Re: [openstack-dev] [Murano] [Mistral] SSH workflow action

[Filip Blaha]

yes. I agree that direction is important from only networking piont of 
view. Usually is more probable that VM on neutron network will be able 
to access O~S service ( VM --> rabbit) then opposite direction from O~S 
service to VM running on neutron network (mistral --> VM).

Filip

On 05/06/2015 06:39 PM, Georgy Okrokvertskhov wrote:
Connection direction here is important only in the frame of networking 
connectivity problem solving. The networking in OpenStack in general 
works in such a way so that connections from VM are allowed to almost 
anywhere. In Murano production deployment we use separate MQ instance 
so that VMs have no access to OpenStack MQ.

In the sense who initiates task execution it always a Murano service 
which publishes tasks (shell script + necessary files) in the MQ so 
that agent can pull them and execute.

Thanks
Gosha



On Wed, May 6, 2015 at 9:31 AM, Filip Blaha <filip.bl...@hp.com 
<mailto:filip.bl...@hp.com>> wrote:

    Hello

    one more note on that. There is difference in direction who
    initiates connection. In case of murano agent --> rabbit MQ is
    connection initiated from VM to openstack service(rabbit). In case
    of std.ssh mistral action is direction opposite from openstack
    service (mistral) to ssh server on VM.

    Filip


    On 05/06/2015 06:00 PM, Pospisil, Radek wrote:

        Hello,

        I think that the generic question is - can be O~S services
        also accessible on Neutron networks, so VM (created by Nova)
        can access it? We (I and Filip) were discussing this today and
        we were not make a final decision.
        Another example is Murano agent running on VMs - it connects
        to RabbitMQ which is also accessed by Murano engine....

           Regards,

                Radek

        -----Original Message-----
        From: Blaha, Filip
        Sent: Wednesday, May 06, 2015 5:43 PM
        To: openstack-dev@lists.openstack.org
        <mailto:openstack-dev@lists.openstack.org>
        Subject: [openstack-dev] [Murano] [Mistral] SSH workflow action

        Hello

        We are considering implementing  actions on services of a
        murano environment via mistral workflows. We are considering
        whether mistral std.ssh action could be used to run some
        command on an instance. Example of such action in murano could
        be restart action on Mysql DB service.
        Mistral workflow would ssh to that instance running Mysql and
        run "service mysql restart". From my point of view trying to
        use SSH to access instances from mistral workflow is not good
        idea but I would like to confirm it.

        The biggest problem I see there is openstack networking.
        Mistral service running on some openstack node would not be
        able to access instance via its fixed IP (e.g. 10.0.0.5) via
        SSH. Instance could accessed via ssh from namespace of its
        gateway router e.g. "ip netns exec qrouter-... ssh
        cirros@10.0.0.5 <mailto:cirros@10.0.0.5>" but I think it is
        not good to rely on implementation detail of neutron and use
        it. In multinode openstack deployment it could be even more
        complicated.

        In other words I am asking whether we can use std.ssh mistral
        action to access instances via ssh on theirs fixed IPs? I
        think no but I would like to confirm it.

        Thanks
        Filip

        
__________________________________________________________________________
        OpenStack Development Mailing List (not for usage questions)
        Unsubscribe:
        openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
        <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

        
__________________________________________________________________________
        OpenStack Development Mailing List (not for usage questions)
        Unsubscribe:
        openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
        <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
        http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




    __________________________________________________________________________
    OpenStack Development Mailing List (not for usage questions)
    Unsubscribe:
    openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
    <http://openstack-dev-requ...@lists.openstack.org?subject:unsubscribe>
    http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Georgy Okrokvertskhov
Architect,
OpenStack Platform Products,
Mirantis
http://www.mirantis.com <http://www.mirantis.com/>
Tel. +1 650 963 9828
Mob. +1 650 996 3284


__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev