Open Stack

I am not sure "ip netns exec" can run a command in a VM.  I think it runs the command in hypervisor OS.

"virtio-serial" is one method supported for VM to hypervisor communication.

One way to do this is to have proxy agent in hypervisor OS which proxies the LB configuration requests from local SLB VM to Quantum LB Driver.

To take care  of any security issues,  proxy agents may need to have a mechanism to validate  VM to ensure that the VM connecting to it has permissions to get the LB configuration.

Thanks
Srini


From: Oleg Bondarev [mailto:obondarev at mirantis.com]
Sent: Monday, February 04, 2013 5:07 AM
To: OpenStack Development Mailing List
Subject: [openstack-dev] [quantum] executing shell commands on a tenant's VM

Hi guys,

Within LBaaS effort we need to configure HAProxy service which is running on one of tenant's VMs in a certain subnet.
Initially we were planning to configure two interfaces on such HAProxy VMs - one for tenant network and other for provider network - thus having an ability to simply reach the VM by ssh using an ip from provider network.
But finally we found this way inappropriate because it overloads provider network and provides an ability to a tenant to access provider network which is not good as well.

So I'd like to find a proper way of reaching tenant's VM to be able to execute commands on it.
In Quantum code I found that it can be done by using 'ip netns exec' (quantum/debug/debug_agent.py: QuantumDebugAgent.exec_command()) which is close to what I need. Are there any better ways to do it in quantum?

Thanks,
Oleg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130206/198a620c/attachment.html>