[openstack-dev] [Murano] [Mistral] SSH workflow action
Stan Lagun
slagun at mirantis.com
Tue May 12 13:44:07 UTC 2015
+1 for making Murano Engine <-> Murano Agent communication plugable so that
one can switch to Zaqar or anything else. However watching RabbitMQ
development for years I know hard can it be to build efficient and reliable
system and I'm just not sure Zaqar can compete with such battle-proven
thing like RabbitMQ yet. The only advantage I see is multi-tenancy. But I
do believe it can be relatively easy be implemented with RabbitMQ. At lease
in Murano. Don't want to go off topic here. The main idea is to use
https://github.com/rabbitmq/rabbitmq-auth-backend-amqp and dynamically
grant agent permissions only to his dedicated input queue so that it cannot
access anything else. Not just other tenants queues but also queues of
other VMs in the same tenant. In case of Murano we will not need to
maintain additional secrets or databases. Neither it will be needed to
create RabbitMQ users/vhosts as all of this becomes virtual. And agent will
not be holding any RabbitMQ passwords at all
Sincerely yours,
Stan Lagun
Principal Software Engineer @ Mirantis
<slagun at mirantis.com>
On Tue, May 12, 2015 at 10:52 AM, Renat Akhmerov <rakhmerov at mirantis.com>
wrote:
> Zane,
>
> Fully agree with you vision here.
>
> On 12 May 2015, at 07:15, Zane Bitter <zbitter at redhat.com> wrote:
>
> * Add an action in Mistral for sending a message to a Zaqar queue. This is
> easy and there's no reason you couldn't do it right now.
>
>
> Any volunteers?
>
> * Add a way to trigger a Mistral workflow with a Zaqar message. This is
> one piece in the puzzle to build user-configurable messaging flows between
> OpenStack services.[3]
>
>
> I added an agenda item for the summit in
> https://etherpad.openstack.org/p/vancouver-2015-design-summit-mistral to
> discuss this. Everyone is welcome.
>
> Imagine if there were one place where we implemented reliable queuing
> semantics at cloud scale, and when we added e.g. long-polling or WebSockets
> everyone could benefit immediately.[4] Imagine if there were one place for
> notifications, at cloud scale, for operators to secure. (How many webhook
> implementations are there in OpenStack right now? How many of them are
> actually secure against malicious users?) One format for messages between
> services so that users can connect up their own custom pipelines. We're not
> that far away! All of this is within reach if we work together.
>
>
> Cool picture of a wonderful future :)
>
> Thanks for reading. Please grab me at summit if you want to know more; I
> am always happy to bend the ear of anyone who will listen at length on this
> topic. As usual, I'll be the tall dude with the weird accent ;)
>
>
> With the great pleasure.
>
> (P.S. your accent is cool!)
>
> Renat Akhmerov
> @ Mirantis Inc.
>
>
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150512/e12e188b/attachment.html>
More information about the OpenStack-dev
mailing list