The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The Cisco IaaS/PaaS/SaaS Integration Release 1.0 architecture specifies the data flow, the API interactions and the integration points between Cisco PSC, related orchestration engines, and specific resource managers for the relevant IaaS, PaaS, and SaaS layers. This specific document focuses on the architecture, design, implementation and validation of the Cisco Prime Service Catalog OpenShift Integration 1.0 release. Figure 2-1 depicts the goal of this release—to enable Cisco Prime Catalog integration with OpenShift Enterprise 2.0 (OSE 2.0).
Figure 2-1 Cisco Prime Catalog Integration with OpenShift Enterprise 2.0
The solution focuses on the integration aspects rather than the implementation of IaaS or PaaS systems. As such, the scope of the document is limited to implementing, testing and validation of specific use cases outlined in the “Use Cases” section.
To enable the implementation and testing of the integration points between Cisco Prime Catalog and OpenShift Enterprise Broker, the underlying IaaS infrastructure is assumed to be pre-built/built out.
IaaS-level solutions available in today's market are fairly mature, but an integrated experience in ordering and managing PaaS services and IaaS services through the same management portal and using the same orchestration tool sets is lacking. Customers are looking to Cisco for an integrated IaaS, PaaS, and SaaS ordering and orchestration solution that allows them to expose the power and functionality of their data center infrastructure and value-added platform and software services to their end-users.
The following user cases satisfy a majority of concerns outlined and pave the way for future iterations, providing greater integration between the Service Catalog and the PaaS system (OpenShift).
End users logging into the PSC can currently order IaaS services (VMs, networks, storage) for underlying IaaS implementations (VSphere or OpenStack based) using packaged Cisco Prime solutions. The same set of users must be able to order PaaS application stacks easily from the same set of Prime Catalog portal pages.
OpenShift introduces the concept of cartridges for specific web application stack capabilities. PSC must allow portal users to provision and instantiate those cartridges into an OpenShift installation.
Similar to the current PSC capabilities for listing all end user-owned IaaS resources and the ability to take actions against them (start, stop, etc.), the PSC must provide a PaaS component / application-level view of the resources ordered and allows the user to take actions against them.
This guide enables the following capabilities:
OpenShift allows application web stacks to be created that use the inbuilt scaling features, including auto scaling and manual scaling.
By default, OpenShift runs all applications in a shared set of IaaS resources (VMs, hosts, network segments) using Linux container primitives (CGroups, SElinux, etc.) to ensure secure multi-tenancy within the VMS. End users/customers may have a requirement to host a specific set of applications / application stacks in a separate set of IaaS resources from the primary shared pool of VMs.
This guide enables the following:
Figure 2-2 OpenShift Nodes in Public and Private Districts
Figure 2-3 shows the products chosen for this solution based on functional availability within the necessary time frame.
Figure 2-3 Cisco PSC—OpenShift Integration Architecture
The system architecture follows the current industry best practices for integration:
As such, the integration in this document uses existing adapters available in the PSC ServiceLink component to talk to the OpenShift Broker via APIs.
If an existing component in the PSC does not meet the integration requirements, this document lists out custom components and scripts developed to aid in the integration.
All calls to the OpenShift broker REST APIs are synchronous in nature. The PSC does not store OpenShift Broker-managed artifact and metadata in the Service Catalog database. Instead, all displays and display updates in the PSC portal are done in real-time via API calls.
The following system components are detailed:
PSC provides the necessary functionality for the end user and administrative portals and the end user-facing service catalog. PSC is a highly customizable product and, if required, an extensive Advanced Services team specializing in IAC is available to assist the customer with more complex work flows.
In brief, end user requests for compute, network, and/or storage and platform/application resources are received in PSC. The ServiceLink component then instructs the required domain orchestrator’s to execute the appropriate tasks in order to fulfill the end user request.
The following sections describe the features and functionalities of IAC that are relevant to meeting the requirements for managing and configuring OpenShift through Cisco Prime Services Catalog.
The Cisco PSC with additional IAC portal content is provided as a virtual appliance for ease of deployment. One of the components of SC is the Service Designer, which allows the Cloud Provider to design and package services as products and to catalog these services for end users to browse through and order. The look and feel of the portal is fully customizable, allowing the Cloud Provider to brand the portal as appropriate. Refer to Cisco Service Portal Designer Guide for details.
OpenShift Enterprise consists of several components. This section defines primary components, and various configurations within the document.
Figure 2-4 shows the Open/Shift product architecture.
Figure 2-4 OpenShift Product Architecture
The diagrams in subsequent sections show elements based on the legend in Figure 2-5.
Figure 2-5 Legend for Elements in this Document
An OpenShift Enterprise deployment consists of two logical types of hosts: a broker and one or more nodes. The broker handles the creation and management of user applications, the user authentication service, and manages communication with the appropriate nodes. The nodes run the user applications in contained environments called gears. The broker queries and controls nodes using a messaging service. Figure 2-6 provides a simplified version of the interaction between these two types of hosts.
Figure 2-6 Broker Interaction with Node Hosting Gears/Applications
In this document OpenStack IaaS is used to:
Supporting components are those that are not part of the scope of this document, but are required to provide support for the components above(e.g. VMWare ESX for hosting PSC VM image).
The packaged PSC component used in this validation is packaged as a VMware VM Image (OVF) file. An ESX server is utilized to stand up the packaged PSC appliance.
Future iterations of this document will use an IaaS-agnostic version of the PSC appliance.
The packaged PSC appliance comes with its own Active Directory installation. The same active directory is leveraged in this document to act as an authentication store for both PSC and the OpenShift Broker.
Table 2-1 shows Cisco components.
Table 2-2 shows third party components