

  From: Zane Bitter zbit...@redhat.com
  To: openstack-dev@lists.openstack.org
  Date: 19/03/2014 18:21
  Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
 
  On 19/03/14 05:00, Stan Lagun wrote:
   Steven,
  
   Agree with your opinion on HOT expansion. I see that inclusion of
   imperative workflows and ALM would require major Heat redesign and
   probably would be impossible without loosing compatibility with
 previous
   HOT syntax. It would blur Heat mission, confuse current users and rise
 a
   lot of questions what should and what should not be in Heat. Thats why
   we chose to built a system on top of Heat rather then expending HOT.
 
  +1, I agree (as we have discussed before) that it would be a mistake to
  shoehorn workflow stuff into Heat. I do think we should implement the
  hooks I mentioned at the start of this thread to allow tighter
  integration between Heat and a workflow engine (i.e. Mistral).

 +1 on not putting workflow stuff into Heat. Rather let's come up with a
 nice way of Heat and a workflow service to work together.
 That could be done in two ways: (1) let Heat hand off to a workflow service
 for certains tasks or (2) let people define workflow tasks that can easily
 work on Heat deployed resources. Maybe both make sense, but right now I am
 more leaning towards (2).

 
  So building a system on top of Heat is good. Building it on top of
  Mistral as well would also be good, and that was part of the feedback
  from the TC.
 
  To me, building on top means building on top of the languages (which
  users will have to invest a lot of work in learning) as well, rather
  than having a completely different language and only using the
  underlying implementation(s).

 That all sounds logical to me and would keep things clean, i.e. keep the
 HOT language clean by not mixing it with imperative expression, and keep
 the Heat engine clean by not blowing it up to act as a workflow engine.

 When I think about the two aspects that are being brought up in this thread
 (declarative description of a desired state and workflows) my thinking is
 that much (and actually as much as possible) can be done declaratively the
 way Heat does it with HOT. Then for bigger lifecycle management there will
 be a need for additional workflows on top, because at some point it will be
 hard to express management logic declaratively in a topology model.
 Those additional flows on-top will have to be aware of the instance created
 from a declarative template (i.e. a Heat stack) because it needs to act on
 the respective resources to do something in addition.

 So when thinking about a domain specific workflow language, it should be
 possible to define tasks (in a template aware manner) like on resource XYZ
 of the template, do something, or update resource XYZ of the template
 with this state, then do this etc. At runtime this would resolve to the
 actual resource instances created from the resource templates. Making such
 constructs available to the workflow authors would make sense. Having a
 workflow service able to execute this via the right underlying APIs would
 be the execution part. I think from an instance API perspective, Heat
 already brings a lot for this with the stack model, so workflow tasks could
 be written to use the stack API to access instance information. Things like
 update of resources is also something that is already there.

 BTW, we have a similar concept (or are working on a refinement of it based
 on latest discussions) in TOSCA and call it the plan portability API,
 i.e. an API that a declarative engine would expose so that fit-for-purpose
 workflow tasks can be defined on-top.

 Regards,
 Thomas



 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

 Management as I've defined it here?  If so,
 why
 could we not use the Heat DSL to also define the System?  The System
 definition could be logically separated out into its own text file...
 But,
 we'd have a common DSL syntax and semantics for both lower level and
 higher
 level component interaction (a building block effect of sorts).

 As for who will generate it, ( with it being the Heat multi-tier
 application/infrastructure definition) I think that question will go
 through
 a lot more evolution and could be any number of sources: e.g. Solum,
 Murano,
 Horizon, Template Author with a text editor, etc.

 Basically, I'm a +1 for as few DSLs as possible. I support the position
 that
 we should evolve HOT if needed vs. having two separate DSLs that are
 both
 related to expressing application and infrastructure semantics.

 Workflow is quite interesting ... Should we be able to express
 imperative
 workflow semantics in HOT?  Or, should we only be able to declare
 workflow
 configurations that get configured in a service like Mistral whereby
 Mistral's execution of a workflow may need to invoke Heat hooks or Stack
 Updates?  Or, some other solution?

 I look forward to a design discussion on all this at the summit... This
 is
 fun stuff to think about!

 -Keith

 From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com

 Reply-To: OpenStack Development Mailing List (not for usage questions)
 openstack-dev@lists.openstack.org
 Date: Tuesday, March 18, 2014 1:49 PM

 To: OpenStack Development Mailing List (not for usage questions)
 openstack-dev@lists.openstack.org
 Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

 I see this in the following way - who will generate HOT template for my
 complex multi-tier applications when I have only templates for
 components?


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

  ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




 --
 Sincerely yours
 Stanislav (Stan) Lagun
 Senior Developer
 Mirantis
 35b/3, Vorontsovskaya St.
 Moscow, Russia
 Skype: stanlagun
 www.mirantis.com
 sla...@mirantis.com


 ___
 OpenStack-dev mailing 
 listOpenStack-dev@lists.openstack.orghttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




-- 
Sincerely yours
Stanislav (Stan) Lagun
Senior Developer
Mirantis
35b/3, Vorontsovskaya St.
Moscow, Russia
Skype: stanlagun
www.mirantis.com
sla...@mirantis.com
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Stan Lagun]

Ability to hook up to application deployment is indeed a good thing. And it
can be done both in HOT and MuranoPL. And Mistral is a good candidate to
handle those hooks. But this is not a replacement for MuranoPL but an
addition to it.

The problem with hooks is that you cannot hoot just into arbitrary place in
deployment workflow. And the author of Python code may not expose the exact
hook that you need. Hooks can work for logging purposes or triggering some
additional workflows but are not good for customization of your workflow
from outside. Hooked code may not have access to all engine's internal
state and workflow context and have even less chances to modify it in a
safe manner


On Thu, Mar 20, 2014 at 1:21 AM, Georgy Okrokvertskhov 
gokrokvertsk...@mirantis.com wrote:

 Hi,

 I think notification mechanism proposed in Heat will work fine for
 integration with external workflows. The approach which uses workflows
 outside of Heat engine sounds consistent with our current approach in
 Murano.

 I am looking into new TOSCA yaml format and I also ask Mirantis management
 to consider joining OASIS. The decision is not made yet, but hopefully will
 be made on next week. We eager to jump onto TOSCA standard work and
 contribute plan related parts.

 Thanks
 Georgy




 On Wed, Mar 19, 2014 at 1:38 PM, Thomas Spatzier 
 thomas.spatz...@de.ibm.com wrote:

 Excerpts from Zane Bitter's message on 19/03/2014 18:18:34:

  From: Zane Bitter zbit...@redhat.com
  To: openstack-dev@lists.openstack.org
  Date: 19/03/2014 18:21
  Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?
 
  On 19/03/14 05:00, Stan Lagun wrote:
   Steven,
  
   Agree with your opinion on HOT expansion. I see that inclusion of
   imperative workflows and ALM would require major Heat redesign and
   probably would be impossible without loosing compatibility with
 previous
   HOT syntax. It would blur Heat mission, confuse current users and rise
 a
   lot of questions what should and what should not be in Heat. Thats why
   we chose to built a system on top of Heat rather then expending HOT.
 
  +1, I agree (as we have discussed before) that it would be a mistake to
  shoehorn workflow stuff into Heat. I do think we should implement the
  hooks I mentioned at the start of this thread to allow tighter
  integration between Heat and a workflow engine (i.e. Mistral).

 +1 on not putting workflow stuff into Heat. Rather let's come up with a
 nice way of Heat and a workflow service to work together.
 That could be done in two ways: (1) let Heat hand off to a workflow
 service
 for certains tasks or (2) let people define workflow tasks that can easily
 work on Heat deployed resources. Maybe both make sense, but right now I am
 more leaning towards (2).

 
  So building a system on top of Heat is good. Building it on top of
  Mistral as well would also be good, and that was part of the feedback
  from the TC.
 
  To me, building on top means building on top of the languages (which
  users will have to invest a lot of work in learning) as well, rather
  than having a completely different language and only using the
  underlying implementation(s).

 That all sounds logical to me and would keep things clean, i.e. keep the
 HOT language clean by not mixing it with imperative expression, and keep
 the Heat engine clean by not blowing it up to act as a workflow engine.

 When I think about the two aspects that are being brought up in this
 thread
 (declarative description of a desired state and workflows) my thinking is
 that much (and actually as much as possible) can be done declaratively the
 way Heat does it with HOT. Then for bigger lifecycle management there will
 be a need for additional workflows on top, because at some point it will
 be
 hard to express management logic declaratively in a topology model.
 Those additional flows on-top will have to be aware of the instance
 created
 from a declarative template (i.e. a Heat stack) because it needs to act on
 the respective resources to do something in addition.

 So when thinking about a domain specific workflow language, it should be
 possible to define tasks (in a template aware manner) like on resource
 XYZ
 of the template, do something, or update resource XYZ of the template
 with this state, then do this etc. At runtime this would resolve to the
 actual resource instances created from the resource templates. Making such
 constructs available to the workflow authors would make sense. Having a
 workflow service able to execute this via the right underlying APIs would
 be the execution part. I think from an instance API perspective, Heat
 already brings a lot for this with the stack model, so workflow tasks
 could
 be written to use the stack API to access instance information. Things
 like
 update of resources is also something that is already there.

 BTW, we have a similar concept (or are working on a refinement of it based
 on latest discussions) in TOSCA and call it the plan

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Zane Bitter]

(I added a couple of tags to the subject; hope this doesn't screw up 
anyone's threading.)


On 09/03/14 16:26, Joshua Harlow wrote:

I'd be very interested in knowing the resource controls u plan to add.
Memory, CPU...

I'm still trying to figure out where something like
https://github.com/istalker2/MuranoDsl/blob/master/meta/com.mirantis.murano.demoApp.DemoInstance/manifest.yaml
would be beneficial, why not just spend effort sand boxing lua,
python... Instead of spending effort on creating a new language and then
having to sandbox it as well... Especially if u picked languages that
are made to be sandboxed from the start (not python)...


-1 to using a full-blown programming language like Python over a DSL, but...


Who is going to train people on muranoPL, write language books and
tutorials when the same amount of work has already been done for 10+
years for other languages

I fail to see where muranoPL is a DSL when it contains a full language
already with functions, objects, namespaces, conditionals... (what is
the domain of it?), maybe I'm just confused though (quite possible, haha).


...I'm inclined to agree with this. Whenever you find yourself 
implementing a Turing-complete Object-Oriented DSL... well, you'd at 
least want to stop and think very carefully about whether you might have 
taken a wrong turn somewhere.



Does this not seem awkward to anyone else??


It does seem really awkward to me (and not just because of all the 
$signs), because it's duplicating basically all of the functionality of 
Heat. e.g. in MuranoPL you have:


Properties:
  name:
Contract: $.string().notNull()

whereas in HOT this would be:

parameters:
  name:
type: string
constraints:
  - length: {min: 1}

In MuranoPL you reference it using $this.name, vs. HOT using 
{get_param: name}.


Note that HOT (a) already exists in OpenStack, and (b) is being 
developed in conjunction with TOSCA folks to ensure easy translation 
to/from TOSCA Simple Profile YAML rendering.


Looking at e.g. [1], more  or less everything in here can be done 
already inside a Heat template, using get_file and str_replace.


It sounds like this is a DSL in which you write everything imperatively, 
then it gets converted behind the scenes into a declarative model in a 
completely different language (but not using any of the advanced 
features of that language) and passed to Heat, which turns it back into 
a workflow to execute. That seems bizarre to me. Surely Murano should be 
focusing on filling the gaps in Heat, rather than reimplementing it in a 
different paradigm?


What I'm imagining here is something along the lines of:
- Heat implements hooks to customise its workflows, as proposed in [2], [3].
- Deployments are defined declaratively using HOT syntax.
- Workflows - to wrap the deployment operations, to customise the 
deployment and to perform lifecycle operations like backups - are 
defined using a Mistral DSL (I assume this exists already? I haven't 
looked into it).
- Murano provides a way to bundle the various workflow definitions, HOT 
models, and other files into an application package.


Can anybody enlighten me as to what features would be missing from this 
that would warrant creating a new programming language?


thanks,
Zane.

[1] 
https://github.com/istalker2/MuranoDsl/blob/master/meta/com.mirantis.murano.demoApp.DemoInstance/manifest.yaml
[2] 
http://lists.openstack.org/pipermail/openstack-dev/2014-February/026329.html
[3] 
http://lists.openstack.org/pipermail/openstack-dev/2014-March/030228.html



Sent from my really tiny device...

On Mar 8, 2014, at 10:44 PM, Stan Lagun sla...@mirantis.com
mailto:sla...@mirantis.com wrote:


First of all MuranoPL is not a host but hosted language. It never
intended to replace Python and if Python can do the job it is probably
better than MuranoPL for that job.
The problem with Python is that you cannot have Python code as a part
of your DSL if you need to evaluate that DSL on server-side. Using
Python's eval() is not secure. And you don't have enough control on
what evaled code is allowed to do. MuranoPL on the contrary are fully
sandboxed. You have absolute control over what functions/methods/APIs
are exposed to DSL and DSL code can do nothing except for what it
allowed to do. Besides you typically do want your DSL to be
domain-specific so general-purpose language like Python can be suboptimal.

I don't say MuranoPL is good for all projects. It has many
Murano-specific things after all. In most cases you don't need all
those OOP features that MuranoPL has. But the code organization, how
it uses YAML, block structures and especially YAQL expressions can be
of a great value to many projects

For examples of MuranoPL classes you can browse
https://github.com/istalker2/MuranoDsl/tree/master/meta folder. This
is my private repository that I was using to develop PoC for MuranoPL
engine. We are on the way to create production-quality implementation
with unit-tests etc. in 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Georgy Okrokvertskhov]

Hi Zane,

Thank you for your feedback. This is very important for us to find out how
our approach can be aligned with existing solutions. Let me try to explain
how we come up to specific solutions.


It does seem really awkward to me (and not just because of all the
$signs), because it's duplicating basically all of the functionality of
Heat. e.g. in MuranoPL you have:
Properties:
  name:
Contract: $.string().notNull()

whereas in HOT this would be:

parameters:
  name:
type: string
constraints:
  - length: {min: 1}

First of all parameters are the common entities in all different services.
Some of them use config files, some of them use yaml formats. I don't see
that this is a significant overlap with Heat. While Murano parameters can
be directly passed to Heat template generated, there is a major difference
between Murano parameters and Heat parameters. We use these parameters to
bind different entities together. The good example is here [1][2]

Properties:
  name:
Contract: $.string().notNull()

  primaryController:
Contract: $.class(PrimaryController).notNull()

  secondaryControllers:
Contract: [$.class(SecondaryController).notNull()]

As you see, parameters here are used to bind different applications as
PrimaryController and Secondary controllers are different VMs with
different configurations.

Murano can't use Heat parameters for that as we need to bind
applications before Heat template is generated. If we even try to use
Heat for keeping such parameters it will lead to Murano parsing and
processing Heat templates which we want to avoid.


Looking at e.g. [1], more  or less everything in here can be done already 
inside a Heat template, using get_file and str_replace.


This definitely can be done inside Heat template, but these operations
(str_replace) are not specific to Heat. As we use these variables
before HOT template creation it is better to do string operations
inside the service then pass this to another service. As we can't
expose python functions for that we just wrap them in our DSL syntax
which is just a couple lines of Python code around pythons string
methods.


It sounds like this is a DSL in which you write everything imperatively,
then it gets converted behind the scenes into a declarative model in a
completely different language (but not using any of the advanced features
of that language) and passed to Heat, which turns it back into a workflow
to execute. That seems bizarre to me. Surely Murano should be focusing on
filling the gaps in Heat, rather than reimplementing it in a different
paradigm?

We will be very happy to fill gaps in the HOT syntax to extend it. At the
same time, I need to mention, that the picture you drew does not perfectly
reflects what we are doing. Murano uses its own definition of application
which covers the specific aspects of application - actions and application
binding. As a part of application definition we store Heat snippets as
files. We don't hide anything from Heat under the Murano layer. All
features available in Heat can be used in Murano as user has an ability to
add Heat template to the application definition. As Heat main feature is to
manage different resource we pass this tasks to Heat. Murano does not do
any kind of infrastructure resource management outside of the Heat.

Heat template generation is just a first step in Application life. Murano
provides a way to define workflows for different aspects
of application which can be invoked by Heat during generation or out of
Heat by Mistral, Ceilometer and other services, including Murano.

What I'm imagining here is something along the lines of:
- Heat implements hooks to customise its workflows, as proposed in [2],
[3].
- Deployments are defined declaratively using HOT syntax.
- Workflows - to wrap the deployment operations, to customise the
deployment and to perform lifecycle operations like backups - are defined
using a Mistral DSL (I assume this exists already? I haven't looked into
it).
- Murano provides a way to bundle the various workflow definitions, HOT
models, and other files into an application package.

Murano is not focused on deployment itself. As soon as we have HOT Murano
is responsible to generate proper HOT template to make actual deployments.
As soon as HOT Software components are ready, application publisher will
use them in Heat templates.

Can anybody enlighten me as to what features would be missing from this
that would warrant creating a new programming language?

I see this in the following way - who will generate HOT template for my
complex multi-tier applications when I have only templates for components?
It looks like I will have to write a new template by myself understanding
all possible relation between components and their parameters. Then I have
to add some specific workflows to Mistral and somehow bind them to the
resources deployed by Heat. Then I have to understand what kind of
notifications to expect and somehow react on them 

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Keith Bray]

Georgy,

In consideration of the can you express it instead of the who will generate 
it, I see Heat's HOT evolving to support the expression of complex multi-tier 
architectures and applications (I would argue you can already do this today, 
perhaps with some additional features desired, e.g. Ability to define cloud 
workflows and workflow execution rules which could come when we have a workflow 
service like Mistral).  Therefore, I would encourage Murano contributors to 
consider whether they can help make Heat sufficiently cover desired use cases.  
I have never viewed Heat templates as isolated components of a multi-tier 
architecture.  Instead, a single template or a combination of 
master/subordinate templates together (using references, nesting, or inclusion) 
could express the complete architecture, both infrastructure and applications.

If I've read your previous comments and threads correctly, you desire a way to 
express System Lifecycle Management across multiple related applications or 
components, whereby you view the System as a grouping of independently 
developed and/or deployed (but systematically related) components, whereby 
you view Components as individual disconnected Heat templates that 
independently describe different application stacks of the System.  Did I get 
that correct?   If so, perhaps the discussion here is one of scope of what 
can or should be expressed in a Heat template. Is it correct to state that your 
argument is that a separate system (such as Murano) should be used to express 
System Lifecycle Management as I've defined it here?  If so, why could we not 
use the Heat DSL to also define the System?  The System definition could be 
logically separated out into its own text file... But, we'd have a common DSL 
syntax and semantics for both lower level and higher level component 
interaction (a building block effect of sorts).

As for who will generate it, ( with it being the Heat multi-tier 
application/infrastructure definition) I think that question will go through a 
lot more evolution and could be any number of sources: e.g. Solum, Murano, 
Horizon, Template Author with a text editor, etc.

Basically, I'm a +1 for as few DSLs as possible. I support the position that we 
should evolve HOT if needed vs. having two separate DSLs that are both related 
to expressing application and infrastructure semantics.

Workflow is quite interesting ... Should we be able to express imperative 
workflow semantics in HOT?  Or, should we only be able to declare workflow 
configurations that get configured in a service like Mistral whereby Mistral's 
execution of a workflow may need to invoke Heat hooks or Stack Updates?  Or, 
some other solution?

I look forward to a design discussion on all this at the summit... This is fun 
stuff to think about!

-Keith

From: Georgy Okrokvertskhov 
gokrokvertsk...@mirantis.commailto:gokrokvertsk...@mirantis.com
Reply-To: OpenStack Development Mailing List (not for usage questions) 
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Date: Tuesday, March 18, 2014 1:49 PM
To: OpenStack Development Mailing List (not for usage questions) 
openstack-dev@lists.openstack.orgmailto:openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

I see this in the following way - who will generate HOT template for my complex 
multi-tier applications when I have only templates for components?
___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Ruslan Kamaldinov]

: [openstack-dev] [Murano][Heat] MuranoPL questions?

 I see this in the following way - who will generate HOT template for my
 complex multi-tier applications when I have only templates for components?


 ___
 OpenStack-dev mailing list
 OpenStack-dev@lists.openstack.org
 http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Keith Bray]

Hi Ruslan,

I did not intend to suggest that definition of things like billing rules
should necessarily be supported syntax in Heat. Murano is certainly able
to develop whatever features it would like, including an alternative DSL.
I have a preference towards minimizing DSLs across the OpenStack
ecosystem, if possible. I hope that helps clear up my position.  If the
goal is to specify pertinent information that a billing system could
consume, I default back to wanting to specify/store that information as
associated data in the catalog with the application definition (e.g. HOT
artifact in Glance).  If the billing/rules logic crosses multiple HOT
artifacts, I find that very interesting and would enjoy reading about a
specific use-case.

As for Trove and Savanna, I view these as application Services.
Service registry/discovery isn't what I thought Murano was aiming to be,
but I've been wrong about what Murano is/isn't/wants-to-be many times
before, so my apologies if I'm misunderstanding again. I am a bit more
confused now, however, given that discovery/definition of exposed software
services is entering the conversation?

Thank you for considering my comments,
-Keith

On 3/18/14 7:32 PM, Ruslan Kamaldinov rkamaldi...@mirantis.com wrote:

- definition of an application which is already exposed via REST API.
Think of
  something like Sahara (ex. Savanna) or Trove developed in-house for
internal
  company needs. app publishers wouldn't be happy if they'll be forced to
  develop a new resource for Heat
- definition of billing rules for an application


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Angus Salkeld]

?  Or, should we only be able to declare workflow
configurations that get configured in a service like Mistral whereby
Mistral's execution of a workflow may need to invoke Heat hooks or Stack
Updates?  Or, some other solution?

I look forward to a design discussion on all this at the summit... This is
fun stuff to think about!

-Keith

From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com

Reply-To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Date: Tuesday, March 18, 2014 1:49 PM

To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

I see this in the following way - who will generate HOT template for my
complex multi-tier applications when I have only templates for components?


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

[Steven Dake]

 of concerns is best for OpenStack 
and should be the preferred development path.


Regards,
-steve

[1] http://en.wikipedia.org/wiki/The_Magical_Number_Seven,_Plus_or_Minus_Two


Thanks,
Ruslan

On Wed, Mar 19, 2014 at 2:07 AM, Keith Bray keith.b...@rackspace.com wrote:

Georgy,

In consideration of the can you express it instead of the who will
generate it, I see Heat's HOT evolving to support the expression of complex
multi-tier architectures and applications (I would argue you can already do
this today, perhaps with some additional features desired, e.g. Ability to
define cloud workflows and workflow execution rules which could come when we
have a workflow service like Mistral).  Therefore, I would encourage Murano
contributors to consider whether they can help make Heat sufficiently cover
desired use cases.  I have never viewed Heat templates as isolated
components of a multi-tier architecture.  Instead, a single template or a
combination of master/subordinate templates together (using references,
nesting, or inclusion) could express the complete architecture, both
infrastructure and applications.

If I've read your previous comments and threads correctly, you desire a way
to express System Lifecycle Management across multiple related applications
or components, whereby you view the System as a grouping of independently
developed and/or deployed (but systematically related) components, whereby
you view Components as individual disconnected Heat templates that
independently describe different application stacks of the System.  Did I
get that correct?   If so, perhaps the discussion here is one of scope of
what can or should be expressed in a Heat template. Is it correct to state
that your argument is that a separate system (such as Murano) should be used
to express System Lifecycle Management as I've defined it here?  If so, why
could we not use the Heat DSL to also define the System?  The System
definition could be logically separated out into its own text file... But,
we'd have a common DSL syntax and semantics for both lower level and higher
level component interaction (a building block effect of sorts).

As for who will generate it, ( with it being the Heat multi-tier
application/infrastructure definition) I think that question will go through
a lot more evolution and could be any number of sources: e.g. Solum, Murano,
Horizon, Template Author with a text editor, etc.

Basically, I'm a +1 for as few DSLs as possible. I support the position that
we should evolve HOT if needed vs. having two separate DSLs that are both
related to expressing application and infrastructure semantics.

Workflow is quite interesting ... Should we be able to express imperative
workflow semantics in HOT?  Or, should we only be able to declare workflow
configurations that get configured in a service like Mistral whereby
Mistral's execution of a workflow may need to invoke Heat hooks or Stack
Updates?  Or, some other solution?

I look forward to a design discussion on all this at the summit... This is
fun stuff to think about!

-Keith

From: Georgy Okrokvertskhov gokrokvertsk...@mirantis.com

Reply-To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Date: Tuesday, March 18, 2014 1:49 PM

To: OpenStack Development Mailing List (not for usage questions)
openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano][Heat] MuranoPL questions?

I see this in the following way - who will generate HOT template for my
complex multi-tier applications when I have only templates for components?


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev


___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



___
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev