Add multiple OpenStack cloud support

Story: #2002126 Task: #22578 Change-Id: I3dbbf558290e144f649a740507747ac31dfc8b8c
2018-06-28 13:42:10 +08:00 · 2018-06-28 13:42:10 +08:00 · cf6d31ae3b
parent d90acffe4e
commit cf6d31ae3b
1 changed files with 144 additions and 0 deletions
--- a/specs/rocky/multi-cloud-support.rst
+++ b/specs/rocky/multi-cloud-support.rst
@ -0,0 +1,144 @@
+..
+ This work is licensed under a Creative Commons Attribution 3.0 Unported
+ License.
+
+ http://creativecommons.org/licenses/by/3.0/legalcode
+
+..
+ This template should be in ReSTructured text. File a story in StoryBoard
+ (https://storyboard.openstack.org/#!/project/989). Please do not delete
+ any of the sections in this template. If you have nothing to say for a
+ whole section, just write: None
+ For help with syntax, see http://sphinx-doc.org/rest.html
+ To test out your formatting, see http://www.tele3.cz/jbar/rest/rest.html
+
+======================
+Multiple Cloud support
+======================
+
+Include the URL of your story in StoryBoard:
+
+https://storyboard.openstack.org/#!/story/2002126
+
+To allow Orchestration service to orchestrate cross OpenStack environment.
+This spec propose we support multiple OpenStack cloud orchestration.
+Use ``OS::Heat::Stack`` resource with new properties to provide credential
+information of another OpenStack environment.
+
+Problem description
+===================
+
+Can't orchestrate cross multiple OpenStack cloud. For users who running
+applications cross multiple OpenStack clouds, this means they need to use
+other tools to run Stacks separately cross sites for same applications.
+This behavior is harmful for resource dependencies.
+
+Proposed change
+===============
+
+Implement multi-cloud support as an extension to the existing multi-region
+support. Allow operate a remote stack (from another OpenStack cloud) as a
+resource in stack from local OpenStack cloud.
+
+I propose we add multi cloud support into ``OS::Heat::Stack`` and change the
+property schema for ``context``. Within context, we should adding
+following properties:
+
+* provider_credential_secret_id: ID of Barbican Secret. Which stores authN
+  information for provider in remote cloud.
+
+Here is the example template looks like:
+
+resources:
+  remote_stack:
+    type: OS::Heat::Stack
+    properties:
+      context:
+          region_name: RegionOne
+          provider_credential_secret_id: {Secret_ID_For_Access_Remote_Cloud}
+      template: { get_file: remote_template.yaml }
+      timeout: 60
+      parameters:
+        name: foo
+
+
+To provide ``provider_credential_secret_id`` property, All cloud
+general information will be fetched from Barbican secret.
+
+
+``OS::Heat::Stack`` will use above authN info (loaded with
+``provider_credential_secret_id``). to access a remote Orchestration
+service. A credential secret ID (``provider_credential_secret_id``) is a
+Barbican Secret ID. We not recomanded to use entire secret href since it
+contains URL of Barbican service hance we don't support it as value. In
+secret, the secret payload must content a string which contain a json
+format dictionary. In dictionary, contains following keys:
+
+ * auth: a dictionary to store authentication information.(It's same
+   configuration way as in clouds.yaml, see [1] and [2] for more detail on
+   format)
+ * auth_type: A string to show auth_type of above auth info (see [2] for more
+   information).
+
+Here is an example string format:
+"{
+ 'auth_type': 'v3applicationcredential',
+ 'auth': {'auth_url': 'https://192.168.1.101/identity/v3',
+     'application_credential_id': '9dfa187e5a354484bf9c49a2b674333a',
+     'application_credential_secret': 'sec'}}"
+
+Must make sure the authentication information which user provied at very
+begining must be able to get that credential secret ID (ID of secret) from
+Barbican service if we going to use ``provider_credential_secret_id``.
+
+Because there might be a potential cross version compatibility issue, try to
+run same version of code in two OpenStack cloud or to test your environment
+with exactally what you're going to run on it.
+
+Alternatives
+------------
+
+One can manually or use external tools to talk to multiple clouds and operate
+with it, but have to take care dependencies cross multiple sites by themself.
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  Rico Lin <ricolin, rico.lin@easystack.cn>
+  Zane Bitter <zaneb, zbitter@redhat.com>
+
+
+Milestones
+----------
+
+Target Milestone for completion:
+  rocky-rc1
+
+Work Items
+----------
+
+* Support ``OS::Heat::Stack`` to access Orchestration service from another
+  OpenStack
+
+* Add functional test
+
+* Document the guideline and releasenote.
+
+* (optional) Operator-provided clouds.yaml support
+
+
+Dependencies
+============
+
+Descussion in PTG: https://etherpad.openstack.org/p/ptg-rocky-multi-cloud
+
+Implementation:
+https://review.openstack.org/#/q/topic:bp/multiple-cloud-support+(status:open+OR+status:merged)
+
+
+[1] https://docs.openstack.org/python-openstackclient/latest/configuration/index.html#clouds-yaml
+[2] https://docs.openstack.org/keystoneauth/latest/plugin-options.html