• Application Publisher - An individual or company that publishes an application to an application catalog
  • End User - An individual or company attempting to self-provision an application from an application catalog
  • Catalog Administrator - An individual or company that maintains an application catalog and determines any relevant policies regarding its use.

Application Publisher

The process begins when an Application Publisher creates a new application description and publishes it to a Murano endpoint. It will then be available within any application catalog instances defined by that Murano endpoint, depending on the policies for that instance.

Application Publishers should be able to create new application by defining service metadata, describing properties and specifying all the steps necessary for deploying the service and its dependencies. The developer can create this definition from scratch or use an existing definition by extending it, similar to inheritance in the object-oriented paradigm. The Application Publisher can define the external dependencies of the service. This list of dependencies defines the other services (specified by their type) that must be present in the environment when the given service is being deployed.

Consider this example. An Application Publisher creates a service that provides a web application. The developer provides the name and other service properties, and specifies that the external dependencies are a web server and a database. When users want to deploy this service in an environment, they need to have a web-server service and a database service in that environment, and must be able to specify how they want to fulfill those requirements. (See the End User use cases for more information.)

The Application Publisher may define additional terms of use for their Service. For example, the developer may limit its usage and extensibility (via inheritance or referencing from another service) or specify billing rules.

Another important set of parameters that the Application Publisher may specify in the Service Definition are the usage metrics. These usage metrics define which aspects of the service should be monitored by Ceilometer or other monitoring tools supported by Murano when its instances are running. The Application Publisher can then specify the billing rules used with those metrics, essentially defining how much usage of a service will cost the user.

[Note that this proposal is meant to define a project that provides billing information, but because different organizations have different needs, it doesn’t define actual payment methods; payment may be handled by an external component, or it may be addressed in future versions of Murano.]

A service definition is not bound to any particular OpenStack deployment or instance of Murano. The developer may create a service definition and then publish that definition in several service catalog instances, (as long as publishing is permitted by the administrator of that catalog (see below)).

Catalog Administrator

A published service definition is managed by the catalog administrator.

Catalog administrators are the maintainers of the application service catalog. They have the ability to manually add or remove service definitions in a catalog, or act as moderators allowing or disallowing other Application Publishers to publish their service definitions. This control can be granular or not, as the administrator chooses. For example, the administrator may specify that any new submissions must be approved before being available to any end users, or the administrator may instead choose to make services available only to the OpenStack tenant associated with the application publisher until a service is approved. The administrator can also decide to make all services available to all upon submission, as in the case of a test cloud, or a small cloud in which all developers are “trusted”.

Administrators may also define their own billing rules, which will be in addition to the billing rules specified by the application publisher (if they were defined). This enables catalog administrators to cover the costs involved in running and maintaining the cloud. For example, a service that requires Microsoft Windows may incur a licensing cost for the operating system; this mechanism enables the catalog administrator to recoup that cost.

Catalog administrators also configure Role-Based Access Control rules (RBAC), which define which end users (which are associated with tenants) of the cloud have access to which services in the catalog, and whether they may be directly deployed or must be approved before deployment (see End User use cases). The billing rules for a particular service may also be defined specifically for a given tenant or a given user.

End User

Finally the service is ready for the end user.

A user should be able to create environments composed of one or more available services. The process is as follows:

The user browses a list of available services and selects one or more for deployment. If a selected service has dependencies that require other services to be deployed in the same environment, the user may either select an instance of the necessary service from instances of that type that are already present in the environment, or add a new instance of that type instead. Dependencies may include other services, or they may include resources such as a floating IP address or license key. Each service added to the environment must be properly configured; the user is prompted to provide all required properties, and the input is validated according to the rules defined in each service definition. When the user has finished configuring the environment, he or she can deploy the environment -- if he or she has the appropriate permissions. (See below.) Deployment of the environment means that instances are created, services are deployed, and all required configuration actions take place.

In some environments, it will be more appropriate for end users to submit their deployments to IT as a ticket. The IT department can then sanity-check the definitions, determine whether they are appropriate, and approve, modify, or deny the deployment. If the request is approved or modified, the IT department can then initiate the deployment, rather than the user.

Users can browse any deployed environments for which they have permissions, and inspect their state. Inspection includes the ability to determine which services are running on which nodes, how the services are configured, and so on. Users can modify service settings, add new services or remove existing ones, validate the changes (i.e. check that all the required properties are set to valid values, all the service dependencies exist and so on), and redeploy the environment by propagating these changes into the Cloud. The user can also inspect the usage metrics of the services running in his or her environments, and see billable activities and the total amount of money spent for a particular service.

Murano中的角色的更多相关文章

  1. ASP.NET Core 2.1中基于角色的授权

    ASP.NET Core 2.1中基于角色的授权 授权是来描述用户能够做什么的过程.例如,只允许管理员用户可以在电脑上进行软件的安装以及卸载.而非管理员用户只能使用软件而不能进行软件的安装以及卸载.它 ...

  2. Azure 门户中基于角色的访问控制入门

    面向安全的公司应侧重于向员工提供他们所需的确切权限. 权限过多,可能会向攻击者公开帐户. 权限太少意味着员工无法有效地完成其工作. Azure 基于角色的访问控制 (RBAC) 可通过为 Azure ...

  3. oracle中解决角色PLUSTRACE不存在

    在sqlplus中用autotrace查看执计划时出现如下错误提示: SYS@CDB$ROOT> conn scott/tiger@pdborcl Connected.会话已更改. SCOTT@ ...

  4. JNDI 在 J2EE 中的角色

    JNDI 在 J2EE 中的角色 Spring整合HIbernate时,三种数据库连接池的配置和比较 Tomcat 6 JNDI数据源详解 Tomcat 6 --- JNDI详解 Spring整合HI ...

  5. 进程在Linux内核中的角色扮演

    在Linux内核中,内核将进程.线程和内核线程一视同仁,即内核使用唯一的数据结构task_struct来分别表示他们:内核使用相同的调度算法对这三者进行调度:并且内核也使用同一个函数do_fork() ...

  6. Apache ZooKeeper在Kafka中的角色 - 监控和配置

    1.目标 今天,我们将看到Zookeeper在Kafka中的角色.本文包含Kafka中需要ZooKeeper的原因.我们可以说,ZooKeeper是Apache Kafka不可分割的一部分.在了解Zo ...

  7. 看源码,重新审视Spring Security中的角色(roles)是怎么回事

    在网上看见不少的博客.技术文章,发现大家对于Spring Security中的角色(roles)存在较大的误解,最大的误解就是没有搞清楚其中角色和权限的差别(好多人在学习Spring Security ...

  8. 五:Spring Security 中的角色继承问题

    Spring Security 中的角色继承问题 以前的写法 现在的写法 源码分析 SpringSecurity 在角色继承上有两种不同的写法,在 Spring Boot2.0.8(对应 Spring ...

  9. Marmoset Toolbag中的角色布光技巧 by Joe”EarthQuake”Wilson

    Sagat by Tim “spacemonkey” Appleby 有言在先 首先,我要感谢才华横溢的Tim“spacemonkey Appleby允许本教程中使用他那个极其NB的Sagat模型.不 ...

随机推荐

  1. Poj 1860 Currency Exchange(Bellman-Ford,SPFA解单源最短路径问题)

    一.题意 有多个货币交易点,每个只能互换两种货币,兑换的汇率不同,并收取相应的手续费.有N种货币,假定你拥有第S中,数量为V,有M个兑换点.问你能不能通过兑换操作使你最后拥有的S币比起始的时候多. 二 ...

  2. Python:collections的deque()方法

    转于:https://www.cnblogs.com/zhenwei66/p/6598996.html 博主:http://www.cnblogs.com/zhenwei66/(渐晨) python3 ...

  3. [413D][搜索]D - Field expansion

    http://codeforces.com/contest/799/problem/D 解题关键:因为3^11>100000,所以若只把2单独拿出,最多只需要暴力2^11次,故只需要dfs一下即 ...

  4. Flask16 项目结构、flask_script插件

    1 项目结构 需求:易维护.可扩展 1.1 views 处理逻辑和路由映射 C 1.2 models 模型类 M 1.3 templates 模板文件 V 1.4 static 今天文件,如:js.c ...

  5. 树莓派 Learning 002 装机后的必要操作 --- 01 解决上网问题

    树莓派 装机后的必要操作 - 解决上网问题 我的树莓派型号:Raspberry Pi 2 Model B V1.1 装机系统:NOOBS v1.9.2 树莓派 装机后的必要操作 解决上网问题 解决上网 ...

  6. 4、在线blast比对结果解析(保守结构域)

    转载:http://www.bio1000.com/experiment/fenzi/237846.html 标签: NCBI Blast LASTP 摘要 : NCBI BLAST比对结果报告分析: ...

  7. Luogu 2668 [NOIP2015]斗地主

    打牌技术不精,没有把$A$放在顺子里面搜,WA了好长时间. 盗用大佬的一张图: 当时自己搜的时候没有把四张牌拆成三带一等情况. 然后还有一点就是四张三张都出完之后直接数一数剩下的一张两张牌还要多少次出 ...

  8. python包管理

    如果是python 项目目录,例如pycharm里新建的python项目,则可以通过from,import导入目录下的文件夹. 如果是普通文件目录,则代码里不能相对方式导入该目录下的文件夹,需要加入要 ...

  9. C#中读写自定义的web 配置文件

    开发程序的过程中,有时候我们需要自己编写一个config文件,比如取名App.config, 然后写一些配置信息在里面.然后我们需要编写C#代码来对这个配置文件进行读写 比如:App.Config & ...

  10. HDU 5971 Wrestling Match (二分图)

    题意:给定n个人的两两比赛,每个人要么是good 要么是bad,现在问你能不能唯一确定并且是合理的. 析:其实就是一个二分图染色,如果产生矛盾了就是不能,否则就是可以的. 代码如下: #pragma ...