[openstack-dev] [Mistral][Zaqar] Triggering Mistral workflows from Zaqar messages
anlin.kong at gmail.com
Mon May 23 02:38:08 UTC 2016
Hi, Zane, I think you must be interested in this:
On Fri, May 20, 2016 at 9:49 AM, Zane Bitter <zbitter at redhat.com> wrote:
> On 19/05/16 04:20, Thomas Herve wrote:
>> On Wed, May 18, 2016 at 8:49 PM, Zane Bitter <zbitter at redhat.com> wrote:
>>> I've been lobbying the Mistral developers for $SUBJECT since, basically,
>>> forever. I like to think after a couple of years I succeeded in
>>> changing their view on it from "crazy" to merely "unrealistic". In the
>>> last few months I've had a couple of realisations though:
>>> 1) The 'pull' model I've been suggesting is the wrong one,
>>> speaking. It's asking Mistral to do too much to poll Zaqar queues.
>>> 2) A 'push' model is the correct architecture and it already exists in
>>> form of Zaqar's Notifications, which suddenly makes this goal look very
>>> realistic indeed.
>>> I've posted a Zaqar spec for this here:
>> Commented. I certainly need some more time to think about it.
> Thanks, I updated the spec based on your comments.
>>> Not being super familiar with either project myself, I think this needs
>>> close scrutiny from Mistral developers as well as Zaqar developers to
>>> sure I haven't got any of the details wrong. I'd also welcome any
>>> interested in implementing this :)
>>> One more long-term thing that I did *not* mention in the spec: there are
>>> both Zaqar notifications and Mistral actions for sending email and
>>> webhooks. These are two of the hardest things for a cloud operator to
>>> secure. It would be highly advantageous if there were only _one_ place in
>>> OpenStack where these were implemented. Either project would potentially
>>> work - Zaqar notifications could call a simple, operator defined workflow
>>> behind the scenes for email/webhook notifications; alternatively the
>>> email/webhook actions could drop a message on a Zaqar queue connected to
>>> notification - although the former sounds easier to me. (And of course
>>> clouds with only one of the services available could fall back to the
>>> current plugins.) Something to think about for the future...
>> And you're forgetting about Aodh alarm notifications, which are
>> webhooks as well.
> Yeah, those just need to go away :) Aodh can already post the notifications
> to Zaqar instead, and hopefully we'll be able to migrate everything to that
> method over time.
>> Unfortunately, I think none of them do a
>> particularly great job in terms of robustness and security.
> Agree. The best you can do is still middling, and we're not there yet.
>> suggested moving away from doing webhook in Zaqar to Flavio in the
>> past, and I think he responded that he thought it was part of the core
>> functionality. It's hard to delegate such operations and create a
>> dependency on another project. Maybe we can start by creating some
>> library code.
> I guess that's a start, but if I were running a large public cloud I'd
> probably want to isolate this on its own network surrounded by some pretty
> custom firewalls. A library doesn't really help make that easier.
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev