congress updates - liberty edition
TRANSCRIPT
Overview
An Open Policy Framework for the Datacenter
Congress
Policy
Network Compute Storage Others
Neutron Nova Cinder Swift …
Design Goals
1. Any Service
2. Any Policy
Example
Policy:
Every network attached to a VM must be a public network or a private network owned by someone in the same group as the VM owner.
Cloud Services:– Nova: a manager for VMs– Neutron: a manager for virtual networks– Keystone: manager for group-membership
Capabilities• Monitoring. Identify policy violations
• Enforcement. Take action to eliminate policy violations– Proactive: prevent violations
– Reactive: correct violations
– Delegation: divvy problem among other policy engines
• Audit. Chronicle history pertinent to policy
Kilo status• Level 3 in the big tent
• Ground work: RESTful API, Command-line interface, GUI (Horizon), Keystone integration, devstack integration, tempest tests
• Policy engine: Datalog with negation but without recursion
• Integrated Services: Ceilometer, Cinder, CloudFoundry, Glance, Ironic, Keystone, Murano, Neutron, Nova, Plexxi, Swift, vCenter
• Capabilities: Monitoring, proactive/reactive enforcement
Liberty: Reactive Enforcement
Congress
1. Change requested
Nova
2. Identify violation
3. Execute actions
KiloPolicy statements likeif <conditions> then <action>
Liberty● Provide admin controls to disable/limit action execution● Add API that lists the available actions● Enlarge number of services capable of executing actions
Kilo/Liberty: High Availability Architecture
Congress Congress Congress
Load Balancer
Shared database
Message bus
Congress
Liberty: Scale Out Architecture
Neutron Nova Cinder Swift
Nova DriverNeutron Driver Cinder Driver Swift Driver
Policy Engine
Liberty: Delegation with Keystone?
Congress
Policy
Neutron Nova Cinder Swift …
Contact Information
Wikihttps://wiki.openstack.org/wiki/Congress
IRC#congress
IRC MeetingsTuesdays @ 10a Pacific = 1700 UTC on #openstack-meeting-3