SlideShare a Scribd company logo

Policy Guided Fulfillmentof Murano Applications

R
rpospisil

#vBrownBag presentation given on OpenStack Summit 2015 Policy is a generic way to control fulfillment (deployment) of applications. This presentation describes current implementation status in Kilo release of OpenStack. For more details check https://wiki.openstack.org/wiki/PolicyGuidedFulfillment https://wiki.openstack.org/wiki/PolicyGuidedFulfillmentDemo

Software
1 of 16
Download to read offline
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the OpenStack Foundation’s permission. Vancouver OpenStack® Summit
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Policy Guided Fulfillment of Murano Applications Radek Pospíšil / May 21, 2015 radek.pospisil@hp.com
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Motivation: Integration of Business Policies and Application Model What is Policy Guided Fulfillment? • Business (Management) policies and Application model are typically independent each other – Application designer models application without knowledge of existing and/or future policies – System administrator defines business policies • i.e., restrictions and/or intended state of your system • typically without knowing which application will be deployed • Application can be affected by policies in deployment and runtime – Policy can modify application model prior it is deployed | (e.g., enable monitoring, …) – Deployment of an application is cancelled if it violates policies – Policy violation in runtime means triggering of an action (e.g., notification, remediation,…)
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Examples of Business Policies • Security policy rule – 2 nodes of the cluster cannot reside on same security zone – Networks used by application must belongs be trusted – Storages must reside in trusted zone • Requirements policy rule – All application layers must be monitored (SLA) – Application must be composed of certified components • Finance rule policy – Placement will be selected according to cost at deployment time – Only give sizes of flavors are allowed
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 UseCases Delivered in Kilo • Predeployment Policy Enforcement – Application must comply with policies in order to be deployed • Runtime Policy Enforcement – It is possible to check if application does not breaching policies in runtime • Workflow Embracement – Workflow can be executed as part of application deployment
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 How it works Application Designer System Administrator Application Enduser Policies Application Murano Congress Mistral VM Instances 3. Creates Policies Predeployment Policy Enfrocement Workflow Embracement RuntimePolicy Enfrocement OpenStack
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Policy Part: Murano – Congress Integration Technical Deep Dive • Mapping of Murano Environment object model to Congress policy tables – Murano environment is decomposed to following entities – Objects – holds individual environment objects • (e.g., common object types are environment, application, VM instance, …) – Properties – holds properties of objects – ParentTypes – holds type full type information of objects – States – holds state of environment – Relationships – holds relationships between objects with its type – Connected – holds all connected objects in environment (both direct and indirects) • Murano environments are pulled to Congress using datasource driver – For runtime enforcement • Congress policy rules can trigger/execute actions – Currently supports nova client action – For runtime enforcement
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 Policy Part: Policy Validation Technical Deep Dive • Deployment scenario – predeployment_errors is table in Congress queried for deployment enforcement • Administrator has to create rules reporting violation to this table – Congress policy simulation API is used to validate if environment violates it or not • Simulation input is decomposed environment – Simulation puts temporarily data into Congress DB • Runtime scenario – No specific rule is named for runtime, as it is up to Congress administrator to specify handling of rule violation in Congress • passive (e.g., notification): data from such rules are read by administrator • active (e.g., action execution): rule triggers an action execution in Congress – Murano Congress Datasource driver pulls data from Murano environment, so Congress has available up- to-date environment data
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 Workflow Part Technical Deep Dive • Murano provides Mistral client • Application Packages (MuranoPL) can use the Mistral Client to – Deploy workflow to Mistral – Execute the workflow • Example - $ep: $.tomcat.instance.floatingIpAddress + ':8080/petclinic' - $this.find(std:Environment).reporter.report($this, 'Running at http://' + $ep) - $mistral_workflow: $resources.string('TestTomcat.yaml') - $.mistralClient.upload(definition => $mistral_workflow) - $.mistralClient.run(name => 'test_tomcat', inputs => dict(url => 'http://' + $ep))
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 Static Examples Demo • Full demo details available at https://wiki.openstack.org/wiki/PolicyGuidedFulfillmentDemo • Goal – Allow to deploy only Murano environments with PetClinic using • MySql in project demo • Postgresql in project qa
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 Business Policy Creation Demo # Predeploy policy rules openstack congress policy rule create murano_system 'predeploy_errors(eid,oid,msg) :- murano:objects(oid,eid,type), murano:objects(eid,tid, "io.murano.Environment"), murano:parent_types(oid,"io.murano.Application"), tenantName(tid,tname), not allowedApp(type, tname),concat("Unsupported application detected: ", type, tmsg1),concat(tmsg1, ", ", tmsg2),objName(oid, oname), concat(tmsg2, oname, msg)' # allowed app main rules openstack congress policy rule create murano_system 'objName(oid,oname) :- murano:properties(oid, "name", oname)' openstack congress policy rule create murano_system 'tenantName(tid, tname) :- keystone:tenants(en,desc,tname,tid)' #demo tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.MySql", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.PetClinic", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "demo")' #qa tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.PostgreSql", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.PetClinic", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")'
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Invalid Environment Creation Demo
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 Deployment Failure Demo
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Next Steps • Runtime Remediation – Policy identifies problem/defect/breach/overload/… of application, thus • (Simple) user/administrator is notified to deal with it • (Advanced) remediation Mistral workflow is started to deal with it • More Workflow integration in Murano – Murano Application implemented by workflows • Congress Improvements – Datasources – UI
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Resources • https://wiki.openstack.org/wiki/PolicyGuidedFulfillment • https://wiki.openstack.org/wiki/PolicyGuidedFulfillmentDemo • http://murano.readthedocs.org/en/latest/articles/policy_enf_index.html • https://wiki.openstack.org/wiki/Murano • https://wiki.openstack.org/wiki/Congress • https://wiki.openstack.org/wiki/Mistral • Contact us via Murano, Congress, Mistral IRC
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the OpenStack Foundation’s permission. Thank you

Recommended

Racionalidad en las organizaciones
Racionalidad en las organizacionesRacionalidad en las organizaciones
Racionalidad en las organizacionesgussana
 
Politica empresarial exposicion
Politica empresarial exposicionPolitica empresarial exposicion
Politica empresarial exposicionJulian Stoehr
 
La racionalidad en la politica empresarial (1)
La racionalidad en la politica empresarial (1)La racionalidad en la politica empresarial (1)
La racionalidad en la politica empresarial (1)yeimy163
 
Politica administrativa 16 de agosto 2011 (3)
Politica administrativa 16 de agosto 2011 (3)Politica administrativa 16 de agosto 2011 (3)
Politica administrativa 16 de agosto 2011 (3)Diana Siachoque
 
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...Diilfaro Lewi
 
Bloomberg Business Magazine Cover story ppt
Bloomberg Business Magazine Cover story pptBloomberg Business Magazine Cover story ppt
Bloomberg Business Magazine Cover story pptAmit Kumar
 
manual de politicas
manual de politicasmanual de politicas
manual de politicasAmanda Baez
 
Politicas de organizacion blogspot
Politicas de organizacion blogspotPoliticas de organizacion blogspot
Politicas de organizacion blogspotyessenia122
 

Recommended

Racionalidad en las organizaciones
Racionalidad en las organizacionesRacionalidad en las organizaciones
Racionalidad en las organizacionesgussana
 
Politica empresarial exposicion
Politica empresarial exposicionPolitica empresarial exposicion
Politica empresarial exposicionJulian Stoehr
 
La racionalidad en la politica empresarial (1)
La racionalidad en la politica empresarial (1)La racionalidad en la politica empresarial (1)
La racionalidad en la politica empresarial (1)yeimy163
 
Politica administrativa 16 de agosto 2011 (3)
Politica administrativa 16 de agosto 2011 (3)Politica administrativa 16 de agosto 2011 (3)
Politica administrativa 16 de agosto 2011 (3)Diana Siachoque
 
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...
POLITICA EMRPESARIAL, BUSINESS POLICY, Author: MSc. Salvador Alfaro Gomez, 2...Diilfaro Lewi
 
Bloomberg Business Magazine Cover story ppt
Bloomberg Business Magazine Cover story pptBloomberg Business Magazine Cover story ppt
Bloomberg Business Magazine Cover story pptAmit Kumar
 
manual de politicas
manual de politicasmanual de politicas
manual de politicasAmanda Baez
 
Politicas de organizacion blogspot
Politicas de organizacion blogspotPoliticas de organizacion blogspot
Politicas de organizacion blogspotyessenia122
 
Politicas Empresariales
Politicas EmpresarialesPoliticas Empresariales
Politicas Empresarialesluishuaraca1194
 
Manual de Políticas de Recursos Humanos
Manual de Políticas de Recursos HumanosManual de Políticas de Recursos Humanos
Manual de Políticas de Recursos HumanosManfred Nuñez-Solorio
 
Politica empresarial programas y presupuestos
Politica empresarial programas y presupuestosPolitica empresarial programas y presupuestos
Politica empresarial programas y presupuestoslunatik2010
 
strategic
strategicstrategic
strategicsomanipankaj137
 
Politicas de la organización
Politicas de la organizaciónPoliticas de la organización
Politicas de la organizaciónLORENAJUYAR
 
Manual Politicas
Manual PoliticasManual Politicas
Manual PoliticasRosalina Peña
 
OpenStack Murano
OpenStack MuranoOpenStack Murano
OpenStack Muranoopenstackstl
 
Oracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & TuningOracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & TuningChris Muir
 
Gems to help you troubleshoot query performance
Gems to help you troubleshoot query performanceGems to help you troubleshoot query performance
Gems to help you troubleshoot query performancePedro Lopes
 
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzManaging and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzDaniel Laskewitz
 
Puppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppet
 
Cloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You GoCloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You GoKevin Downs
 
Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Uri Cohen
 
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014IBM Systems UKI
 
Open stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareOpen stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareSumit Naiksatam
 
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...CA Technologies
 
Automation for the Humans
Automation for the HumansAutomation for the Humans
Automation for the HumansRakuten Group, Inc.
 
Driving TAS Enterprise Fitness
Driving TAS Enterprise FitnessDriving TAS Enterprise Fitness
Driving TAS Enterprise FitnessVMware Tanzu
 
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, NokiaDeployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokiamfrancis
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of TwoKellyn Pot'Vin-Gorman
 
Streamline it management
Streamline it managementStreamline it management
Streamline it managementDLT Solutions
 
Agile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtAgile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtVincent Burckhardt
 

More Related Content

Viewers also liked

Manual de Políticas de Recursos Humanos
Manual de Políticas de Recursos HumanosManual de Políticas de Recursos Humanos
Manual de Políticas de Recursos HumanosManfred Nuñez-Solorio
 
Politica empresarial programas y presupuestos
Politica empresarial programas y presupuestosPolitica empresarial programas y presupuestos
Politica empresarial programas y presupuestoslunatik2010
 
Politicas de la organización
Politicas de la organizaciónPoliticas de la organización
Politicas de la organizaciónLORENAJUYAR
 

Viewers also liked (6)

Politicas Empresariales
Politicas EmpresarialesPoliticas Empresariales
Politicas Empresariales
 
Manual de Políticas de Recursos Humanos
Manual de Políticas de Recursos HumanosManual de Políticas de Recursos Humanos
Manual de Políticas de Recursos Humanos
 
Politica empresarial programas y presupuestos
Politica empresarial programas y presupuestosPolitica empresarial programas y presupuestos
Politica empresarial programas y presupuestos
 
strategic
strategicstrategic
strategic
 
Politicas de la organización
Politicas de la organizaciónPoliticas de la organización
Politicas de la organización
 
Manual Politicas
Manual PoliticasManual Politicas
Manual Politicas
 

Similar to Policy Guided Fulfillmentof Murano Applications

Oracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & TuningOracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & TuningChris Muir
 
Gems to help you troubleshoot query performance
Gems to help you troubleshoot query performanceGems to help you troubleshoot query performance
Gems to help you troubleshoot query performancePedro Lopes
 
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzManaging and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzDaniel Laskewitz
 
Puppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppet
 
Cloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You GoCloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You GoKevin Downs
 
Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Uri Cohen
 
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014IBM Systems UKI
 
Open stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareOpen stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareSumit Naiksatam
 
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...CA Technologies
 
Driving TAS Enterprise Fitness
Driving TAS Enterprise FitnessDriving TAS Enterprise Fitness
Driving TAS Enterprise FitnessVMware Tanzu
 
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, NokiaDeployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokiamfrancis
 
Streamline it management
Streamline it managementStreamline it management
Streamline it managementDLT Solutions
 
Agile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtAgile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtVincent Burckhardt
 
SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022Becky Burwell
 
Sumologic <3 Open Source
Sumologic <3 Open SourceSumologic <3 Open Source
Sumologic <3 Open SourceNGINX, Inc.
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Prasad Mukhedkar
 
Ncerc rlmca202 adm m4 ssm
Ncerc rlmca202 adm m4 ssmNcerc rlmca202 adm m4 ssm
Ncerc rlmca202 adm m4 ssmssmarar
 

Similar to Policy Guided Fulfillmentof Murano Applications (20)

OpenStack Murano
OpenStack MuranoOpenStack Murano
OpenStack Murano
 
Oracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & TuningOracle ADF Architecture TV - Development - Performance & Tuning
Oracle ADF Architecture TV - Development - Performance & Tuning
 
Gems to help you troubleshoot query performance
Gems to help you troubleshoot query performanceGems to help you troubleshoot query performance
Gems to help you troubleshoot query performance
 
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel LaskewitzManaging and supporting PowerApps & Flow at scale by Daniel Laskewitz
Managing and supporting PowerApps & Flow at scale by Daniel Laskewitz
 
Puppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated IndustryPuppeting in a Highly Regulated Industry
Puppeting in a Highly Regulated Industry
 
Cloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You GoCloud Migration - The Earlier You Instrument, The Faster You Go
Cloud Migration - The Earlier You Instrument, The Faster You Go
 
Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014 Cloudify workshop at CCCEU 2014
Cloudify workshop at CCCEU 2014
 
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
PureApp Hybrid Cloud - Mark Willemse ING Presentation 11th September 2014
 
Open stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshareOpen stack gbp final sn-4-slideshare
Open stack gbp final sn-4-slideshare
 
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
Case Study: Learn How Expeditors Uses APM as Both a Technology and Process T...
 
Automation for the Humans
Automation for the HumansAutomation for the Humans
Automation for the Humans
 
Driving TAS Enterprise Fitness
Driving TAS Enterprise FitnessDriving TAS Enterprise Fitness
Driving TAS Enterprise Fitness
 
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, NokiaDeployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
Deployment Download and Policy Workstream Update - Gábor Pécsy, Nokia
 
Em13c New Features- Two of Two
Em13c New Features- Two of TwoEm13c New Features- Two of Two
Em13c New Features- Two of Two
 
Streamline it management
Streamline it managementStreamline it management
Streamline it management
 
Agile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is builtAgile and continuous delivery – How IBM Watson Workspace is built
Agile and continuous delivery – How IBM Watson Workspace is built
 
SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022SFBA Usergroup meeting November 2, 2022
SFBA Usergroup meeting November 2, 2022
 
Sumologic <3 Open Source
Sumologic <3 Open SourceSumologic <3 Open Source
Sumologic <3 Open Source
 
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
Openstack Cloud Management and Automation Using Red Hat Cloudforms 4.0
 
Ncerc rlmca202 adm m4 ssm
Ncerc rlmca202 adm m4 ssmNcerc rlmca202 adm m4 ssm
Ncerc rlmca202 adm m4 ssm
 

Recently uploaded

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 

Recently uploaded (20)

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 

Policy Guided Fulfillmentof Murano Applications

  • 1. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the OpenStack Foundation’s permission. Vancouver OpenStack® Summit
  • 2. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Policy Guided Fulfillment of Murano Applications Radek Pospíšil / May 21, 2015 radek.pospisil@hp.com
  • 3. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 Motivation: Integration of Business Policies and Application Model What is Policy Guided Fulfillment? • Business (Management) policies and Application model are typically independent each other – Application designer models application without knowledge of existing and/or future policies – System administrator defines business policies • i.e., restrictions and/or intended state of your system • typically without knowing which application will be deployed • Application can be affected by policies in deployment and runtime – Policy can modify application model prior it is deployed | (e.g., enable monitoring, …) – Deployment of an application is cancelled if it violates policies – Policy violation in runtime means triggering of an action (e.g., notification, remediation,…)
  • 4. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 Examples of Business Policies • Security policy rule – 2 nodes of the cluster cannot reside on same security zone – Networks used by application must belongs be trusted – Storages must reside in trusted zone • Requirements policy rule – All application layers must be monitored (SLA) – Application must be composed of certified components • Finance rule policy – Placement will be selected according to cost at deployment time – Only give sizes of flavors are allowed
  • 5. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 UseCases Delivered in Kilo • Predeployment Policy Enforcement – Application must comply with policies in order to be deployed • Runtime Policy Enforcement – It is possible to check if application does not breaching policies in runtime • Workflow Embracement – Workflow can be executed as part of application deployment
  • 6. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 How it works Application Designer System Administrator Application Enduser Policies Application Murano Congress Mistral VM Instances 3. Creates Policies Predeployment Policy Enfrocement Workflow Embracement RuntimePolicy Enfrocement OpenStack
  • 7. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 Policy Part: Murano – Congress Integration Technical Deep Dive • Mapping of Murano Environment object model to Congress policy tables – Murano environment is decomposed to following entities – Objects – holds individual environment objects • (e.g., common object types are environment, application, VM instance, …) – Properties – holds properties of objects – ParentTypes – holds type full type information of objects – States – holds state of environment – Relationships – holds relationships between objects with its type – Connected – holds all connected objects in environment (both direct and indirects) • Murano environments are pulled to Congress using datasource driver – For runtime enforcement • Congress policy rules can trigger/execute actions – Currently supports nova client action – For runtime enforcement
  • 8. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 Policy Part: Policy Validation Technical Deep Dive • Deployment scenario – predeployment_errors is table in Congress queried for deployment enforcement • Administrator has to create rules reporting violation to this table – Congress policy simulation API is used to validate if environment violates it or not • Simulation input is decomposed environment – Simulation puts temporarily data into Congress DB • Runtime scenario – No specific rule is named for runtime, as it is up to Congress administrator to specify handling of rule violation in Congress • passive (e.g., notification): data from such rules are read by administrator • active (e.g., action execution): rule triggers an action execution in Congress – Murano Congress Datasource driver pulls data from Murano environment, so Congress has available up- to-date environment data
  • 9. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 Workflow Part Technical Deep Dive • Murano provides Mistral client • Application Packages (MuranoPL) can use the Mistral Client to – Deploy workflow to Mistral – Execute the workflow • Example - $ep: $.tomcat.instance.floatingIpAddress + ':8080/petclinic' - $this.find(std:Environment).reporter.report($this, 'Running at http://' + $ep) - $mistral_workflow: $resources.string('TestTomcat.yaml') - $.mistralClient.upload(definition => $mistral_workflow) - $.mistralClient.run(name => 'test_tomcat', inputs => dict(url => 'http://' + $ep))
  • 10. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 Static Examples Demo • Full demo details available at https://wiki.openstack.org/wiki/PolicyGuidedFulfillmentDemo • Goal – Allow to deploy only Murano environments with PetClinic using • MySql in project demo • Postgresql in project qa
  • 11. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 Business Policy Creation Demo # Predeploy policy rules openstack congress policy rule create murano_system 'predeploy_errors(eid,oid,msg) :- murano:objects(oid,eid,type), murano:objects(eid,tid, "io.murano.Environment"), murano:parent_types(oid,"io.murano.Application"), tenantName(tid,tname), not allowedApp(type, tname),concat("Unsupported application detected: ", type, tmsg1),concat(tmsg1, ", ", tmsg2),objName(oid, oname), concat(tmsg2, oname, msg)' # allowed app main rules openstack congress policy rule create murano_system 'objName(oid,oname) :- murano:properties(oid, "name", oname)' openstack congress policy rule create murano_system 'tenantName(tid, tname) :- keystone:tenants(en,desc,tname,tid)' #demo tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.MySql", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.PetClinic", "demo")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "demo")' #qa tenant openstack congress policy rule create murano_system 'allowedApp("io.murano.databases.PostgreSql", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.java.PetClinic", "qa")' openstack congress policy rule create murano_system 'allowedApp("io.murano.apps.apache.Tomcat", "qa")'
  • 12. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.12 Invalid Environment Creation Demo
  • 13. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 Deployment Failure Demo
  • 14. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 Next Steps • Runtime Remediation – Policy identifies problem/defect/breach/overload/… of application, thus • (Simple) user/administrator is notified to deal with it • (Advanced) remediation Mistral workflow is started to deal with it • More Workflow integration in Murano – Murano Application implemented by workflows • Congress Improvements – Datasources – UI
  • 15. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 Resources • https://wiki.openstack.org/wiki/PolicyGuidedFulfillment • https://wiki.openstack.org/wiki/PolicyGuidedFulfillmentDemo • http://murano.readthedocs.org/en/latest/articles/policy_enf_index.html • https://wiki.openstack.org/wiki/Murano • https://wiki.openstack.org/wiki/Congress • https://wiki.openstack.org/wiki/Mistral • Contact us via Murano, Congress, Mistral IRC
  • 16. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The OpenStack TM attribution statement should used: The OpenStack wordmark and the Square O Design, together or part, are trademarks or registered trademarks of OpenStack Foundation in the United States and other countries, and are used with the OpenStack Foundation’s permission. Thank you