VM-side agent for Murano

Go to file

Stan Lagun 2468fb5939 Tighten access to runtime agent folders Murano Agent uses default folder permissions for the execution plans and scripts. If the default is too permissive (which is unusual), other users on that machine can trick the agent to execute malicious execution plans by putting files into queue folder and use it to get the root privileges. In most common sense users won't have write permissions to murano-agent folders. However, they can hijack execution plans and other data that might contain sensitive information. This commit sets 0700 mode to the agent runtime folders so that they can be accessed only by the user that runs the agent (+ the root, if it's someone else). Change-Id: I27f0495a509c4d1435d630e2bc5bfdf3549486d5		2017-11-22 10:00:26 -08:00
contrib	Fix Null Reference exception in Windows agent PS scripts	2016-09-26 17:19:33 -05:00
doc/source	switch to openstackdocstheme	2017-07-07 14:53:19 +03:00
etc	Switch to the oslo.log library	2015-08-05 15:44:00 +03:00
muranoagent	Tighten access to runtime agent folders	2017-11-22 10:00:26 -08:00
releasenotes	Update reno for stable/pike	2017-08-10 15:53:04 +00:00
tools	Fix to use . to source script files	2017-09-06 12:27:48 +05:30
.gitignore	Fix coverage option and execution	2016-09-30 22:43:11 +09:00
.gitreview	Update .gitreview file to reflect repo rename	2015-04-18 00:37:35 +00:00
.testr.conf	Run tests with testrepository	2014-08-29 11:39:34 +00:00
CONTRIBUTING.rst	Update the documentation link for doc migration	2017-07-20 18:58:01 +08:00
HACKING.rst	Update the documentation link for doc migration	2017-07-20 18:58:01 +08:00
LICENSE	Extract main python client to the top	2014-05-29 20:02:50 +04:00
README.rst	Update the documentation link for doc migration	2017-07-20 18:58:01 +08:00
requirements.txt	Updated from global requirements	2017-11-15 18:14:34 +00:00
setup.cfg	Update the documentation link for doc migration	2017-07-20 18:58:01 +08:00
setup.py	Updated from global requirements	2017-03-02 11:47:25 +00:00
test-requirements.txt	Updated from global requirements	2017-09-21 03:42:35 +00:00
tox.ini	Remove support for py34	2017-02-15 10:41:57 +07:00

README.rst

Team and repository tags

Murano Agent

Murano Agent is a VM-side guest agent that accepts commands from Murano engine and executes them.

Image building using DiskImage-Builder

Folder, named contrib/elements contains diskimage-builder elements to build an image which contains the Murano Agent required to use Murano.

Ubuntu based image containing the agent can be built and uploaded to Glance with the following commands:

$ git clone https://git.openstack.org/openstack/diskimage-builder.git
$ git clone https://git.openstack.org/openstack/murano-agent.git
$ export ELEMENTS_PATH=murano-agent/contrib/elements
$ export DIB_CLOUD_INIT_DATASOURCES=OpenStack
$ diskimage-builder/bin/disk-image-create vm ubuntu \
  murano-agent -o ubuntu-murano-agent.qcow2
$ openstack image create ubuntu-murano --disk-format qcow2
  --container-format bare --file ubuntu-murano-agent.qcow2 \
  --property murano_image_info='{"title": "Ubuntu for Murano", "type": "linux"}'

Project Resources

Project status, bugs, and blueprints are tracked on Launchpad:

https://launchpad.net/murano

Developer documentation can be found here:

https://docs.openstack.org/murano/latest/

Additional resources are linked from the project wiki page:

https://wiki.openstack.org/wiki/Murano

License

Apache License Version 2.0 http://www.apache.org/licenses/LICENSE-2.0