[openstack-dev] [Murano][Congress][Mistral] policy guided fulfillment

Pospisil, Radek radek.pospisil at hp.com
Wed Feb 18 17:43:44 UTC 2015


Hello,

I would like to announce integration of Murano<https://wiki.openstack.org/wiki/Murano> Application catalog and Congress<https://wiki.openstack.org/wiki/Congress> policy service. We call it Policy guided fulfillment.

The idea (which is currently implemented) is to use Congress as authority controlling deployment of Murano applications. Openstack administrator defines policy rules detecting validation of his business policies. When end user is about to deploy Murano environment with applications, the Congress decides whether the environment is ok (i.e., Murano deploys the environment) or not (i.e., Murano cancels the deployment).
In future Congress policies will be used to react to various events generated by an application, Openstack, ... e.g., scaling, remediation, ... .

More implementation details

*         Murano environment (i.e., application/services + its properties + relationships) is mapped (decomposed) to Congress data model (i.e., simple rules, ...)

*         There is a predefined policy rule predeploy_error which has to be defined by an Administrator to detect the 'errors'

o   example - do not allow use instances with more than 2048MB in the environment

?  rule explanation - in an environment (eid), find Murano object (obj_id) with property 'flavor' and check if the flavor's RAM size is over given limit (2048MB), If so, then create error message.

?  Congress rules are written in datalog - check Congress<https://wiki.openstack.org/wiki/Congress> for the documentation

predeploy_errors(eid, obj_id, msg) :-
   murano:objects(obj_id, eid, type),
   murano:properties(obj_id, "flavor", flavor_name),
   flavor_ram(flavor_name, ram),
   gt(ram, 2048),
   murano:properties(obj_id, "name", obj_name),
   concat(obj_name, ": instance flavor has RAM size over 2048MB", msg)


*         Murano enforces the policy check on deploy action as follows

o   Murano uses Congress' simulation API for policy rule validations

?  In this case Congress temporary stores the decomposed Murano environment in order to evaluate the rules

o   Murano creates simulation sequence describing the environment decomposition

o   Murano calls the simulation API and process the result - base on that Murano either continue deployment, or deployment is failed.


You can find all necessary steps to make it running, example and developer documentation as part of Murano documentation  http://murano.readthedocs.org/en/latest/articles/policy_enf_index.html .

You can also vote for our call for speaker summit presentations if you are interested :)

*         https://www.openstack.org/vote-vancouver/Presentation/introducing-policy-guided-fulfillment-to-openstack-allowing-your-organization-to-set-business-policies-to-affect-application-deployment

*         https://www.openstack.org/vote-vancouver/Presentation/governing-murano-application-deployment-with-congress-policy


  regards,

Radek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150218/57a83047/attachment.html>


More information about the OpenStack-dev mailing list