Add infra-cloud spec

This spec describes the overall process of infra-cloud. The technical deployment decisions are being worked out in Icb35adf70fa98e64dbbe0464b95af3b5de51a980. Story: 2000175 Change-Id: Ie6a6fa331e687567b1b4b7d73499d08103671f02 Co-Authored-By: Clint Byrum <clint@fewbar.com>
2015-05-29 16:37:48 -07:00 · 2015-05-29 16:37:48 -07:00 · f4589a8862
commit f4589a8862
parent e5341aa6c2
2 changed files with 157 additions and 0 deletions
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -35,6 +35,7 @@ permits.
   :maxdepth: 1

   specs/doc-publishing
+   specs/infra-cloud
   specs/nodepool-launch-workers
   specs/nodepool-workers
   specs/public_hiera
--- a/specs/infra-cloud.rst
+++ b/specs/infra-cloud.rst
@ -0,0 +1,156 @@
+::
+
+  Copyright 2015 Hewlett-Packard Development Company, L.P.
+
+  This work is licensed under a Creative Commons Attribution 3.0
+  Unported License.
+  http://creativecommons.org/licenses/by/3.0/legalcode
+
+===========
+Infra-cloud
+===========
+
+Story: https://storyboard.openstack.org/#!/story/2000175
+
+With donated hardware and datacenter space, we can run an optimized
+semi-private cloud for the purpose of adding testing capacity and also
+with an eye for "dog fooding" OpenStack itself.
+
+Problem Description
+===================
+
+Currently all of the test resources that we use are provided by public
+clouds.  This is very useful to us and is also a good demonstration of
+a cross-public-cloud OpenStack application.  Some organizations are
+also able to provide hardware instead of (or in addition to) public
+cloud resources.  By operating that hardware as a private cloud with
+only OpenStack Infrastructure as a tenant, we can expand our test
+capacity and also demonstrate a public-private hybrid OpenStack
+application.
+
+Further, we can operate the cloud in a completely transparent manner
+as we do the rest of the project infrastructure and help bridge the
+gap between developers and operators.
+
+Proposed Change
+===============
+
+This spec describes the process of standing up the initial
+infra-cloud, but intentionally does not delve into technical detail.
+Many of those decisions will need to be made and updated as the
+process unfolds, and also need to be recorded as system documentation.
+Therefore, most of the actual technical decisions and documentation
+will happen in the system-config repository in the
+doc/source/infra-cloud.rst file.
+
+In order to accept a donation of hardware from an organization, we
+will also need to be provided a contact from the organization that can
+help us with any hands-on work needed to maintain the machines.  Newly
+donated hardware will be inventoried and standardized, and then an
+infra-cloud region will be deployed on it, as described in
+system-config.
+
+We have an initial hardware donation from HP in two data centers,
+which we will stand up as two clouds.  Once these clouds are well
+established, we can consider adding new clouds based on further
+donations as needed.  We may consider running a single centralized
+keystone in the future and combine the separate clouds into one cloud
+with multiple regions.
+
+Infra-cloud is run like any other infra managed service. Puppet
+modules and Ansible do the bulk of configuring hosts, and Gerrit code
+review drives 99% of activities, with logins used only for debugging
+and repairing the service.
+
+Our CI system itself is fault-tolerant across clouds, so no individual
+region of infra-cloud (or even infra-cloud as a whole) should be
+considered a critical piece of infrastructure.  There is no uptime
+guarantee and in the case of any error, we should be content to
+operate the CI system without part or all of infra-cloud until the
+error can be corrected in due course.
+
+In order to focus on our initial deployment goals, we are strictly
+limiting the scope of infra-cloud.  In particular it is not a general
+purpose cloud to provide services to any user other than the project
+infrastructure, and it is not intended to provide a special test
+environment (e.g., bare metal) not otherwise provided by public
+clouds.  It is also not intended as a test system for OpenStack
+itself; the update frequency of the version of OpenStack deployed on
+infra-cloud is not defined.  We may deploy new versions of OpenStack
+as needed, or we may continue to run a stable version for a length of
+time.
+
+Alternatives
+------------
+
+Continue to use only externally provided clouds.
+
+Implementation
+==============
+
+Assignee(s)
+-----------
+
+Primary assignee:
+  SpamapS
+
+Gerrit Topic
+------------
+
+Use Gerrit topic "infra-cloud" for all patches related to this spec.
+
+.. code-block:: bash
+
+    git-review -t infra-cloud
+
+Work Items
+----------
+
+* Normalize HP hardware
+* Agree on initial deployment choices (in system-config)
+* Write puppet implementation
+* Deploy
+* Begin use in nodepool
+
+Repositories
+------------
+
+No new repos are currently anticipated.
+
+Servers
+-------
+
+Many, as specified in system-config documentation.
+
+DNS Entries
+-----------
+
+A DNS entry should be registered for each Keystone auth endpoint.
+Other individual servers may also get their own DNS entries.
+
+Documentation
+-------------
+
+The system should be documented from before implementation and kept up
+to date in system-config.
+
+Security
+--------
+
+The only tenant will be OpenStack Infrastructure, and the tenant
+credentials will be managed in the normal way (using hiera) for CI
+clouds.  The administrative credentials will be similarly managed.  We
+would like to make a considerable amount of operational logging
+available publicly.  We will need to be concerned about leaking
+credentials through that process.
+
+Testing
+-------
+
+If nodepool works with it, it's good.  We could run tempest or
+refstack against it as well if we want.
+
+Dependencies
+============
+
+The technical decisions will be made in the system-config repository.