<div dir="ltr">Hi Tony,<div><br></div><div>Technically your solution is possible. Murano agent can be installed manually. All queue names are in agent's config file. Murano can talk to that manually installed agent and put files to that server.</div><div><br></div><div>However I strongly advice not to do that. First of all it is not secure. Murano agent was designed as a remote execution mechanism rather than a tool to transfer files. Also it was design to be installed on VM</div><div>rather that on a shared server. Currently there is no authentication for agents. Although it is not truly secure it still provides significant level of security because to make use of the agent you need to know its queue name</div><div>which is a long random string that only murano engine and agent know and AMQP doesn't provide an API to query list of queue names. But if you install agent manually there will be a single queue. And all applications that</div><div>need to access that agent will also need to know queue name. Thus it can be easily be compromised and attackers will gain ability to execute arbitrary code on the nova server. </div><div><br></div><div>It is also doesn't seem like a right solution. There should not be such specific requirements like this to perform such trivial thing. Especially if it involves using tool that was design for something else.</div><div><br></div><div>So what is the right solution? </div><div><br></div><div>I can see 2 possible ways to address this issue:</div><div><br></div><div>1. Improve Mistral API to support file attachments to its workbooks (if it doesn't support it yet). Improve murano-mistral integration to support this feature.</div><div>2. Implement integration of Murano with object storage. Thus it will be possible from Murano workflow to upload file and provide Mistral with a URI to it.</div><div><br></div><div>Solution #2 seem to be better. At least because it opens new possibilities for all applications and not just those that use Mistral.</div><div><br></div><div>There is also a workaround that I can think of: make Murano application create temporary VM with FTP server or something like that, put file into it and give Mistral a URI it could use to access the file.</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><span style="border-collapse:separate;color:rgb(0,0,0);font-family:'Times New Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="font-family:arial;font-size:small">Sincerely yours,<br>Stan Lagun<br>Principal Software Engineer @ Mirantis</span></span><br><span style="border-collapse:separate;color:rgb(0,0,0);font-family:'Times New Roman';font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;font-size:medium"><span style="font-family:arial;font-size:small"><br><a href="mailto:slagun@mirantis.com" target="_blank"></a></span></span></div></div></div>
<br><div class="gmail_quote">On Wed, Nov 18, 2015 at 1:06 PM, WANG, Ming Hao (Tony T) <span dir="ltr"><<a href="mailto:tony.a.wang@alcatel-lucent.com" target="_blank">tony.a.wang@alcatel-lucent.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-US" link="blue" vlink="purple">
<div>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Dear Alexander and Murano developers and testers,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Any suggestion for this?
</span><span style="font-size:11.0pt;font-family:Wingdings;color:#1f497d">J</span><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tony<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> WANG, Ming Hao (Tony T)
<br>
<b>Sent:</b> Tuesday, November 17, 2015 6:12 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> RE: [openstack-dev] [murano]How to use Murano to transmit files to Mistral and execute scripts on Mistral<u></u><u></u></span></p>
</div>
</div><span class="">
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Alexander,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks for your response.
<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">During the workflow running stage, it may need to access some other artifacts.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">In my case, I use Mistral workflow to call Ansible playbook, and I need Murano to put Ansible playbook into right place on Mistral server so that Mistral workflow
can find it.<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Thanks,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Tony<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p>
<div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Alexander Tivelkov [<a href="mailto:ativelkov@mirantis.com" target="_blank">mailto:ativelkov@mirantis.com</a>]
<br>
<b>Sent:</b> Tuesday, November 17, 2015 4:19 PM<br>
<b>To:</b> OpenStack Development Mailing List (not for usage questions)<br>
<b>Subject:</b> Re: [openstack-dev] [murano]How to use Murano to transmit files to Mistral and execute scripts on Mistral<u></u><u></u></span></p>
</div>
<p class="MsoNormal"><u></u> <u></u></p>
</span><div>
<p class="MsoNormal">Hi Tony,<u></u><u></u></p><span class="">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Probably I am missing something, but why do you need Murano Agent to interact with Mistral? You can call Mistral APIs right from MuranoPL code being executed by Murano Engine. Murano's core library contains the
<span style="font-size:9.0pt;font-family:Consolas;color:#183691">io.murano.system.MistralClient
</span>class ([1]) which may be used to upload and run mistral workflows.<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">Please let me know if you need more details on this<u></u><u></u></p>
</div>
<div>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
<div>
<p class="MsoNormal">[1] <a href="https://github.com/openstack/murano/blob/master/murano/engine/system/mistralclient.py" target="_blank">https://github.com/openstack/murano/blob/master/murano/engine/system/mistralclient.py</a><u></u><u></u></p>
</div>
</span></div>
<p class="MsoNormal"><u></u> <u></u></p>
<div><span class="">
<div>
<p class="MsoNormal">On Tue, Nov 17, 2015 at 5:07 AM WANG, Ming Hao (Tony T) <<a href="mailto:tony.a.wang@alcatel-lucent.com" target="_blank">tony.a.wang@alcatel-lucent.com</a>> wrote:<u></u><u></u></p>
</div>
</span><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<div>
<div><span class="">
<p class="MsoNormal">Dear Murano developers and testers,<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">I want to put some files that Mistral workflow needs into Murano package, and hope Murano can transmit them to Mistral before it calls Mistral workflow.<u></u><u></u></p>
<p class="MsoNormal">The flow should be as following:<u></u><u></u></p>
<p>1.<span style="font-size:7.0pt"> </span>User uploads one Murano package which includes both Murano artifacts and Mistral artifacts to Murano;<u></u><u></u></p>
<p>2.<span style="font-size:7.0pt"> </span>Murano transmits the Mistral artifacts to Mistral, and Mistral does its work.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">After study, I thought muranoagent may be helpful and plan to install a muranoagent on the Mistral server since it can put files into nova server, and can run scripts on the nova
server. <u></u><u></u></p>
<p class="MsoNormal">After further study, I found muranoagent solution may be not feasible:<u></u><u></u></p>
<p>1.<span style="font-size:7.0pt"> </span>muranoagent and murano-engine(dsl) uses rabbitMQ to communicate.<u></u><u></u></p>
<p>2.<span style="font-size:7.0pt"> </span>When an Agent object is created in DSL, murano-engine creates a unique message queue to communicate with the muranoagent in nova instance:<u></u><u></u></p>
<p class="MsoNormal" style="text-indent:36.0pt">
The queue name consists of current murano environment id, and the nova instance murano object id.<u></u><u></u></p>
<p>3.<span style="font-size:7.0pt"> </span>During murano creates the nova instance, it passes this unique queue name via nova user_data to muranoagent on guest.<u></u><u></u></p>
<p class="MsoNormal" style="text-indent:36.0pt">
In this way, muranoagents on different guests can communicate with murano-engine separately.<u></u><u></u></p>
<p class="MsoNormal">This doesn’t suit the muranoagent + Mistral server solution.<u></u><u></u></p>
<p class="MsoNormal">We only want to install one muranoagent in Mistral server, and it should only listen on one message queue.<u></u><u></u></p>
<p class="MsoNormal">We can’t create new muranoagent for each murano environment.<u></u><u></u></p>
<p class="MsoNormal">To achieve this, one solution that I can think is to modify murano code to implement a new MistralAgent to listen on a pre-defined message queue.<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Could you please share your ideas about this?<u></u><u></u></p>
</span><p class="MsoNormal">If you have other solution, please also help to share it. <span style="font-family:Wingdings">J</span><span style="font-family:Symbol">J</span><u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
<p class="MsoNormal">Thanks in advance,<u></u><u></u></p>
<p class="MsoNormal">Tony<u></u><u></u></p>
<p class="MsoNormal"> <u></u><u></u></p>
</div>
</div><span class="">
<p class="MsoNormal">__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" target="_blank">
OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><u></u><u></u></p>
</span></blockquote>
</div>
<div>
<p class="MsoNormal">-- <u></u><u></u></p>
</div>
<div>
<p class="MsoNormal">Regards,<u></u><u></u></p>
<div>
<p class="MsoNormal">Alexander Tivelkov<u></u><u></u></p>
</div>
</div>
</div>
</div>
<br>__________________________________________________________________________<br>
OpenStack Development Mailing List (not for usage questions)<br>
Unsubscribe: <a href="http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe" rel="noreferrer" target="_blank">OpenStack-dev-request@lists.openstack.org?subject:unsubscribe</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev" rel="noreferrer" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev</a><br>
<br></blockquote></div><br></div>