[openstack-dev] [Murano] [Mistral] SSH workflow action

Filip Blaha filip.blaha at hp.com
Thu May 7 08:24:48 UTC 2015 

Thanks for confirmation, that trying direct from mistral ssh to VM via 
fixed IP is not good idea.

Btw. It would probably not work even if mistral run on the same network 
node hosting the router for the tenant because neutron creates separate 
network namespace (ip netns qrouter-xxxxx) for each router and VMs are 
accessible only from that namespace not from default.

Filip


On 05/06/2015 06:31 PM, Georgy Okrokvertskhov wrote:
>
>
> On Wed, May 6, 2015 at 9:26 AM, Fox, Kevin M <Kevin.Fox at pnnl.gov 
> <mailto:Kevin.Fox at pnnl.gov>> wrote:
>
>     If your Mistral engine is on the same host as the network node
>     hosting the router for the tenant, then it would probably work....
>     there are a lot of conditions in that statement though... Too many
>     for my tastes. :/
>
>     While I dislike agents running in the vm's, this still might be a
>     good use case for one...
>
>     This would also probably be a good use case for Zaqar I think.
>     Have a generic "run shell commands from Zaqar queue" agent, that
>     pulls commands from a Zaqar queue, and executes it.
>
>     The vm's don't have to be directly reachable from the network
>     then. You just have to push messages into Zaqar.
>
>     >From Murano's perspective though, maybe it shouldn't care. Should
>     Mistral abstract away how to execute the action, leaving it up to
>     Mistral how to get the action to the vm? If that's the case, then
>     ssh vs queue/agent is just a Mistral implementation detail? Maybe
>     the OpenStack Deployer chooses what's the best route for their cloud?
>
>     Thanks,
>     Kevins
>
>
> +1 for MQ.
>
> That is the path which proved itself to be working in most of the cases.
>
> -1 for ssh as this is a big headache.
>
> Thanks,
> Gosha
>
>     ________________________________________
>     From: Filip Blaha [filip.blaha at hp.com <mailto:filip.blaha at hp.com>]
>     Sent: Wednesday, May 06, 2015 8:42 AM
>     To: openstack-dev at lists.openstack.org
>     <mailto:openstack-dev at lists.openstack.org>
>     Subject: [openstack-dev]  [Murano] [Mistral] SSH workflow action
>
>     Hello
>
>     We are considering implementing  actions on services of a murano
>     environment via mistral workflows. We are considering whether mistral
>     std.ssh action could be used to run some command on an instance.
>     Example
>     of such action in murano could be restart action on Mysql DB service.
>     Mistral workflow would ssh to that instance running Mysql and run
>     "service mysql restart". From my point of view trying to use SSH to
>     access instances from mistral workflow is not good
>     idea but I would like to confirm it.
>
>     The biggest problem I see there is openstack networking. Mistral
>     service
>     running on some openstack node would not be able to access
>     instance via
>     its fixed IP (e.g. 10.0.0.5) via SSH. Instance could accessed via ssh
>     from namespace of its gateway router e.g. "ip netns exec
>     qrouter-... ssh
>     cirros at 10.0.0.5 <mailto:cirros at 10.0.0.5>" but I think it is not
>     good to rely on implementation
>     detail of  neutron and use it. In multinode openstack deployment it
>     could be even more complicated.
>
>     In other words I am asking whether we can use std.ssh mistral
>     action to
>     access instances via ssh on theirs fixed IPs? I think no but I would
>     like to confirm it.
>
>     Thanks
>     Filip
>
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> -- 
> Georgy Okrokvertskhov
> Architect,
> OpenStack Platform Products,
> Mirantis
> http://www.mirantis.com <http://www.mirantis.com/>
> Tel. +1 650 963 9828
> Mob. +1 650 996 3284
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150507/9b36ae66/attachment.html>

More information about the OpenStack-dev mailing list