<div dir="ltr"><div><span style="font-size:12.8000001907349px">Filip,</span></div><span style="font-size:12.8000001907349px"><div><span style="font-size:12.8000001907349px"><br></span></div>> Currently there is no support in mistral how to execute scripts on VM via murano agent </span><br><div><span style="font-size:12.8000001907349px"><br></span></div><div><span style="font-size:12.8000001907349px">Mistral can call Murano application action that will do the job via agent. Actions are intended to be called by 3rd party systems with single HTTP request</span></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span style="border-collapse:separate;color:rgb(0,0,0);font-family:'Times New Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="font-family:arial;font-size:small">Sincerely yours,<br>Stan Lagun<br>Principal Software Engineer @ Mirantis</span></span><br><span style="border-collapse:separate;color:rgb(0,0,0);font-family:'Times New Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="font-family:arial;font-size:small"><br><a href="mailto:slagun@mirantis.com" target="_blank"></a></span></span></div></div></div>
<br><div class="gmail_quote">On Mon, May 11, 2015 at 11:27 AM, Filip Blaha <span dir="ltr"><<a href="mailto:filip.blaha@hp.com" target="_blank">filip.blaha@hp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>Hi <br>
<br>
there is VPN mechanism in neutron we could consider for future how
to get around these networking obstacles if we would like to use
direct SSH.<br>
<br>
1) every private created by murano would create VPN gateway on
public interface of the router [1]<br>
<br>
<font color="#3333ff">neutron vpn-service-create --name myvpn
--description "My vpn service" router1 mysubnet</font><br>
<br>
2) any service like mistral which needs directly access VM via SSH
(or other protocols) would connect to that VPN and then it could
directly access VM on its fixed IP<br>
<br>
This mechanism would probably resolve network obstacles. But it
requires more effort to analyse it.<br>
<br>
[1] <a href="https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall" target="_blank">https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall</a><span class="HOEnZb"><font color="#888888"><br>
<br>
Filip</font></span><div><div class="h5"><br>
<br>
On 05/08/2015 10:22 AM, Renat Akhmerov wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<pre>Generally yes, std.ssh action works as long as network infrastructure allows access to a host using specified IP, it doesn’t provide anything on top of that.
</pre>
<blockquote type="cite">
<pre>On 06 May 2015, at 22:26, Fox, Kevin M <a href="mailto:kevin.fox@pnnl.gov" target="_blank"><kevin.fox@pnnl.gov></a> wrote:
This would also probably be a good use case for Zaqar I think. Have a generic "run shell commands from Zaqar queue" agent, that pulls commands from a Zaqar queue, and executes it.
The vm's don't have to be directly reachable from the network then. You just have to push messages into Zaqar.
</pre>
</blockquote>
<pre>Yes, in Mistral it would be another action that puts a command into Zaqar queue. This type of action doesn’t exist yet but it can be plugged in easily.
</pre>
<blockquote type="cite">
<pre>Should Mistral abstract away how to execute the action, leaving it up to Mistral how to get the action to the vm?
</pre>
</blockquote>
<pre>Like I mentioned previously it should be just a different type of action: “zaqar.something” instead of “std.ssh”. Mistral engine itself works with all actions equally, they are just basically functions that we can plug in and use in Mistral workflow language. From this standpoint Mistral is already abstract enough.
</pre>
<blockquote type="cite">
<pre>If that's the case, then ssh vs queue/agent is just a Mistral implementation detail?
</pre>
</blockquote>
<pre>More precisely: implementation detail of Mistral action which may not be even hardcoded part of Mistral, we can rather plug them in (using stevedore underneath).
Renat Akhmerov
@ Mirantis Inc.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: <a href="mailto:OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a>
</pre>
</blockquote>
<br>
</div></div></div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>