Hi colleagues,
are there ways to control guest VMs which reside in isolated network?
In general, there two methods are available:
1. use Heat's SoftwareDeployment method
2. use Qemu Guest Agent
First method requires accessibility of Keystone/Heat (os-collect-agent
authorizes on Keystone, receives endpoints list and use public Heat's
endpoint to deploy changes), but, since network is isolated, these
addresses are inaccessible. It can work if Neutron can provide proxying
like it do for Metadata server, but I didn't find this kind of
functionality neither in Neutron's documentation nor in other sources.
And I don't want to apply another NIC to VM for access to Keystone/Heat,
since it violates customer's rules (this is, by design, isolated network
with just VPN connection to premises). So the first question is -
*whether Neutron can proxy requests to Keystone/Heat like it do this for
Metadata*?
Second method (using qemu guest agent) gives some control of VM, but,
again, I wasn't be able to find how this can achieved using Nova. There
are some mentions about this functionality but no details and examples.
So, the second question - *whether Nova supports qemu guest agent and
allows to use available calls of QEMU-ga protocol, including
'guest-exec**'*?
And, may be, there are another methods or ways to use mentioned above
methods to bypass isolation while keeping it?
Thank you!
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
_______________________________________________
OpenStack-operators mailing list
OpenStack-operators@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
