Open Stack

Why do you need to access tenant VMs?  Could you not use namespaces on a network host(s) and let the HAProxy agent manipulate the processes directly.  This is how the L3 and DHCP agents work.  Namespaces also require less resources than using service VMs.

mark


On Feb 4, 2013, at 8:06 AM, Oleg Bondarev <obondarev at mirantis.com> wrote:

> Hi guys,
>  
> Within LBaaS effort we need to configure HAProxy service which is running on one of tenant’s VMs in a certain subnet.
> Initially we were planning to configure two interfaces on such HAProxy VMs – one for tenant network and other for provider network – thus having an ability to simply reach the VM by ssh using an ip from provider network.
> But finally we found this way inappropriate because it overloads provider network and provides an ability to a tenant to access provider network which is not good as well.
>  
> So I’d like to find a proper way of reaching tenant’s VM to be able to execute commands on it.
> In Quantum code I found that it can be done by using ‘ip netns exec’ (quantum/debug/debug_agent.py: QuantumDebugAgent.exec_command()) which is close to what I need. Are there any better ways to do it in quantum?
>  
> Thanks,
> Oleg
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130204/93ca7dc3/attachment.html>