<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">yes. I agree that direction is
important from only networking piont of view. Usually is more
probable that VM on neutron network will be able to access O~S
service ( VM --> rabbit) then opposite direction from O~S
service to VM running on neutron network (mistral --> VM).<br>
<br>
Filip<br>
<br>
<br>
On 05/06/2015 06:39 PM, Georgy Okrokvertskhov wrote:<br>
</div>
<blockquote
cite="mid:CAG_6_on+A1qQ_BuVQsun+j4LhbQXh_pWk-0jbqwoeBbxL2vNjQ@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr">
<div>
<div>
<div>Connection direction here is important only in the
frame of networking connectivity problem solving. The
networking in OpenStack in general works in such a way so
that connections from VM are allowed to almost anywhere.
In Murano production deployment we use separate MQ
instance so that VMs have no access to OpenStack MQ.<br>
<br>
</div>
In the sense who initiates task execution it always a Murano
service which publishes tasks (shell script + necessary
files) in the MQ so that agent can pull them and execute.<br>
<br>
</div>
Thanks<br>
</div>
Gosha<br>
<div>
<div><br>
<br>
</div>
</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 6, 2015 at 9:31 AM, Filip
Blaha <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:filip.blaha@hp.com" target="_blank">filip.blaha@hp.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">Hello<br>
<br>
one more note on that. There is difference in direction who
initiates connection. In case of murano agent --> rabbit
MQ is connection initiated from VM to openstack
service(rabbit). In case of std.ssh mistral action is
direction opposite from openstack service (mistral) to ssh
server on VM.<span class="HOEnZb"><font color="#888888"><br>
<br>
Filip</font></span>
<div class="HOEnZb">
<div class="h5"><br>
<br>
On 05/06/2015 06:00 PM, Pospisil, Radek wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<br>
<br>
I think that the generic question is - can be O~S
services also accessible on Neutron networks, so VM
(created by Nova) can access it? We (I and Filip) were
discussing this today and we were not make a final
decision.<br>
Another example is Murano agent running on VMs - it
connects to RabbitMQ which is also accessed by Murano
engine....<br>
<br>
Regards,<br>
<br>
Radek<br>
<br>
-----Original Message-----<br>
From: Blaha, Filip<br>
Sent: Wednesday, May 06, 2015 5:43 PM<br>
To: <a moz-do-not-send="true"
href="mailto:openstack-dev@lists.openstack.org"
target="_blank">openstack-dev@lists.openstack.org</a><br>
Subject: [openstack-dev] [Murano] [Mistral] SSH
workflow action<br>
<br>
Hello<br>
<br>
We are considering implementing actions on services
of a murano environment via mistral workflows. We are
considering whether mistral std.ssh action could be
used to run some command on an instance. Example of
such action in murano could be restart action on Mysql
DB service.<br>
Mistral workflow would ssh to that instance running
Mysql and run "service mysql restart". From my point
of view trying to use SSH to access instances from
mistral workflow is not good idea but I would like to
confirm it.<br>
<br>
The biggest problem I see there is openstack
networking. Mistral service running on some openstack
node would not be able to access instance via its
fixed IP (e.g. 10.0.0.5) via SSH. Instance could
accessed via ssh from namespace of its gateway router
e.g. "ip netns exec qrouter-... ssh <a
moz-do-not-send="true" href="mailto:cirros@10.0.0.5"
target="_blank">cirros@10.0.0.5</a>" but I think it
is not good to rely on implementation detail of
neutron and use it. In multinode openstack deployment
it could be even more complicated.<br>
<br>
In other words I am asking whether we can use std.ssh
mistral action to access instances via ssh on theirs
fixed IPs? I think no but I would like to confirm it.<br>
<br>
Thanks<br>
Filip<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
<br>
</blockquote>
<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr"><font color="#999999"><span
style="background-color:rgb(255,255,255)">Georgy
Okrokvertskhov<br>
Architect,<br>
<span style="font-family:arial;font-size:small">OpenStack
Platform Products,</span><br>
Mirantis</span><br>
<a moz-do-not-send="true" href="http://www.mirantis.com/"
target="_blank">http://www.mirantis.com</a><br>
Tel. +1 650 963 9828<br>
Mob. +1 650 996 3284</font><br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>