A workflow visualization tool for OpenStack Mistral

See CloudFlow in action

• Visualize the flow of workflow executions
• Identify the execution path of a single task in huge workflows
• Search by any entity ID
• Identify long-running tasks at a glance
• Easily distinguish between simple task (an action) and a sub workflow execution
• Follow tasks with a retry and/or with-items
• 1-click to copy task's input/output/publish/params values
• See complete workflow definition and per task definition YAML
• And more...

• Requirements
• Installation
• Docker Installation
• Upgrading
• Authentication
• Development and Building

CloudFlow requires Mistral Pike or greater, as we rely on new runtime_context added to Mistral Pike.

CloudFlow has no dedicated backend service and passes the API calls to Mistral via Proxy settings.

In the scripts folder there are 2 configuration files: one for when using ngnix and one for apache.

To run CloudFlow on your Mistral instance:

1. Go to releases tab and download the latest release. Extract into a known location (i.e. /opt) so you'll have a /opt/CloudFlow/ folder.
   • There will be 2 folders in there: dist which holds the UI application, and scripts for the various web servers options.
2. Copy the appropriate configuration file to the configuration directory on your Mistral machine:
   • nginx: usually: /etc/nginx/conf.d/http/servers/
   • Apache2:
     • Linux: /etc/apache2/sites-enabled/.
     • Mac: /etc/apache2/other/. Also make sure that the environment variable APACHE_LOG_DIR is set to the proper value. On Mac computers it's usually /var/log/apache2.
     • Note that for apache2 several modules need to be enabled. See file for more info.
3. Optionally update the path in the configuration file(s) to point to the dist folder (i.e. /opt/CloudFlow/dist)
4. Optionally update the port for which CloudFlow will be served in the browser (currently: 8000)
5. Optionally enable HTTPS in the configuration file.
6. Restart nginx/apache.
7. Open the browser and navigate to http[s]://<your_mistral_ip>:8000.

This image based on multi-stage build. The first layer is used to create a artifacts. The second layer is the nginx alpine image.

docker build -t cloud-flow .

• without SSL

docker run -d --rm --net=host --name cloud-flow cloud-flow

• using SSL

Generate certificates, for example

mkdir certs
cd certs
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt

Run container

docker run --rm -d --net host --name cloud-flow \
       -v _absolute_path_/CloudFlow/certs:/etc/nginx/ssl:ro -e CF_SSL=ssl cloud-flow

Whenever there is an update to CloudFlow, simply download the latest version's .tar.gz and extract it in the same place.

wget -qO- https://github.com/nokia/CloudFlow/releases/download/<version>/CloudFlow.tar.gz | tar xvz -C /opt

CloudFlow supports the OpenID Connect protocol (and was tested against KeyCloak).

If your Mistral requires authentication and uses the OpenID Connect protocol, create the following auth.json file under the assets/ folder (i.e. assets/auth.json):

{
  "_type": "openid-connect",
  "issuer": "<Url of the Identity Provider>",
  "loginUrl": "<Url for login endpoint>",
  "logoutUrl": "<Url for logout endpoint, optional>",
  "clientId": "<Client Identifier valid at the Authorization Server>"
}

You can obtain all the URLs by examining the output of https://<openid-server-ip>:<port>/auth/realms/<realm>/.well-known/openid-configuration

Redirecting from different applications to the CloudFlow. CloudFlow supports reading access_token form authenticated application opened in another tab with the same browser without passing the access_token in the URL.

The authenticated application should allow that by adding the following:

Adding cross-domain-storage dependency in the host application:

import createHost from 'cross-domain-storage/host';
createHost([{
  origin: 'CloudFlow URL',
  allowedMethods: ['get']
 }]);

If you want to work w/o authentication, make sure your Mistral does not require authentication to perform REST API requests, by setting the following in /etc/mistral/mistral.conf:

[pecan]
auth_enable=False

Also, make sure there is no auth.json file under the assets/ directory.

• Clone this repo
• yarn install (preferred) or npm install
• Edit proxy.conf.json to point your Mistral instance.
• Edit the auth.json file (if needed)
• npm run start

• Clone this repo
• yarn install (preferred) or npm install
• npm run build
• The artifacts will be stored in dist folder.