[openstack-dev] [Murano] [Mistral] SSH workflow action

Georgy Okrokvertskhov gokrokvertskhov at mirantis.com
Wed May 6 16:31:29 UTC 2015


On Wed, May 6, 2015 at 9:26 AM, Fox, Kevin M <Kevin.Fox at pnnl.gov> wrote:

> If your Mistral engine is on the same host as the network node hosting the
> router for the tenant, then it would probably work.... there are a lot of
> conditions in that statement though... Too many for my tastes. :/
>
> While I dislike agents running in the vm's, this still might be a good use
> case for one...
>
> This would also probably be a good use case for Zaqar I think. Have a
> generic "run shell commands from Zaqar queue" agent, that pulls commands
> from a Zaqar queue, and executes it.
>
> The vm's don't have to be directly reachable from the network then. You
> just have to push messages into Zaqar.
>
> From Murano's perspective though, maybe it shouldn't care. Should Mistral
> abstract away how to execute the action, leaving it up to Mistral how to
> get the action to the vm? If that's the case, then ssh vs queue/agent is
> just a Mistral implementation detail? Maybe the OpenStack Deployer chooses
> what's the best route for their cloud?
>
> Thanks,
> Kevins
>

+1 for MQ.

That is the path which proved itself to be working in most of the cases.

-1 for ssh as this is a big headache.

Thanks,
Gosha

> ________________________________________
> From: Filip Blaha [filip.blaha at hp.com]
> Sent: Wednesday, May 06, 2015 8:42 AM
> To: openstack-dev at lists.openstack.org
> Subject: [openstack-dev]  [Murano] [Mistral] SSH workflow action
>
> Hello
>
> We are considering implementing  actions on services of a murano
> environment via mistral workflows. We are considering whether mistral
> std.ssh action could be used to run some command on an instance. Example
> of such action in murano could be restart action on Mysql DB service.
> Mistral workflow would ssh to that instance running Mysql and run
> "service mysql restart". From my point of view trying to use SSH to
> access instances from mistral workflow is not good
> idea but I would like to confirm it.
>
> The biggest problem I see there is openstack networking. Mistral service
> running on some openstack node would not be able to access instance via
> its fixed IP (e.g. 10.0.0.5) via SSH. Instance could accessed via ssh
> from namespace of its gateway router e.g. "ip netns exec qrouter-... ssh
> cirros at 10.0.0.5" but I think it is not good to rely on implementation
> detail of  neutron and use it. In multinode openstack deployment it
> could be even more complicated.
>
> In other words I am asking whether we can use std.ssh mistral action to
> access instances via ssh on theirs fixed IPs? I think no but I would
> like to confirm it.
>
> Thanks
> Filip
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>



-- 
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com
Tel. +1 650 963 9828
Mob. +1 650 996 3284
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150506/59efa91b/attachment.html>


More information about the OpenStack-dev mailing list