RETIRED, further work has moved to Debian project infrastructure
Go to file
Lingxian Kong 002ba71a18 Role based resource access control - update workflows
- Admin user could update other user's workflow.
- Admin user could update system workflow. Before this change, it is
  impossible to update system workflow.

TODO:
- Implement delete workflow by admin
- Implement for other resources(workfbook/execution/task/action, etc.)

Partially implements: blueprint mistral-rbac

Change-Id: Ia9372c9a4ffe1904e489513912596b9052ab3142
2017-01-17 23:07:39 +13:00
devstack Copy _50_mistral.py file from enabled folder 2016-12-22 15:57:22 +08:00
doc Removed unnecessary utf-8 encoding 2017-01-11 02:58:04 +00:00
etc Role based resource access control - get workflows 2016-12-22 14:12:33 +13:00
functionaltests Some minor code optimization in post_test_hook.sh 2016-08-25 08:25:08 +00:00
mistral Role based resource access control - update workflows 2017-01-17 23:07:39 +13:00
mistral_tempest_tests Use utcnow() instead of now() 2017-01-12 17:45:12 -05:00
rally-jobs Refactor 'stress_test' to fit the current layout better 2016-12-22 18:38:17 +07:00
releasenotes Merge "Removed unnecessary utf-8 encoding" 2017-01-11 11:34:52 +00:00
tools Merge "Added gnocchi action pack" 2017-01-11 06:34:13 +00:00
.coveragerc Exclude .tox folder from coverage report 2016-12-19 03:33:29 +00:00
.gitignore Remove unused pylintrc 2016-11-15 01:09:20 -08:00
.gitreview Update .gitreview file for project rename 2015-06-12 23:12:30 +00:00
.testr.conf Move gate tests under mistral/tests 2014-08-15 11:14:59 +04:00
CONTRIBUTING.rst Fixed http links in CONRIBUTING.rst 2016-09-08 17:17:55 +05:30
docker_image_build.sh Fixes the Mistral Docker image 2016-05-27 13:26:05 +02:00
LICENSE Adding license and authors file 2013-12-30 13:11:49 +07:00
README.rst Fix docs in README.rst 2016-12-19 07:19:23 -05:00
requirements.txt Updated from global requirements 2017-01-15 09:22:18 +00:00
run_functional_tests.sh Removed mistral/tests/functional 2016-01-29 11:04:03 +09:00
run_tests.sh Removal of unneccessary directory in run_tests.sh 2016-10-20 16:03:39 +05:30
setup.cfg Merge "Remove commented-out Apache 2 classifier from setup.cfg" 2016-12-09 08:58:36 +00:00
setup.py Updated from global requirements 2015-09-17 16:39:24 +00:00
test-requirements.txt Move mock requirement to test-requirements.txt 2017-01-05 11:02:16 +01:00
tox.ini Fix configuration generator 2016-12-19 07:12:41 -05:00

Team and repository tags

image

Mistral

Workflow Service for OpenStack cloud.

Installation

Prerequisites

It is necessary to install some specific system libs for installing Mistral. They can be installed on most popular operating systems using their package manager (for Ubuntu - apt, for Fedora, CentOS - yum, for Mac OS - brew or macports).

The list of needed packages is shown below:

  • python-dev
  • python-setuptools
  • python-pip
  • libffi-dev
  • libxslt1-dev (or libxslt-dev)
  • libxml2-dev
  • libyaml-dev
  • libssl-dev

In case of ubuntu, just run:

apt-get install python-dev python-setuptools libffi-dev \
  libxslt1-dev libxml2-dev libyaml-dev libssl-dev

Mistral can be used without authentication at all or it can work with OpenStack.

In case of OpenStack, it works only with Keystone v3, make sure Keystone v3 is installed.

Install Mistral

First of all, clone the repo and go to the repo directory:

$ git clone https://git.openstack.org/openstack/mistral.git
$ cd mistral

Devstack installation

Information about how to install Mistral with devstack can be found here.

Virtualenv installation:

$ tox

This will install necessary virtual environments and run all the project tests. Installing virtual environments may take significant time (~10-15 mins).

Local installation:

$ pip install -e .

or:

$ pip install -r requirements.txt
$ python setup.py install

Configuring Mistral

Mistral configuration is needed for getting it work correctly with and without an OpenStack environment.

  1. Install and configure a database which can be MySQL or PostgreSQL (SQLite can't be used in production.). Here are the steps to connect Mistral to a MySQL database.

    • Make sure you have installed mysql-server package on your Mistral machine.

    • Install MySQL driver for python:

      $ pip install mysql-python

      or, if you work in virtualenv, run:

      $ tox -evenv -- pip install mysql-python

      NOTE: If you're using Python 3 then you need to install mysqlclient instead of mysql-python.

    • Create the database and grant privileges:

      $ mysql -u root -p

      CREATE DATABASE mistral; USE mistral GRANT ALL ON mistral.* TO 'root'@'localhost';

  2. Generate mistral.conf file:

    $ oslo-config-generator \
      --config-file tools/config/config-generator.mistral.conf \
      --output-file etc/mistral.conf.sample
  3. Copy service configuration files:

    $ sudo mkdir /etc/mistral
    $ sudo chown `whoami` /etc/mistral
    $ cp etc/event_definitionas.yml.sample /etc/mistral/event_definitions.yml
    $ cp etc/logging.conf.sample /etc/mistral/logging.conf
    $ cp etc/policy.json /etc/mistral/policy.json
    $ cp etc/wf_trace_logging.conf.sample /etc/mistral/wf_trace_logging.conf
    $ cp etc/mistral.conf.sample /etc/mistral/mistral.conf
  4. Edit file /etc/mistral/mistral.conf according to your setup. Pay attention to the following sections and options:

    [oslo_messaging_rabbit]
    rabbit_host = <RABBIT_HOST>
    rabbit_userid = <RABBIT_USERID>
    rabbit_password = <RABBIT_PASSWORD>
    
    [database]
    # Use the following line if *PostgreSQL* is used
    # connection = postgresql://<DB_USER>:<DB_PASSWORD>@localhost:5432/mistral
    connection = mysql://<DB_USER>:<DB_PASSWORD>@localhost:3306/mistral
  5. If you are not using OpenStack, add the following entry to the /etc/mistral/mistral.conf file and skip the following steps:

    [pecan]
    auth_enable = False
  6. Provide valid keystone auth properties:

    [keystone_authtoken]
    auth_uri = http://<Keystone-host>/identity_v2_admin/v3
    identity_uri = http://<Keystone-host/identity_v2_admin
    auth_version = v3
    admin_user = <user>
    admin_password = <password>
    admin_tenant_name = <tenant>
  7. Register Mistral service and Mistral endpoints on Keystone:

    $ MISTRAL_URL="http://[host]:[port]/v2"
    $ openstack service create --name mistral workflowv2
    $ openstack endpoint create mistral public $MISTRAL_URL
    $ openstack endpoint create mistral internal $MISTRAL_URL
    $ openstack endpoint create mistral admin $MISTRAL_URL
  8. Update the mistral/actions/openstack/mapping.json file which contains all available OpenStack actions, according to the specific client versions of OpenStack projects in your deployment. Please find more detailed information in the tools/get_action_list.py script.

Before the First Run

After local installation you will find the commands mistral-server and mistral-db-manage available in your environment. The mistral-db-manage command can be used for migrating database schema versions. If Mistral is not installed in system then this script can be found at mistral/db/sqlalchemy/migration/cli.py, it can be executed using Python command line.

To update the database schema to the latest revision, type:

$ mistral-db-manage --config-file <path_to_config> upgrade head

For more detailed information about mistral-db-manage script please check file mistral/db/sqlalchemy/migration/alembic_migrations/README.md.

** NOTE: For users want a dry run with SQLite backend(not used in production), mistral-db-manage is not recommended for database initialization due to SQLite limitations. Please use sync_db script described below instead for database initialization.

Before starting Mistral server, run sync_db script. It prepares the DB, creates in it with all standard actions and standard workflows which Mistral provides for all mistral users.

If you are using virtualenv:

$ tools/sync_db.sh --config-file <path_to_config>

Or run sync_db directly:

$ python tools/sync_db.py --config-file <path_to_config>

Running Mistral API server

To run Mistral API server:

$ tox -evenv -- python mistral/cmd/launch.py \
    --server api --config-file <path_to_config>

Running Mistral Engines

To run Mistral Engine:

$ tox -evenv -- python mistral/cmd/launch.py \
    --server engine --config-file <path_to_config>

Running Mistral Task Executors

To run Mistral Task Executor instance:

$ tox -evenv -- python mistral/cmd/launch.py \
    --server executor --config-file <path_to_config>

Note that at least one Engine instance and one Executor instance should be running in order for workflow tasks to be processed by Mistral.

If you want to run some tasks on specific executor, the task affinity feature can be used to send these tasks directly to a specific executor. You can edit the following property in your mistral configuration file for this purpose:

[executor]
host = my_favorite_executor

After changing this option, you will need to start (restart) the executor. Use the target property of a task to specify the executor:

... Workflow YAML ...
task1:
  ...
  target: my_favorite_executor
... Workflow YAML ...

Running Multiple Mistral Servers Under the Same Process

To run more than one server (API, Engine, or Task Executor) on the same process:

$ tox -evenv -- python mistral/cmd/launch.py \
    --server api,engine --config-file <path_to_config>

The value for the --server option can be a comma-delimited list. The valid options are all (which is the default if not specified) or any combination of api, engine, and executor.

It's important to note that the fake transport for the rpc_backend defined in the configuration file should only be used if all Mistral servers are launched on the same process. Otherwise, messages do not get delivered because the fake transport is using an in-process queue.

Mistral Client

The Mistral command line tool is provided by the python-mistralclient package which is available here.

Debugging

To debug using a local engine and executor without dependencies such as RabbitMQ, make sure your /etc/mistral/mistral.conf has the following settings:

[DEFAULT]
rpc_backend = fake

[pecan]
auth_enable = False

and run the following command in pdb, PyDev or PyCharm:

mistral/cmd/launch.py --server all --config-file /etc/mistral/mistral.conf --use-debugger

Note

In PyCharm, you also need to enable the Gevent compatibility flag in Settings -> Build, Execution, Deployment -> Python Debugger -> Gevent compatible. Without this setting, PyCharm will not show variable values and become unstable during debugging.

Running unit tests in PyCharm

In order to be able to conveniently run unit tests, you need to:

  1. Set unit tests as the default runner:

Settings -> Tools -> Python Integrated Tools -> Default test runner: Unittests

  1. Enable test detection for all classes:

Run/Debug Configurations -> Defaults -> Python tests -> Unittests -> uncheck Inspect only subclasses of unittest.TestCase

Running examples

To run the examples find them in mistral-extra repository (https://github.com/openstack/mistral-extra) and follow the instructions on each example.

Tests

You can run some of the functional tests in non-openstack mode locally. To do this:

  1. set auth_enable = False in the mistral.conf and restart Mistral

  2. execute:

    $ ./run_functional_tests.sh

To run tests for only one version need to specify it:

$ bash run_functional_tests.sh v1

More information about automated tests for Mistral can be found on Mistral Wiki.