<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for confirmation, that trying
direct from mistral ssh to VM via fixed IP is not good idea. <br>
<br>
Btw. It would probably not work even if mistral run on the same
network node hosting the router for the tenant because neutron
creates separate network namespace (ip netns qrouter-xxxxx) for
each router and VMs are accessible only from that namespace not
from default.<br>
<br>
Filip<br>
<br>
<br>
On 05/06/2015 06:31 PM, Georgy Okrokvertskhov wrote:<br>
</div>
<blockquote
cite="mid:CAG_6_on8NhsAWNSN-pBFpaJrq-yQO46JAc6zxC4JAZWnqkO3Gg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 6, 2015 at 9:26 AM, Fox,
Kevin M <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:Kevin.Fox@pnnl.gov" target="_blank">Kevin.Fox@pnnl.gov</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">If your
Mistral engine is on the same host as the network node
hosting the router for the tenant, then it would probably
work.... there are a lot of conditions in that statement
though... Too many for my tastes. :/<br>
<br>
While I dislike agents running in the vm's, this still
might be a good use case for one...<br>
<br>
This would also probably be a good use case for Zaqar I
think. Have a generic "run shell commands from Zaqar
queue" agent, that pulls commands from a Zaqar queue, and
executes it.<br>
<br>
The vm's don't have to be directly reachable from the
network then. You just have to push messages into Zaqar.<br>
<br>
>From Murano's perspective though, maybe it shouldn't
care. Should Mistral abstract away how to execute the
action, leaving it up to Mistral how to get the action to
the vm? If that's the case, then ssh vs queue/agent is
just a Mistral implementation detail? Maybe the OpenStack
Deployer chooses what's the best route for their cloud?<br>
<br>
Thanks,<br>
Kevins<br>
</blockquote>
<div><br>
</div>
<div>+1 for MQ.<br>
<br>
</div>
<div>That is the path which proved itself to be working in
most of the cases.<br>
<br>
</div>
<div>-1 for ssh as this is a big headache.<br>
<br>
</div>
<div>Thanks,<br>
</div>
<div>Gosha<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
________________________________________<br>
From: Filip Blaha [<a moz-do-not-send="true"
href="mailto:filip.blaha@hp.com">filip.blaha@hp.com</a>]<br>
Sent: Wednesday, May 06, 2015 8:42 AM<br>
<span class="im HOEnZb">To: <a moz-do-not-send="true"
href="mailto:openstack-dev@lists.openstack.org">openstack-dev@lists.openstack.org</a><br>
Subject: [openstack-dev] [Murano] [Mistral] SSH
workflow action<br>
<br>
</span>
<div class="HOEnZb">
<div class="h5">Hello<br>
<br>
We are considering implementing actions on services
of a murano<br>
environment via mistral workflows. We are considering
whether mistral<br>
std.ssh action could be used to run some command on an
instance. Example<br>
of such action in murano could be restart action on
Mysql DB service.<br>
Mistral workflow would ssh to that instance running
Mysql and run<br>
"service mysql restart". From my point of view trying
to use SSH to<br>
access instances from mistral workflow is not good<br>
idea but I would like to confirm it.<br>
<br>
The biggest problem I see there is openstack
networking. Mistral service<br>
running on some openstack node would not be able to
access instance via<br>
its fixed IP (e.g. 10.0.0.5) via SSH. Instance could
accessed via ssh<br>
from namespace of its gateway router e.g. "ip netns
exec qrouter-... ssh<br>
<a moz-do-not-send="true"
href="mailto:cirros@10.0.0.5">cirros@10.0.0.5</a>"
but I think it is not good to rely on implementation<br>
detail of neutron and use it. In multinode openstack
deployment it<br>
could be even more complicated.<br>
<br>
In other words I am asking whether we can use std.ssh
mistral action to<br>
access instances via ssh on theirs fixed IPs? I think
no but I would<br>
like to confirm it.<br>
<br>
Thanks<br>
Filip<br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br>
__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage
questions)<br>
Unsubscribe: <a moz-do-not-send="true"
href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe"
target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a moz-do-not-send="true"
href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev"
target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
<div class="gmail_signature">
<div dir="ltr"><font color="#999999"><span
style="background-color:rgb(255,255,255)">Georgy
Okrokvertskhov<br>
Architect,<br>
<span style="font-family:arial;font-size:small">OpenStack
Platform Products,</span><br>
Mirantis</span><br>
<a moz-do-not-send="true"
href="http://www.mirantis.com/" target="_blank">http://www.mirantis.com</a><br>
Tel. +1 650 963 9828<br>
Mob. +1 650 996 3284</font><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a class="moz-txt-link-abbreviated" href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</body>
</html>