Hello All, I've already posted a similar question to openstack general mailing list, but I feel that it belongs better to this mailing list.
I'm wondering is if there's a way to give a VM instance a limited "out of band" access to an external http proxy, just to allow the instances to do regular maintenance or management stuff, like upgrading packages or connect to some management tool (puppet, chef, ansible...). With "Out of Band" I mean without using NAT or Floating IP which require the VM to have connectivity within the tenant's resource (Networks, routers thus "in band"). This because I can imagine a number of situations where VM need to be reached only from other VM in the tenant but not from outside. In other words what I really want to understand is if I, in order to handle software deployment in my project, HAVE to make all VM instances reachable from outside. What I'm actually looking for is some sort of "out of band" access to the VMs that leaverage on the same mechanism used for metadata. I've successfully set up a nginx reverse proxy with listener in the tenant's networks namespace to do the task, but I cannot get rid of the "You're doing it wrong" feeling. :/ I mean I feel like I'm missing something important here, otherwise someone else would have had the same problem, which seems not to be the case, as I cannot find any web resources that raises the same question. Thanks in advance for any suggestion or direction, Andrea _______________________________________________ OpenStack-operators mailing list OpenStack-operators@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
