Thanks for confirmation, that trying direct from mistral ssh to VM via
fixed IP is not good idea.
Btw. It would probably not work even if mistral run on the same network
node hosting the router for the tenant because neutron creates separate
network namespace (ip netns qrouter-xxxxx) for each router and VMs are
accessible only from that namespace not from default.
Filip
On 05/06/2015 06:31 PM, Georgy Okrokvertskhov wrote:
On Wed, May 6, 2015 at 9:26 AM, Fox, Kevin M <kevin....@pnnl.gov
<mailto:kevin....@pnnl.gov>> wrote:
If your Mistral engine is on the same host as the network node
hosting the router for the tenant, then it would probably work....
there are a lot of conditions in that statement though... Too many
for my tastes. :/
While I dislike agents running in the vm's, this still might be a
good use case for one...
This would also probably be a good use case for Zaqar I think.
Have a generic "run shell commands from Zaqar queue" agent, that
pulls commands from a Zaqar queue, and executes it.
The vm's don't have to be directly reachable from the network
then. You just have to push messages into Zaqar.
>From Murano's perspective though, maybe it shouldn't care. Should
Mistral abstract away how to execute the action, leaving it up to
Mistral how to get the action to the vm? If that's the case, then
ssh vs queue/agent is just a Mistral implementation detail? Maybe
the OpenStack Deployer chooses what's the best route for their cloud?
Thanks,
Kevins
+1 for MQ.
That is the path which proved itself to be working in most of the cases.
-1 for ssh as this is a big headache.
Thanks,
Gosha
________________________________________
From: Filip Blaha [filip.bl...@hp.com <mailto:filip.bl...@hp.com>]
Sent: Wednesday, May 06, 2015 8:42 AM
To: openstack-dev@lists.openstack.org
<mailto:openstack-dev@lists.openstack.org>
Subject: [openstack-dev] [Murano] [Mistral] SSH workflow action
Hello
We are considering implementing actions on services of a murano
environment via mistral workflows. We are considering whether mistral
std.ssh action could be used to run some command on an instance.
Example
of such action in murano could be restart action on Mysql DB service.
Mistral workflow would ssh to that instance running Mysql and run
"service mysql restart". From my point of view trying to use SSH to
access instances from mistral workflow is not good
idea but I would like to confirm it.
The biggest problem I see there is openstack networking. Mistral
service
running on some openstack node would not be able to access
instance via
its fixed IP (e.g. 10.0.0.5) via SSH. Instance could accessed via ssh
from namespace of its gateway router e.g. "ip netns exec
qrouter-... ssh
cirros@10.0.0.5 <mailto:cirros@10.0.0.5>" but I think it is not
good to rely on implementation
detail of neutron and use it. In multinode openstack deployment it
could be even more complicated.
In other words I am asking whether we can use std.ssh mistral
action to
access instances via ssh on theirs fixed IPs? I think no but I would
like to confirm it.
Thanks
Filip
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe:
openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
<http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
--
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com <http://www.mirantis.com/>
Tel. +1 650 963 9828
Mob. +1 650 996 3284
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
