Open Stack

On 08/11/2016 06:25 AM, Steven Hardy wrote:
> On Wed, Aug 10, 2016 at 11:31:29AM -0400, Zane Bitter wrote:
>> On 09/08/16 21:21, Adam Young wrote:
>>> On 08/09/2016 06:00 PM, Zane Bitter wrote:
>>>> In either case a good mechanism might be to use a Heat Software
>>>> Deployment via the Heat API directly (i.e. not as part of a stack) to
>>>> push changes to the servers. (I say 'push' but it's more a case of
>>>> making the data available for os-collect-config to grab it.)
>>> This is the part that interests me most.  The rest, I'll code in python
>>> and we can call either from mistral or from Cron.  What would a stack
>>> like this look like?  Are there comparable examples?
>> Basically use the "openstack software config create" command to upload a
>> script and the "openstack software deployment create" command to deploy it
>> to a server. I don't have an example I can point you at, but the data is in
>> essentially the same format as the properties of the corresponding Heat
>> resources.[1][2] Steve Baker would know if we have any more detailed docs.
> Actually we wrapped a mistral workflow and CLI interface around this for
> operator convenience, so you can just do:
>
> [stack at instack ~]$ cat run_ls.sh
> #!/bin/sh
> ls /tmp
>
> [stack at instack ~]$ openstack overcloud execute -s overcloud-controller-0 run_ls.sh
>
> This runs a mistral workflow that creates the heat software config and
> software deployment, waits for the deployment to complete, then returns the
> result.
>
> Wiring in a periodic mistral workflow which does the same should be
> possible, but tbh I've not yet looked into the deferred authentication
> method in that case (e.g I assume it uses trusts but I've not tried it
> yet).
>
> This is the mistral workflow, it could pretty easily be reused or adapted
> for the use-case described I think:
>
> https://github.com/openstack/tripleo-common/blob/master/workbooks/deployment.yaml
>
Again, thanks for the stellar blooging, Steve.  POC was posted earlier 
this month.

http://adam.younglogic.com/2016/09/fernet-overcloud/

Packing up the tarball on the undercloud is the eay part.  I would like 
to come up with a general approach for securely distributing 
keys/secrets from undercloud to overcloud.  It might make sense to make 
use of Barbican for that in future release.



>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev