<div dir="ltr"><div><div><div><div>Hi,<br><br></div>From Murano experience I can tell you that ssh to VM in general case will not work. In order to have an ssh access you will have to assign floating IPs so that Mistral service will be able to connect to VM.<br></div>That is exactly the reason why Murano uses agent and MQ mechanism when client on VM initiates a connection. I believe the same issue was in Sahara when they used direct ssh connections to VMs.<br><br></div>Thanks<br></div>Gosha<br><div><div><div><br> </div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, May 6, 2015 at 9:00 AM, Pospisil, Radek <span dir="ltr"><<a href="mailto:radek.pospisil@hp.com" target="_blank">radek.pospisil@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
I think that the generic question is - can be O~S services also accessible on Neutron networks, so VM (created by Nova) can access it? We (I and Filip) were discussing this today and we were not make a final decision.<br>
Another example is Murano agent running on VMs - it connects to RabbitMQ which is also accessed by Murano engine....<br>
<br>
Regards,<br>
<br>
Radek<br>
<div class="HOEnZb"><div class="h5"><br>
-----Original Message-----<br>
From: Blaha, Filip<br>
Sent: Wednesday, May 06, 2015 5:43 PM<br>
To: <a href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a><br>
Subject: [openstack-dev] [Murano] [Mistral] SSH workflow action<br>
<br>
Hello<br>
<br>
We are considering implementing actions on services of a murano environment via mistral workflows. We are considering whether mistral std.ssh action could be used to run some command on an instance. Example of such action in murano could be restart action on Mysql DB service.<br>
Mistral workflow would ssh to that instance running Mysql and run "service mysql restart". From my point of view trying to use SSH to access instances from mistral workflow is not good idea but I would like to confirm it.<br>
<br>
The biggest problem I see there is openstack networking. Mistral service running on some openstack node would not be able to access instance via its fixed IP (e.g. 10.0.0.5) via SSH. Instance could accessed via ssh from namespace of its gateway router e.g. "ip netns exec qrouter-... ssh <a href="mailto:cirros@10.0.0.5">cirros@10.0.0.5</a>" but I think it is not good to rely on implementation detail of neutron and use it. In multinode openstack deployment it could be even more complicated.<br>
<br>
In other words I am asking whether we can use std.ssh mistral action to access instances via ssh on theirs fixed IPs? I think no but I would like to confirm it.<br>
<br>
Thanks<br>
Filip<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><font color="#999999"><span style="background-color:rgb(255,255,255)">Georgy Okrokvertskhov<br>
Architect,<br><span style="font-family:arial;font-size:small">OpenStack Platform Products,</span><br>
Mirantis</span><br>
<a href="http://www.mirantis.com/" target="_blank">http://www.mirantis.com</a><br>
Tel. +1 650 963 9828<br>
Mob. +1 650 996 3284</font><br></div></div>
</div>