[openstack-dev] [Murano] [Mistral] SSH workflow action

Fox, Kevin M Kevin.Fox at pnnl.gov
Sun May 10 17:44:48 UTC 2015


Im planning on deploying murano but wont be supporting the murano guest agent. The lack of multi tenant security is a big problem I think.

Thanks,
Kevin

________________________________
From: Stan Lagun
Sent: Saturday, May 09, 2015 7:21:17 PM
To: OpenStack Development Mailing List (not for usage questions)
Subject: Re: [openstack-dev] [Murano] [Mistral] SSH workflow action

Filip,

If I got you right the plan is to have Murano application execute Mistral workflow that SSH to VM and executes particular command? And alternative is Murano->Mistral->Zaquar->Zaquar agent?
Why can't you just send this command directly from Murano (to Murano agent on VM)? This is the most common use case that is found in nearly all Murano applications and it is battle-proven. If you need SSH you can contribute SSH plugin to Murano (Mistral will require similar plugin anyway). The more moving parts you involve the more chances you have for everything to fail


Sincerely yours,
Stan Lagun
Principal Software Engineer @ Mirantis

<mailto:slagun at mirantis.com>

On Fri, May 8, 2015 at 11:22 AM, Renat Akhmerov <rakhmerov at mirantis.com<mailto:rakhmerov at mirantis.com>> wrote:
Generally yes, std.ssh action works as long as network infrastructure allows access to a host using specified IP, it doesn’t provide anything on top of that.


> On 06 May 2015, at 22:26, Fox, Kevin M <kevin.fox at pnnl.gov<mailto:kevin.fox at pnnl.gov>> wrote:
>
> This would also probably be a good use case for Zaqar I think. Have a generic "run shell commands from Zaqar queue" agent, that pulls commands from a Zaqar queue, and executes it.
> The vm's don't have to be directly reachable from the network then. You just have to push messages into Zaqar.

Yes, in Mistral it would be another action that puts a command into Zaqar queue. This type of action doesn’t exist yet but it can be plugged in easily.

> Should Mistral abstract away how to execute the action, leaving it up to Mistral how to get the action to the vm?

Like I mentioned previously it should be just a different type of action: “zaqar.something” instead of “std.ssh”. Mistral engine itself works with all actions equally, they are just basically functions that we can plug in and use in Mistral workflow language. From this standpoint Mistral is already abstract enough.

> If that's the case, then ssh vs queue/agent is just a Mistral implementation detail?

More precisely: implementation detail of Mistral action which may not be even hardcoded part of Mistral, we can rather plug them in (using stevedore underneath).


Renat Akhmerov
@ Mirantis Inc.


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150510/a0dae04f/attachment.html>


More information about the OpenStack-dev mailing list