[openstack-dev] [quantum] executing shell commands on a tenant's VM
Ilya Shakhat
ishakhat at mirantis.com
Mon Feb 4 16:48:09 UTC 2013
Maybe I don't see it quite correctly, but both L3 and DHCP agents operate
with processes running on network controller, however HAProxy is VM that is
launched on demand by Nova and it is not planned to contain any of
OpenStack modules. That's why we faced the need to be able to communicate
between host and tenant networks. The most similar code is from
'quantum-debug ping-all', where a new port is created inside target network
and then command is executed in shell (using ip netns if needed).
Ilya
2013/2/4 Mark McClain <mark.mcclain at dreamhost.com>
> Why do you need to access tenant VMs? Could you not use namespaces on a
> network host(s) and let the HAProxy agent manipulate the processes
> directly. This is how the L3 and DHCP agents work. Namespaces also
> require less resources than using service VMs.
>
> mark
>
>
> On Feb 4, 2013, at 8:06 AM, Oleg Bondarev <obondarev at mirantis.com> wrote:
>
> Hi guys,****
> ** **
> Within LBaaS effort we need to configure HAProxy service which is running
> on one of tenant’s VMs in a certain subnet.****
> Initially we were planning to configure two interfaces on such HAProxy VMs
> – one for tenant network and other for provider network – thus having an
> ability to simply reach the VM by ssh using an ip from provider network.**
> **
> But finally we found this way inappropriate because it overloads provider
> network and provides an ability to a tenant to access provider network
> which is not good as well.****
> ** **
> So I’d like to find a proper way of reaching tenant’s VM to be able to
> execute commands on it.****
> In Quantum code I found that it can be done by using ‘ip netns exec’
> (quantum/debug/debug_agent.py: QuantumDebugAgent.exec_command()) which is
> close to what I need. Are there any better ways to do it in quantum?****
> ** **
> Thanks,****
> Oleg****
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130204/d878973e/attachment.html>
More information about the OpenStack-dev
mailing list