On Wed, May 13, 2015 at 5:42 PM, Zane Bitter wrote:
> There is more to multi-tenancy than just authentication/authorisation.
> It's also things like making sure one tenant's use of resources doesn't
> affect another tenant's (e.g. creating a denial of service by maxing out
> capacity); being able
questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
+1. Is it a separate e-mail thread or IRC meeting?
Thanks
Gosha
On Wed, May 13, 2015 at 10:21 AM, Fox, Kevin M
mailto:kevin@pnnl.gov>> wrote:
it seems like the trove/zaqar guys are talking about a very simil
get together and chat?
>
> Thanks,
> Kevin
> --
> *From:* Stan Lagun [sla...@mirantis.com]
> *Sent:* Tuesday, May 12, 2015 11:52 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Murano] [Mistr
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
On Wed, May 13, 2015 at 2:46 AM, Fox, Kevin M
mailto:kevin@pnnl.gov>> wrote:
Awesome. When is it/where do I go to look up that info?
http://sched.c
On 12/05/15 09:44, Stan Lagun wrote:
+1 for making Murano Engine <-> Murano Agent communication plugable so
that one can switch to Zaqar or anything else.
Cool, thanks.
However watching RabbitMQ
development for years I know hard can it be to build efficient and
reliable system and I'm just no
ns.
cheers,
Zane.
Thanks,
Kevin
*From:* Georgy Okrokvertskhov [gokrokvertsk...@mirantis.com]
*Sent:* Tuesday, May 12, 2015 10:06 AM
*To:* OpenStack Development Mailing List (not for usage questions)
*Subject:* Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
The
On Wed, May 13, 2015 at 2:46 AM, Fox, Kevin M wrote:
> Awesome. When is it/where do I go to look up that info?
http://sched.co/3Clo
Sincerely yours,
Stan Lagun
Principal Software Engineer @ Mirantis
__
OpenStack Developm
ack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
There is one thing which still bothers me. It is authentication. Right now with
separate RabbitMQ instance we keep VMs authentication isolated from OpenStack
infra.
This is still
>
> Thanks,
> Kevin
> --
> *From:* Georgy Okrokvertskhov [gokrokvertsk...@mirantis.com]
> *Sent:* Tuesday, May 12, 2015 10:06 AM
> *To:* OpenStack Development Mailing List (not for usage questions)
>
> *Subject:* Re: [openstack-dev] [Mura
gt; Thanks
> Gosha
>
>
>
> On Tue, May 12, 2015 at 8:58 AM, Fox, Kevin M wrote:
>
>> +1
>> ________________________
>> From: Zane Bitter [zbit...@redhat.com]
>> Sent: Monday, May 11, 2015 6:15 PM
>> To: openstack-dev@lists.openstack.or
From: Georgy Okrokvertskhov [gokrokvertsk...@mirantis.com]
Sent: Tuesday, May 12, 2015 10:06 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
There is one thing which still bothers me. It is
Sent: Monday, May 11, 2015 6:15 PM
> To: openstack-dev@lists.openstack.org
> Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
>
> Hello!
>
> This looks like a perfect soapbox from which to talk about my favourite
> issue ;)
>
> You're right about t
+1
From: Zane Bitter [zbit...@redhat.com]
Sent: Monday, May 11, 2015 6:15 PM
To: openstack-dev@lists.openstack.org
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
Hello!
This looks like a perfect soapbox from which to talk about my
I would encourage everyone to listen Zane. I think Zaqar is the way to go
for Murano. It is not the first time when someone asks as to switch MQ
technologies. Remember our journey with ZeroMQ?
Lets meet with Zaqar team on the summit and discuss what we can do
together. As I remember Zaqar even had
+1 for making Murano Engine <-> Murano Agent communication plugable so that
one can switch to Zaqar or anything else. However watching RabbitMQ
development for years I know hard can it be to build efficient and reliable
system and I'm just not sure Zaqar can compete with such battle-proven
thing li
Zane,
Fully agree with you vision here.
> On 12 May 2015, at 07:15, Zane Bitter wrote:
>
> * Add an action in Mistral for sending a message to a Zaqar queue. This is
> easy and there's no reason you couldn't do it right now.
Any volunteers?
> * Add a way to trigger a Mistral workflow with a
Hello!
This looks like a perfect soapbox from which to talk about my favourite
issue ;)
You're right about the ssh idea, for the reasons discussed related to
networking and a few more that weren't (e.g. users shouldn't have to and
generally don't want to give their private SSH keys to cloud
:24 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
Kevin,
I do agree that lack of RabbitMQ multi-tenancy is a problem. However as this is
developers mailing list I would suggest to contribute and make Muran
Stan,
At the beginning we considered whether we could implement action on a
murano application via mistral workflow. We thought that it could be
beneficial to use workflow engine to implement some non-trivial action
e.g. reconfiguration of some complex application within murano
environment. O
Filip,
> Currently there is no support in mistral how to execute scripts on VM via
murano agent
Mistral can call Murano application action that will do the job via agent.
Actions are intended to be called by 3rd party systems with single HTTP
request
Sincerely yours,
Stan Lagun
Principal Softwar
Hi
there is VPN mechanism in neutron we could consider for future how to
get around these networking obstacles if we would like to use direct SSH.
1) every private created by murano would create VPN gateway on public
interface of the router [1]
neutron vpn-service-create --name myvpn --desc
Hi Stan
we wanted interact with murano applications from mistral. Currently
there is no support in mistral how to execute scripts on VM via murano
agent (maybe I miss something). We noticed std.ssh mistral action so we
consider SSH as one of the options. I think that it is not good idea due
t
09, 2015 7:21:17 PM
> *To:* OpenStack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
>
> Filip,
>
> If I got you right the plan is to have Murano application execute
> Mistral workflow that SSH to VM an
usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
Filip,
If I got you right the plan is to have Murano application execute Mistral
workflow that SSH to VM and executes particular command? And alternative is
Murano->Mistral->Zaquar->Zaquar agent?
Why can&#
Filip,
If I got you right the plan is to have Murano application execute Mistral
workflow that SSH to VM and executes particular command? And alternative is
Murano->Mistral->Zaquar->Zaquar agent?
Why can't you just send this command directly from Murano (to Murano agent
on VM)? This is the most co
Generally yes, std.ssh action works as long as network infrastructure allows
access to a host using specified IP, it doesn’t provide anything on top of that.
> On 06 May 2015, at 22:26, Fox, Kevin M wrote:
>
> This would also probably be a good use case for Zaqar I think. Have a generic
> "ru
Stack Development Mailing List (not for usage questions)
> *Subject:* Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
>
> Hi,
>
> When we use Murano in production there is a MQ service which is running
> on OpenStack controllers but it listens on public inter
antis.com]
Sent: Thursday, May 07, 2015 9:18 AM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
Hi,
When we use Murano in production there is a MQ service which is running on
OpenStack controllers but it listens on p
Hi,
When we use Murano in production there is a MQ service which is running on
OpenStack controllers but it listens on public interface. It means that
both Murano which is running on OpenStack controllers and Agent on VMs have
an access to this MQ via external (public) network.
When Murano creates
yes. I agree that direction is important from only networking piont of
view. Usually is more probable that VM on neutron network will be able
to access O~S service ( VM --> rabbit) then opposite direction from O~S
service to VM running on neutron network (mistral --> VM).
Filip
On 05/06/2015
Thanks for confirmation, that trying direct from mistral ssh to VM via
fixed IP is not good idea.
Btw. It would probably not work even if mistral run on the same network
node hosting the router for the tenant because neutron creates separate
network namespace (ip netns qrouter-x) for each
rds,
Radek
From: Georgy Okrokvertskhov [mailto:gokrokvertsk...@mirantis.com]
Sent: Wednesday, May 06, 2015 6:40 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action
Connection direction here is important only in
Connection direction here is important only in the frame of networking
connectivity problem solving. The networking in OpenStack in general works
in such a way so that connections from VM are allowed to almost anywhere.
In Murano production deployment we use separate MQ instance so that VMs
have no
On Wed, May 6, 2015 at 9:26 AM, Fox, Kevin M wrote:
> If your Mistral engine is on the same host as the network node hosting the
> router for the tenant, then it would probably work there are a lot of
> conditions in that statement though... Too many for my tastes. :/
>
> While I dislike agen
Hello
one more note on that. There is difference in direction who initiates
connection. In case of murano agent --> rabbit MQ is connection
initiated from VM to openstack service(rabbit). In case of std.ssh
mistral action is direction opposite from openstack service (mistral) to
ssh server on
Hi,
>From Murano experience I can tell you that ssh to VM in general case will
not work. In order to have an ssh access you will have to assign floating
IPs so that Mistral service will be able to connect to VM.
That is exactly the reason why Murano uses agent and MQ mechanism when
client on VM in
If your Mistral engine is on the same host as the network node hosting the
router for the tenant, then it would probably work there are a lot of
conditions in that statement though... Too many for my tastes. :/
While I dislike agents running in the vm's, this still might be a good use case
Hello,
I think that the generic question is - can be O~S services also accessible on
Neutron networks, so VM (created by Nova) can access it? We (I and Filip) were
discussing this today and we were not make a final decision.
Another example is Murano agent running on VMs - it connects to Rabbit
38 matches
Mail list logo
