<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p><font face="SFNS Display">Hi colleagues,</font></p>
<p><font face="SFNS Display">are there ways to control guest VMs
which reside in isolated network?</font></p>
<p><font face="SFNS Display">In general, there two methods are
available:</font></p>
<ol>
<li><font face="SFNS Display">use Heat's SoftwareDeployment method</font></li>
<li><font face="SFNS Display">use Qemu Guest Agent</font></li>
</ol>
<p><font face="SFNS Display">First method requires accessibility of
Keystone/Heat (os-collect-agent authorizes on Keystone, receives
endpoints list and use public Heat's endpoint to deploy
changes), but, since network is isolated, these addresses are inaccessible.
It can work if Neutron can provide proxying like it do for
Metadata server, but I didn't find this kind of functionality
neither in Neutron's documentation nor in other sources. And I don't
want to apply another NIC to VM for access to Keystone/Heat, since
it violates customer's rules (this is, by design, isolated
network with just VPN connection to premises). So the first
question is - <b>whether Neutron can proxy requests to
Keystone/Heat like it do this for Metadata</b>?</font></p>
<p><font face="SFNS Display">Second method (using qemu guest agent)
gives some control of VM, but, again, I wasn't be able to find
how this can achieved using Nova. There are some mentions about
this functionality but no details and examples. So, the second
question - <b>whether Nova supports qemu guest agent and allows
to use available calls of QEMU-ga protocol, including
'guest-exec</b><b>'</b>?</font></p>
<p><font face="SFNS Display">And, may be, there are another methods
or ways to use mentioned above methods to bypass isolation while
keeping it?</font></p>
<p><font face="SFNS Display">Thank you!</font><br>
</p>
<pre class="moz-signature" cols="72">--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
</pre>
</body>
</html>