congress updates - liberty edition
TRANSCRIPT
![Page 2: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/2.jpg)
Overview
An Open Policy Framework for the Datacenter
Congress
Policy
Network Compute Storage Others
Neutron Nova Cinder Swift …
![Page 3: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/3.jpg)
Design Goals
1. Any Service
2. Any Policy
![Page 4: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/4.jpg)
Example
Policy:
Every network attached to a VM must be a public network or a private network owned by someone in the same group as the VM owner.
Cloud Services:– Nova: a manager for VMs– Neutron: a manager for virtual networks– Keystone: manager for group-membership
![Page 5: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/5.jpg)
Capabilities• Monitoring. Identify policy violations
• Enforcement. Take action to eliminate policy violations– Proactive: prevent violations
– Reactive: correct violations
– Delegation: divvy problem among other policy engines
• Audit. Chronicle history pertinent to policy
![Page 6: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/6.jpg)
Kilo status• Level 3 in the big tent
• Ground work: RESTful API, Command-line interface, GUI (Horizon), Keystone integration, devstack integration, tempest tests
• Policy engine: Datalog with negation but without recursion
• Integrated Services: Ceilometer, Cinder, CloudFoundry, Glance, Ironic, Keystone, Murano, Neutron, Nova, Plexxi, Swift, vCenter
• Capabilities: Monitoring, proactive/reactive enforcement
![Page 7: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/7.jpg)
Liberty: Reactive Enforcement
Congress
1. Change requested
Nova
2. Identify violation
3. Execute actions
KiloPolicy statements likeif <conditions> then <action>
Liberty● Provide admin controls to disable/limit action execution● Add API that lists the available actions● Enlarge number of services capable of executing actions
![Page 8: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/8.jpg)
Kilo/Liberty: High Availability Architecture
Congress Congress Congress
Load Balancer
Shared database
![Page 9: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/9.jpg)
Message bus
Congress
Liberty: Scale Out Architecture
Neutron Nova Cinder Swift
Nova DriverNeutron Driver Cinder Driver Swift Driver
Policy Engine
![Page 10: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/10.jpg)
Liberty: Delegation with Keystone?
Congress
Policy
Neutron Nova Cinder Swift …
![Page 11: Congress Updates - Liberty Edition](https://reader034.vdocuments.us/reader034/viewer/2022042716/55b9fa2fbb61eb7f638b4623/html5/thumbnails/11.jpg)
Contact Information
Wikihttps://wiki.openstack.org/wiki/Congress
IRC#congress
IRC MeetingsTuesdays @ 10a Pacific = 1700 UTC on #openstack-meeting-3