Hey folks, So I'm in the process of evaluating options for implementing the capture-environment-status-and-logs[0] blueprint. At the moment my current plan is to implement a mistral workflow to execute the sosreport to bundle the status and logs up on the requested nodes. I'm leveraging a similar concept to the the remote execution[1] method we current expose via 'openstack overcloud execute'. The issue I'm currently running into is getting the files off the overcloud node(s) so that they can be returned to the tripleoclient. The files can be large so I don't think they are something that can just be returned as output from Heat. So I wanted to ask for some input on the best path forward.
IDEA 1: Write something (script or utility) to be executed via Heat on the nodes to push the result files to a container on the undercloud. Pros: - The swift container can be used by the mistral workflow for other actions as part of this bundling - The tripleoclient will be able to just pull the result files straight from swift - No additional user access needs to be created to perform operations against the overcloud from the undercloud Cons: - Swift credentials (or token) need to be passed to the script being executed by Heat on the overcloud nodes which could lead to undercloud credentials being leaked to the overcloud - I'm not sure if all overcloud nodes would have access to the undercloud swift endpoint IDEA 2: Write additional features into undercloud deployment for ssh key generation and inclusion into the deployment specifically for this functionality to be able to reach into the nodes and pull files out (via ssh). Pros: - We would be able to leverage these 'support' credentials for future support features (day 2 operations?) - ansible (or similar tooling) could be used to perform operations against the overcloud from the undercloud nodes Cons: - Complexity and issues around additional user access - Depending on where the ssh file transfer occurs (client vs mistral), additional network access might be needed. IDEA 2a: Leverage the validations ssh key to pull files off of the overcloud nodes Pros: - ssh keys already exist when enable_validations = true so we can leverage existing Cons: - Validations can be disabled, possibly preventing 'support' features from working - Probably should not leverage the same key for multiple functions. I'm leaning towards idea 1, but wanted to see if there was some other form of existing functionality I'm not aware of. Thanks, -Alex [0] https://blueprints.launchpad.net/tripleo/+spec/capture-environment-status-and-logs [1] https://blueprints.launchpad.net/tripleo/+spec/remote-execution __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
