[openstack-dev] [Murano] [Mistral] SSH workflow action
Filip Blaha
filip.blaha at hp.com
Thu May 7 08:28:59 UTC 2015
yes. I agree that direction is important from only networking piont of
view. Usually is more probable that VM on neutron network will be able
to access O~S service ( VM --> rabbit) then opposite direction from O~S
service to VM running on neutron network (mistral --> VM).
Filip
On 05/06/2015 06:39 PM, Georgy Okrokvertskhov wrote:
> Connection direction here is important only in the frame of networking
> connectivity problem solving. The networking in OpenStack in general
> works in such a way so that connections from VM are allowed to almost
> anywhere. In Murano production deployment we use separate MQ instance
> so that VMs have no access to OpenStack MQ.
>
> In the sense who initiates task execution it always a Murano service
> which publishes tasks (shell script + necessary files) in the MQ so
> that agent can pull them and execute.
>
> Thanks
> Gosha
>
>
>
> On Wed, May 6, 2015 at 9:31 AM, Filip Blaha <filip.blaha at hp.com
> <mailto:filip.blaha at hp.com>> wrote:
>
> Hello
>
> one more note on that. There is difference in direction who
> initiates connection. In case of murano agent --> rabbit MQ is
> connection initiated from VM to openstack service(rabbit). In case
> of std.ssh mistral action is direction opposite from openstack
> service (mistral) to ssh server on VM.
>
> Filip
>
>
> On 05/06/2015 06:00 PM, Pospisil, Radek wrote:
>
> Hello,
>
> I think that the generic question is - can be O~S services
> also accessible on Neutron networks, so VM (created by Nova)
> can access it? We (I and Filip) were discussing this today and
> we were not make a final decision.
> Another example is Murano agent running on VMs - it connects
> to RabbitMQ which is also accessed by Murano engine....
>
> Regards,
>
> Radek
>
> -----Original Message-----
> From: Blaha, Filip
> Sent: Wednesday, May 06, 2015 5:43 PM
> To: openstack-dev at lists.openstack.org
> <mailto:openstack-dev at lists.openstack.org>
> Subject: [openstack-dev] [Murano] [Mistral] SSH workflow action
>
> Hello
>
> We are considering implementing actions on services of a
> murano environment via mistral workflows. We are considering
> whether mistral std.ssh action could be used to run some
> command on an instance. Example of such action in murano could
> be restart action on Mysql DB service.
> Mistral workflow would ssh to that instance running Mysql and
> run "service mysql restart". From my point of view trying to
> use SSH to access instances from mistral workflow is not good
> idea but I would like to confirm it.
>
> The biggest problem I see there is openstack networking.
> Mistral service running on some openstack node would not be
> able to access instance via its fixed IP (e.g. 10.0.0.5) via
> SSH. Instance could accessed via ssh from namespace of its
> gateway router e.g. "ip netns exec qrouter-... ssh
> cirros at 10.0.0.5 <mailto:cirros at 10.0.0.5>" but I think it is
> not good to rely on implementation detail of neutron and use
> it. In multinode openstack deployment it could be even more
> complicated.
>
> In other words I am asking whether we can use std.ssh mistral
> action to access instances via ssh on theirs fixed IPs? I
> think no but I would like to confirm it.
>
> Thanks
> Filip
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe:
> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
>
>
> --
> Georgy Okrokvertskhov
> Architect,
> OpenStack Platform Products,
> Mirantis
> http://www.mirantis.com <http://www.mirantis.com/>
> Tel. +1 650 963 9828
> Mob. +1 650 996 3284
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150507/2f09ebdd/attachment.html>
More information about the OpenStack-dev
mailing list