Open Stack

Hi Oleg,

An alternative would be to setup an "administrator project" in which the HAProxy VMs will be instantiated for all tenants.
This administrator should have the rights to connect the HA Proxy to the tenant network and to the Management network.
The tenant will not be able to see the VM nor should he be allowed to log into this VM via the tenant network.
In this mode the LB appears as a service and the tenant is not exposed to how it is implemented which is one of the designs we are looking for.

Regards,
               -Sam.



From: Oleg Bondarev [mailto:obondarev at mirantis.com]
Sent: Monday, February 04, 2013 3:07 PM
To: OpenStack Development Mailing List
Subject: [openstack-dev] [quantum] executing shell commands on a tenant's VM

Hi guys,

Within LBaaS effort we need to configure HAProxy service which is running on one of tenant's VMs in a certain subnet.
Initially we were planning to configure two interfaces on such HAProxy VMs - one for tenant network and other for provider network - thus having an ability to simply reach the VM by ssh using an ip from provider network.
But finally we found this way inappropriate because it overloads provider network and provides an ability to a tenant to access provider network which is not good as well.

So I'd like to find a proper way of reaching tenant's VM to be able to execute commands on it.
In Quantum code I found that it can be done by using 'ip netns exec' (quantum/debug/debug_agent.py: QuantumDebugAgent.exec_command()) which is close to what I need. Are there any better ways to do it in quantum?

Thanks,
Oleg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130204/50d55bd4/attachment.html>