[openstack-dev] [Murano] [Mistral] SSH workflow action

Fox, Kevin M Kevin.Fox at pnnl.gov
Wed May 6 16:26:37 UTC 2015 

If your Mistral engine is on the same host as the network node hosting the router for the tenant, then it would probably work.... there are a lot of conditions in that statement though... Too many for my tastes. :/

While I dislike agents running in the vm's, this still might be a good use case for one...

This would also probably be a good use case for Zaqar I think. Have a generic "run shell commands from Zaqar queue" agent, that pulls commands from a Zaqar queue, and executes it.

The vm's don't have to be directly reachable from the network then. You just have to push messages into Zaqar.

>From Murano's perspective though, maybe it shouldn't care. Should Mistral abstract away how to execute the action, leaving it up to Mistral how to get the action to the vm? If that's the case, then ssh vs queue/agent is just a Mistral implementation detail? Maybe the OpenStack Deployer chooses what's the best route for their cloud?

Thanks,
Kevin
________________________________________
From: Filip Blaha [filip.blaha at hp.com]
Sent: Wednesday, May 06, 2015 8:42 AM
To: openstack-dev at lists.openstack.org
Subject: [openstack-dev]  [Murano] [Mistral] SSH workflow action

Hello

We are considering implementing  actions on services of a murano
environment via mistral workflows. We are considering whether mistral
std.ssh action could be used to run some command on an instance. Example
of such action in murano could be restart action on Mysql DB service.
Mistral workflow would ssh to that instance running Mysql and run
"service mysql restart". From my point of view trying to use SSH to
access instances from mistral workflow is not good
idea but I would like to confirm it.

The biggest problem I see there is openstack networking. Mistral service
running on some openstack node would not be able to access instance via
its fixed IP (e.g. 10.0.0.5) via SSH. Instance could accessed via ssh
from namespace of its gateway router e.g. "ip netns exec qrouter-... ssh
cirros at 10.0.0.5" but I think it is not good to rely on implementation
detail of  neutron and use it. In multinode openstack deployment it
could be even more complicated.

In other words I am asking whether we can use std.ssh mistral action to
access instances via ssh on theirs fixed IPs? I think no but I would
like to confirm it.

Thanks
Filip

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list