Hi
there is VPN mechanism in neutron we could consider for future how to
get around these networking obstacles if we would like to use direct SSH.
1) every private created by murano would create VPN gateway on public
interface of the router [1]
neutron vpn-service-create --name myvpn --description "My vpn service"
router1 mysubnet
2) any service like mistral which needs directly access VM via SSH (or
other protocols) would connect to that VPN and then it could directly
access VM on its fixed IP
This mechanism would probably resolve network obstacles. But it requires
more effort to analyse it.
[1] https://wiki.openstack.org/wiki/Neutron/VPNaaS/HowToInstall
Filip
On 05/08/2015 10:22 AM, Renat Akhmerov wrote:
Generally yes, std.ssh action works as long as network infrastructure allows
access to a host using specified IP, it doesn’t provide anything on top of that.
On 06 May 2015, at 22:26, Fox, Kevin M <[email protected]> wrote:
This would also probably be a good use case for Zaqar I think. Have a generic "run
shell commands from Zaqar queue" agent, that pulls commands from a Zaqar queue, and
executes it.
The vm's don't have to be directly reachable from the network then. You just
have to push messages into Zaqar.
Yes, in Mistral it would be another action that puts a command into Zaqar
queue. This type of action doesn’t exist yet but it can be plugged in easily.
Should Mistral abstract away how to execute the action, leaving it up to
Mistral how to get the action to the vm?
Like I mentioned previously it should be just a different type of action:
“zaqar.something” instead of “std.ssh”. Mistral engine itself works with all
actions equally, they are just basically functions that we can plug in and use
in Mistral workflow language. From this standpoint Mistral is already abstract
enough.
If that's the case, then ssh vs queue/agent is just a Mistral implementation
detail?
More precisely: implementation detail of Mistral action which may not be even
hardcoded part of Mistral, we can rather plug them in (using stevedore
underneath).
Renat Akhmerov
@ Mirantis Inc.
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: [email protected]?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
