1. TOSCA Workloads with OpenStack Heat-Translator
Thursday, May 11:00am
Sahdev Zala
IBM Advisory Software Developer,
OpenStack PTL Heat-Translator
Matt Rutkowski
IBM STSM, Open Technologies & Standards
Chair OASIS TOSCA Simple Profile WG,
Simple Profile Lead Editor 1 1

2. Kilo: Heat-Translator now part of Heat Project!
OpenStack project
Status changed from Stackforge to OpenStack under Heat program
Implementation of new TOSCA features – networking, block storage, object storage, capabilities etc.
Availability to use on command line
Support for user input parameters
Growing TOSCA ecosystem
Implementation of TOSCA relationship templates, custom types
TOSCA
Template or
CSAR
TOSCA Types
TOSCA Nodes
Map
Generate
Heat Orchestration Template
(HOT)
Validation
Tests
Validation
Tests
Deploy
TOSCA Parser
HOT Generator
Heat

3. Kilo: Heat-Translator in Action!
Clone the project
heat_translator.py --template-file=translator/toscalib/tests/data/tosca_helloworld.yaml --template-type=tosca
Can provide input parameters per template need as, --parameters="purpose=test“
TOSCA YAML
HOT YAML
Liberty plan:
Implement CLIFF framework to build friendlier CLI
Make Heat-Translator available to use in python-openstackclient (OSC) via plugin

4. Kilo: Heat-Translator supports Multi-Tier TOSCA use cases
Application Tier
Database Tier
PayPal
Sample
App
MongoDB
mongo_db
Database
paypal_pizzastore
WebApplication
Artifacts
Config
Start
Artifacts
Create DB
ConnectsTo
Requirements
Requirements
Container
Endpoint.DB
Capabilities
Mongo
DBMS
Container
Endpoint.DB
Nodejs
nodejs
WebServer
HostedOn
mongo_dbms
DBMS
HostedOn
Artifacts
Create
Artifacts
Create
Config
Start
Capabilities
Capabilities
Container
Container
Requirements
Container
Requirements
Container
app_server
Compute
HostedOn
mongo_server
Compute
HostedOn
Part 1
Capabilities
Capabilities
Container
Container

5. Logging/Monitoring Tier (ELK)
Kilo: Heat-Translator supports Multi-Tier TOSCA use cases
Part 2
Database Tier
mongo_dbms
DBMS
mongo_server
Compute
mongo_db
Database
Application Tier
paypal_pizza
store
WebApplication
Logging/Monitoring Tier (ELK)
nodejs
WebServer
logstash
SoftwareComponent
elasticsearch
SoftwareComponent
kibana
SoftwareComponent
Artifacts
Create
Config
Start
Artifacts
Create
Config
Start
Artifacts
Create
Config
Start
Capabilities
ConnectsTo
ConnectsTo
Capabilities
ConnectsTo
app_server
Compute
log_endpoint
search_endpoint
Requirements
Requirements
search_endpoint
search_endpoint
Requirements
Container
Container
Container
collectd
logstash_server
Compute
HostedOn
elasticsearch _server
Compute
HostedOn
kibana_server
Compute
HostedOn
rsyslog
Capabilities
Capabilities
Capabilities
Container
Container
Container

6. Kilo: Block and ObjectStorage (Cinder, Swift)
my_web_server_1 (Compute)
storage_attach_1 (AttachesTo)
location: /some_location
my_storage (BlockStorage)
my_web_server_1
Compute
Attributes
private_address
public_address
networks
ports
Capabilities
Container
OperatingSystem
Requirements
Attachment
...
storage_attach_1
Properties
location:
/some_location
AttachesTo
my_storage
BlockStorage
Capabilities
Attachment
Properties
size
volume_id
snapshot_id
my_web_server_2
Compute
Attributes
private_address
public_address
networks
ports
Capabilities
Container
OperatingSystem
Requirements
Attachment
...
storage_attach_2
Properties
location:
/another_location
AttachesTo
Abstract
A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes.
In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.
We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance.
We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.
my_web_server_2 (Compute)
storage_attach_2 (AttachesTo)
volume_id for my_storage
location: /another_location 6 6

7. Kilo: Network Modeling (Neutron)
Supports a Plurality of Logical Public & Private Networks
Connected via logical Ports nodes (via LinksTo and BindsTo)
my_app_1
Compute
Attributes
private_address
public_address
networks
ports
Capabilities
Container
...
Bindable
port_1
Port
Capabilities
Linkable
Requirements
Bindable
BindsTo
LinksTo
private_net_1
Network
Capabilities
Linkable
port_2
Port
Capabilities
Linkable
Requirements
Bindable
Abstract
A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes.
In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.
We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance.
We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.
BindsTo
LinksTo
public_net_1
Network
Capabilities
Linkable
Application Model separate from Network Model
Allows developers to Model JUST the application and bind to existing tenant networks 7 7

8. Liberty Plans: Containers & Repositories
PaaS Modeling
Template author chooses to expose or hide runtime topology & implementation
Container Application Modeling
Agnostic of PaaS Cloud Provider
PaaS on OpenStack, Cloud Foundry, Azure, etc.
Docker Hub
(Repository)
docker_mysql
PaaS Subsystem (hidden)
Container.App.Docker
my_PaaS_platform
Artifacts
- my_image:
type: Image.Docker
URI: mysql
repository: docker
Docker Image
for mysql
Container.Runtime
Capabilities
Requirements
Container
Hosted On
Container
Runtime.Docker
Runtime.Docker
...
Runtime.Nodejs
...
Abstract
A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes.
In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.
We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance.
We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.
Runtime.J2EE
Heat-Translator could automatically retrieve and deploy a Docker image from a declared Repository
TOSCA Templates can model their repositories (e.g., Docker Hub)
Heat could dynamically “pull” templates, definitions, scripts, configuration files, etc. from multiple repos.
PaaS Layer exposes “runtimes” as TOSCA Capabilities
Docker, Nodejs, JSP, J2EE, etc. 8 8

9. Liberty Plans: Policies
TOSCA v1.0 intends to support policies in the areas of :
Placement (Affinity), Scaling and Performance
with Rules that are evaluated to execute Automatic and Imperative Triggers 2
Policy
Type
Rule
Trigger
my_scaling_group 1
Policy
Type
Rule
Trigger
my_app_1
Compute
Capabilities
Container
...
Lifecycle
create
configure
backend_app
Compute 3
web-app
Compute
my_database
Compute
Policy
Type
Rule
Trigger
Abstract
A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes.
In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.
We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance.
We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.
Policies be modeled as Requirements using TOSCA Capability Types
That can be attached to Interfaces or specific Operations,
Nodes and
Groups of Nodes 9 9

10. Future Plans: Network Functions Virtualization (NFV)
Plan: Heat-Translator working with Neutron related OpenNFV projects
TOSCA liaising with ETSI NFV and OpenNFV standards work groups
Support for NFV graph constructs:
Abstract
A key feature of any Cloud infrastructure is to provide auditing capabilities for compliance with security, operational and business processes.
In this talk we provide an overview of the recent enhancements made in OpenStack projects to support API and security auditing using the DMTF Cloud Auditing Data Federation (CADF) standard.
We will describe how auditing is seamlessly enabled for Nova, Glance, Swift, Cinder, Neutron and Keystone and illustrate what is audited, where it is stored, what the records contain and how this supports compliance.
We will finish by presenting some possible future directions such as extending the use of CADF beyond audit to facilitate event correlation and federation across multiple tiers.
TOSCA Profile Drafts model
Software Defined Networks (SDN) on OpenStack
Support Network Service Descriptors (NSD)
Virtual Network Function Descriptors (VNFD)
Forwarding Graphs as sequences of Connection Points (CPs) (In-Progress) 10 10

11. https://launchpad.net/heat-translator
Please join us as a contributor on the
Heat-Translator project: