On 08/11/2016 06:25 AM, Steven Hardy wrote:
On Wed, Aug 10, 2016 at 11:31:29AM -0400, Zane Bitter wrote:
On 09/08/16 21:21, Adam Young wrote:
On 08/09/2016 06:00 PM, Zane Bitter wrote:
In either case a good mechanism might be to use a Heat Software
Deployment via the Heat API directly (i.e. not as part of a stack) to
push changes to the servers. (I say 'push' but it's more a case of
making the data available for os-collect-config to grab it.)
This is the part that interests me most. The rest, I'll code in python
and we can call either from mistral or from Cron. What would a stack
like this look like? Are there comparable examples?
Basically use the "openstack software config create" command to upload a
script and the "openstack software deployment create" command to deploy it
to a server. I don't have an example I can point you at, but the data is in
essentially the same format as the properties of the corresponding Heat
resources.[1][2] Steve Baker would know if we have any more detailed docs.
Actually we wrapped a mistral workflow and CLI interface around this for
operator convenience, so you can just do:
[stack@instack ~]$ cat run_ls.sh
#!/bin/sh
ls /tmp
[stack@instack ~]$ openstack overcloud execute -s overcloud-controller-0
run_ls.sh
This runs a mistral workflow that creates the heat software config and
software deployment, waits for the deployment to complete, then returns the
result.
Wiring in a periodic mistral workflow which does the same should be
possible, but tbh I've not yet looked into the deferred authentication
method in that case (e.g I assume it uses trusts but I've not tried it
yet).
This is the mistral workflow, it could pretty easily be reused or adapted
for the use-case described I think:
https://github.com/openstack/tripleo-common/blob/master/workbooks/deployment.yaml
Again, thanks for the stellar blooging, Steve. POC was posted earlier
this month.
http://adam.younglogic.com/2016/09/fernet-overcloud/
Packing up the tarball on the undercloud is the eay part. I would like
to come up with a general approach for securely distributing
keys/secrets from undercloud to overcloud. It might make sense to make
use of Barbican for that in future release.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev