Monday, 2019-11-18

*** ivve has quit IRC		00:33
*** tosky has quit IRC		00:46
*** goldyfruit_ has quit IRC		01:53
*** macz has joined #openstack-ansible		02:05
*** cshen has joined #openstack-ansible		02:28
*** cshen has quit IRC		02:32
*** macz has quit IRC		02:51
*** schwicht has joined #openstack-ansible		03:12
*** rohit02 has joined #openstack-ansible		03:47
*** udesale has joined #openstack-ansible		04:02
*** gokhani has joined #openstack-ansible		05:37
*** raukadah is now known as chandankumar		05:44
*** nurdie has joined #openstack-ansible		05:49
*** nurdie_ has joined #openstack-ansible		05:50
*** nurdie has quit IRC		05:54
*** kopecmartin has joined #openstack-ansible		05:57
*** nurdie_ has quit IRC		06:08
*** nurdie has joined #openstack-ansible		06:09
*** nurdie has quit IRC		06:13
*** yolanda has quit IRC		06:45
*** nurdie has joined #openstack-ansible		06:50
*** nurdie has quit IRC		06:54
*** cshen has joined #openstack-ansible		07:08
*** rpittau\|afk is now known as rpittau		07:28
*** jbadiapa has joined #openstack-ansible		07:38
cshen	morning	07:48
*** luksky has joined #openstack-ansible		08:08
jrosser	morning	08:08
*** librehash has joined #openstack-ansible		08:20
*** tosky has joined #openstack-ansible		08:20
librehash	I need help deploying 'lobste.rs'. Its written on an 'Ansible playbook'. Obtaining the VPS is no problem for me. Offering $125, zero delays for someone to assist me with getting a lobste.rs instance up and running on a VPS that I am renting & can provide credentials to. \| Here's the GitHub for reference (open source) = I need help deploying	08:30
librehash	'lobste.rs'. Its written on an 'Ansible playbook'. Obtaining the VPS is no problem for me. Offering $125, zero delays for someone to assist me with getting a lobste.rs instance up and running on a VPS that I am renting & can provide credentials to.	08:30
librehash	/ 'all you need to do is...' / 'the instructions are right there' ; don't care. Please either accept or counter-offer and let's get started. Only straightforward business.	08:30
*** ivve has joined #openstack-ansible		08:46
cshen	librehash: SPAM?	09:00
*** hamzaachi has joined #openstack-ansible		09:11
*** DanyC has joined #openstack-ansible		09:13
*** DanyC has quit IRC		09:15
librehash	?	09:19
librehash	No, I am not spam. Apologies. I'm just an idiot and sent the message wrong. Thought I was copying the GitHub link, but I had the message itself copied.	09:20
librehash	So it posted twice and now it looks stupid. If a mod could delete that message actually, that would be awesome.	09:20
librehash	But now you know why I was looking for assistance. I'm a retard when it comes to computers.	09:20
*** yolanda has joined #openstack-ansible		09:22
*** cshen has quit IRC		09:22
*** DanyC has joined #openstack-ansible		09:25
*** cshen has joined #openstack-ansible		09:28
*** hamzaachi has quit IRC		09:53
*** rohit02 has quit IRC		09:55
*** rohit02 has joined #openstack-ansible		09:56
*** cshen has quit IRC		10:02
*** cshen has joined #openstack-ansible		10:04
*** cshen has quit IRC		10:09
*** pcaruana has joined #openstack-ansible		10:10
*** owalsh has quit IRC		10:12
*** hamzaachi has joined #openstack-ansible		10:18
*** sshnaidm\|off is now known as sshnaidm\|ruck		10:20
openstackgerrit	Merged openstack/openstack-ansible-specs master: tox: Keeping going with docs https://review.opendev.org/690669	10:22
*** owalsh has joined #openstack-ansible		10:22
openstackgerrit	Merged openstack/openstack-ansible-os_magnum master: tox: Keeping going with docs https://review.opendev.org/690656	10:25
openstackgerrit	Merged openstack/openstack-ansible-os_heat master: tox: Keeping going with docs https://review.opendev.org/690668	10:25
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_ceilometer master: Check conditional length before evaluation https://review.opendev.org/694055	10:28
openstackgerrit	Merged openstack/openstack-ansible-os_murano master: Update master for stable/train https://review.opendev.org/694242	10:29
openstackgerrit	Merged openstack/openstack-ansible-os_murano stable/train: Update .gitreview for stable/train https://review.opendev.org/694240	10:29
openstackgerrit	Merged openstack/openstack-ansible-os_murano stable/train: Update TOX/UPPER_CONSTRAINTS_FILE for stable/train https://review.opendev.org/694241	10:29
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-tests master: Use the cached cirros image for tests run from this repo https://review.opendev.org/693185	10:30
openstackgerrit	Merged openstack/openstack-ansible master: tox: Keeping going with docs https://review.opendev.org/690611	10:33
*** CeeMac has joined #openstack-ansible		10:37
CeeMac	morning	10:37
openstackgerrit	Merged openstack/openstack-ansible-ceph_client master: tox: Keeping going with docs https://review.opendev.org/690653	10:39
*** cshen has joined #openstack-ansible		10:43
*** cshen has quit IRC		10:49
openstackgerrit	Merged openstack/openstack-ansible-os_cloudkitty master: Replace git.openstack.org with opendev.org https://review.opendev.org/694296	10:50
*** admin0 has quit IRC		10:52
*** rohit02 has quit IRC		11:06
*** luksky has quit IRC		11:06
*** rohit02 has joined #openstack-ansible		11:07
*** cshen has joined #openstack-ansible		11:09
noonedeadpunk	mornings	11:09
jrosser	morning	11:10
*** librehash has quit IRC		11:13
*** cshen has quit IRC		11:14
*** udesale has quit IRC		11:17
noonedeadpunk	jrosser evrardjp: I think we can abandon https://review.opendev.org/#/c/689650/ as https://review.opendev.org/#/c/691318/ already merged	11:19
noonedeadpunk	or I misunderstood it?	11:20
*** luksky has joined #openstack-ansible		11:22
*** cshen has joined #openstack-ansible		11:24
*** cshen has quit IRC		11:33
*** cshen has joined #openstack-ansible		11:38
*** bhyrted has joined #openstack-ansible		11:41
bhyrted	ansible train:	11:41
bhyrted	TASK [os_ceilometer : Add keystone domain] ************************************************************************************************************************************************************************************************************************************	11:41
bhyrted	fatal: [compute1]: FAILED! => {"msg": "The conditional check 'inventory_hostname == (groups[(ceilometer_services['ceilometer-agent-notification']['group'] \| intersect(group_names))[0]] \| intersect(ansible_play_hosts))[0]' failed. The error was: error while evaluating con	11:41
bhyrted	ditional (inventory_hostname == (groups[(ceilometer_services['ceilometer-agent-notification']['group'] \| intersect(group_names))[0]] \| intersect(ansible_play_hosts))[0]): list object has no element 0\n\nThe error appears to be in '/etc/ansible/roles/os_ceilometer/tasks/s	11:41
bhyrted	ervice_setup.yml': line 34, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n block:\n - name: Add keystone domain\n ^ here\n"}	11:41
bhyrted	any ideas?	11:41
bhyrted	where to look ;-)	11:41
openstackgerrit	Merged openstack/openstack-ansible-rabbitmq_server stable/train: Drop erlang bump for suse https://review.opendev.org/694683	11:56
jrosser	bhyrted: looks like you might need this https://review.opendev.org/694055	12:07
bhyrted	thanks, will look at it ;-)	12:13
*** cshen has quit IRC		12:18
*** cshen has joined #openstack-ansible		12:20
*** DanyC has quit IRC		12:20
*** DanyC has joined #openstack-ansible		12:21
*** schwicht has quit IRC		12:26
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible stable/train: Bump rabbitmq role SHA https://review.opendev.org/694759	12:36
jrosser	noonedeadpunk: ^ this should hopefully unblock stable/train	12:37
*** nicolasbock has joined #openstack-ansible		12:37
*** cshen has quit IRC		12:38
noonedeadpunk	I think we also will need to merge and backport https://review.opendev.org/#/c/694253/	12:38
*** cshen has joined #openstack-ansible		12:40
jrosser	ah yes	12:40
openstackgerrit	Merged openstack/openstack-ansible-os_tempest master: Make smoke tests as a default whitelist tests https://review.opendev.org/652060	12:43
chandankumar	\o/ finally merged	12:44
*** luksky has quit IRC		12:47
jrosser	chandankumar: noonedeadpunk is that smoke test change something we want on stable/train?	12:48
chandankumar	jrosser: I think it will work	12:49
jrosser	we are still RC in openstack-ansible but maybe not appropriate in tripleo world?	12:49
noonedeadpunk	Btw, I'm wondering about CI timing	12:49
jrosser	we have had many timeouts in the last few days	12:50
noonedeadpunk	Mainly they were for telemetry and centos upgrade jobs:(	12:50
openstackgerrit	Merged openstack/openstack-ansible master: Collect etcd logs https://review.opendev.org/693717	12:55
*** ansmith has quit IRC		13:06
*** nurdie has joined #openstack-ansible		13:16
*** nurdie_ has joined #openstack-ansible		13:17
*** nurdie has quit IRC		13:20
*** nurdie_ has quit IRC		13:25
*** nurdie has joined #openstack-ansible		13:26
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-tests master: tox: Keeping going with docs https://review.opendev.org/690613	13:26
*** nurdie has quit IRC		13:27
*** luksky has joined #openstack-ansible		13:39
*** weshay\|ruck is now known as weshay		13:40
jrosser	chandankumar: do you know if something has changed in centos designate packaging that we've missed? https://zuul.opendev.org/t/openstack/build/a1a6da070da24907b964aae29318bf34/log/job-output.txt#13331	13:40
*** KeithMnemonic has joined #openstack-ansible		13:40
*** weshay has quit IRC		13:46
*** hwoarang has quit IRC		13:52
chandankumar	jrosser: https://github.com/rdo-packages/designate-distgit as per this nothing got changed	13:55
chandankumar	jrosser: https://github.com/rdo-packages/designate-distgit/blob/rpm-master/openstack-designate.spec#L228	13:55
jrosser	oh https://github.com/rdo-packages/designate-distgit/commit/634042cf25bd0f12e33b0b403fc0b76b03b4d620	13:55
jrosser	that'll be it	13:56
chandankumar	it is obsoleted by openstack-designate-producer	13:56
*** hwoarang has joined #openstack-ansible		13:58
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_designate master: Remove deprecated packages from centos installs https://review.opendev.org/694775	14:00
jrosser	chandankumar: thanks for the pointer, should have a fix now	14:00
*** ansmith has joined #openstack-ansible		14:01
*** ansmith_ has joined #openstack-ansible		14:02
*** ansmith has quit IRC		14:05
*** rohit02 has quit IRC		14:12
jrosser	noonedeadpunk: looks like we have something wrong with swift ubuntu distro installs, unless you can see anything obvious i think i'll do an AIO?	14:16
jrosser	it looks like a package conflict	14:16
* noonedeadpunk wondering how upgrade passes		14:19
noonedeadpunk	jrosser: I guess we need python3 packages	14:21
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_swift master: Install python3 packages for ubuntu https://review.opendev.org/694783	14:23
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_swift master: Install python3 packages for ubuntu https://review.opendev.org/694783	14:25
*** schwicht has joined #openstack-ansible		14:26
*** goldyfruit has joined #openstack-ansible		14:40
*** goldyfruit_ has joined #openstack-ansible		14:51
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible stable/train: Collect etcd logs https://review.opendev.org/693806	14:53
*** goldyfruit has quit IRC		14:53
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-galera_server stable/train: Restart mysql when package is installed https://review.opendev.org/693172	14:53
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone stable/train: Standardize on nginx-extras https://review.opendev.org/693903	14:54
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_keystone stable/train: Add possibility to overwrite public repo https://review.opendev.org/693757	14:55
openstackgerrit	Jonathan Rosser proposed openstack/openstack-ansible-os_glance stable/train: Drop common-db tag from db_sync task https://review.opendev.org/693146	14:55
*** udesale has joined #openstack-ansible		15:22
*** nurdie has joined #openstack-ansible		15:27
*** cshen has quit IRC		15:33
jrosser	noonedeadpunk: it passes https://review.opendev.org/#/c/694759/	15:43
noonedeadpunk	jrosser: yes, but I mean jenerally about your concern during upgrade	15:44
jrosser	yes so this next https://review.opendev.org/#/c/694253/ ?	15:45
noonedeadpunk	ah, nice, it's already voted	15:46
openstackgerrit	Mikael Loaec proposed openstack/openstack-ansible-os_horizon stable/rocky: [WIP]Fix panels enable/disable for distro install. https://review.opendev.org/692804	15:54
jrosser	yes, and i've depends on what looked like important patches to stable/train so hopefully that will save some time	15:54
openstackgerrit	Georgina Shippey proposed openstack/openstack-ansible-os_nova master: Remove deprecated filters https://review.opendev.org/694798	15:55
*** macz has joined #openstack-ansible		15:58
*** luksky has quit IRC		15:59
*** hamzy has quit IRC		16:01
*** gyee has joined #openstack-ansible		16:02
*** udesale has quit IRC		16:06
*** hamzaachi has quit IRC		16:12
*** hamzaachi has joined #openstack-ansible		16:14
openstackgerrit	Dmitriy Rabotyagov (noonedeadpunk) proposed openstack/openstack-ansible-os_swift master: Install python3 packages for ubuntu https://review.opendev.org/694783	16:20
*** hamzaachi_ has joined #openstack-ansible		16:30
*** hamzaachi has quit IRC		16:33
openstackgerrit	Georgina Shippey proposed openstack/openstack-ansible-os_nova master: Readd some QEMU distro packages https://review.opendev.org/694807	16:41
*** hamzy has joined #openstack-ansible		16:51
openstackgerrit	Merged openstack/openstack-ansible-rabbitmq_server master: Replace git.openstack.org with opendev.org https://review.opendev.org/694366	16:59
*** hamzaachi_ has quit IRC		16:59
*** aedc has joined #openstack-ansible		16:59
openstackgerrit	Merged openstack/openstack-ansible-openstack_openrc master: Replace git.openstack.org with opendev.org https://review.opendev.org/694365	16:59
openstackgerrit	Merged openstack/openstack-ansible-os_manila master: Replace git.openstack.org with opendev.org https://review.opendev.org/694323	17:00
*** luksky has joined #openstack-ansible		17:02
openstackgerrit	Merged openstack/openstack-ansible-lxc_hosts master: Replace git.openstack.org with opendev.org https://review.opendev.org/694380	17:03
openstackgerrit	Merged openstack/openstack-ansible-ceph_client master: Replace git.openstack.org with opendev.org https://review.opendev.org/694383	17:07
openstackgerrit	Merged openstack/openstack-ansible-lxc_container_create master: Replace git.openstack.org with opendev.org https://review.opendev.org/694381	17:12
openstackgerrit	Merged openstack/openstack-ansible-haproxy_server master: Replace git.openstack.org with opendev.org https://review.opendev.org/694378	17:16
*** rpittau is now known as rpittau\|afk		17:18
*** hamzy has quit IRC		17:21
*** hamzy has joined #openstack-ansible		17:22
jrosser	fallout from using the tempest smoke tests https://zuul.opendev.org/t/openstack/build/71147cad1e594f5e83d1e548685f0e71/log/logs/openstack/aio1-utility/tempest_run.log.txt.gz	17:25
jrosser	it's now actually trying to test designate, but as we don't provision bind or anything as a backend in the integrated repo that is never going to pass	17:25
openstackgerrit	Merged openstack/ansible-role-python_venv_build master: Replace git.openstack.org with opendev.org https://review.opendev.org/694375	17:38
*** ThomasThaulow has joined #openstack-ansible		17:49
ThomasThaulow	Hello! :)	17:50
*** ThomasThaulow has quit IRC		17:56
*** nicolasbock has quit IRC		17:58
*** spatel has joined #openstack-ansible		17:59
spatel	Folks, i want to add "domain_specific_drivers_enabled = True" in /etc/keystone/keystone.conf file under [identitiy] section	17:59
spatel	what entry i should be adding in user_variables.yml?	18:00
*** DanyC has quit IRC		18:00
spatel	keyston_domain_specific_drivers_enabled = True ?	18:00
*** ThomasThaulow has joined #openstack-ansible		18:00
spatel	or i should be doing this way - https://docs.openstack.org/project-deploy-guide/openstack-ansible/draft/app-advanced-config-override.html	18:01
*** hamzaachi_ has joined #openstack-ansible		18:02
ThomasThaulow	I have OpenStack Ansible deployed for HA on 2 controllers. However I struggle if servers are restarted, it does not go up again. I need to stop MariaDB, then do a recovery and start to get things working! Any idea why? I read somewhere that HA with kolla-ansible / openstack needs 3 nodes. Might this be relevant?	18:02
*** sshnaidm\|ruck is now known as sshnaidm\|afk		18:05
*** ThomasThaulow has quit IRC		18:07
spatel	ThomasThaulow: you need 3 node min for Galera cluster.	18:07
spatel	Or you this hack - http://heiterbiswolkig.blogs.nde.ag/2018/03/19/ha-galera-two-node-cluster/	18:08
*** hamzaachi_ has quit IRC		18:09
*** hamzaachi_ has joined #openstack-ansible		18:10
jrosser	spatel: if there is a var already for you to override in the keystone role defaults, just use that directly	18:10
jrosser	if there isn’t one, config override is your answer	18:10
spatel	jrosser: variable isn't specified in role file default/main.yml file.	18:11
spatel	I belive i have to go with override	18:11
openstackgerrit	Merged openstack/openstack-ansible-os_zun master: Replace git.openstack.org with opendev.org https://review.opendev.org/694361	18:12
*** hamzaachi_ has quit IRC		18:16
*** hamzaachi_ has joined #openstack-ansible		18:16
spatel	jrosser: question related this block	18:18
-spatel- # keystone_ldap:		18:18
-spatel- # Users:		18:18
-spatel- # url: "ldap://127.0.0.1"		18:18
-spatel- # user: "root"		18:18
-spatel- # password: "secrete"		18:18
spatel	In - https://docs.openstack.org/openstack-ansible-os_keystone/latest/	18:18
spatel	how do i define domain name ?	18:19
spatel	like /etc/keystone/domains/keystone.FOO.conf (FOO is my domain)	18:19
mnaser	did you check the role code? :)	18:20
mnaser	http://github.com/openstack/openstack-ansible-os_keystone has all your answers on how FOO is created	18:20
spatel	:) now doing it...	18:20
jrosser	yes it is all there in the doc I think	18:21
jrosser	right here https://docs.openstack.org/openstack-ansible-os_keystone/latest/configure-keystone.html#implementing-ldap-or-active-directory-backends	18:22
spatel	in doc its not saying where to specify domain ?	18:22
spatel	MyCorporation:	18:22
mnaser	maybe look at the actual roles	18:22
spatel	damn it :)	18:22
-spatel- keystone_ldap:		18:23
-spatel- MyCorporation:		18:23
spatel	MyCorporation going to be my FOO domain	18:23
jrosser	yes :)	18:23
spatel	Thanks both of you :)	18:24
spatel	jrosser: in that doc its not saying anywhere that "domain_specific_drivers_enabled" is default False, it would be good to have one liner saying enable domain_specific_drivers_enabled before move forward.	18:27
jrosser	patch it :)	18:28
spatel	i never done patch before so it would be learning curve for me, but happy to do that	18:28
jrosser	I’ve not looked at keystone/ldap before	18:28
chandankumar	jrosser: does designate issue got fixed?	18:29
jrosser	so if we already have a switch to turn that on and it’s missing a setting, it should be fixed	18:29
jrosser	chandankumar: yes and no :/	18:29
chandankumar	jrosser: sorry did not get that, any other issue pops up?	18:30
jrosser	yes the packages are now installed properly I think, but the tempest change looks like it actually now really tries to test designate	18:30
jrosser	I think the smoke test change may now be increasing the test coverage, which is good	18:30
spatel	jrosser: we should add "domain_specific_drivers_enabled" key in role/os_keystone/default/main.yml which is missing (so folks can turn on/off) - https://docs.openstack.org/keystone/latest/admin/configuration.html#integrate-identity-with-ldap	18:31
jrosser	spatel: or we can wire it automatically if keystone_ldap is defined	18:32
jrosser	but like I say I never really did this so would have to look at what the right answer is	18:32
spatel	jrosser: there are two way we can enable LDAP with multi-domain and without multi-domain ( best approach is multi-domain )	18:34
chandankumar	jrosser: good to know that if designate tests failing we can ask team to look into that	18:34
jrosser	chandankumar: I think really it’s an OSA issue, we leave it to the deployer to make the designate backend DNS with bind or powerdns or whatever they want	18:36
spatel	jrosser: anyway we can at least improve documentation of OSA and rest folks can decide.. :)	18:36
chandankumar	jrosser: :-)	18:36
jrosser	chandankumar: so now the designate tempest test actually tries to test it, there’s no backend there so fail	18:36
*** gouthamr_ is now known as gouthamr		18:51
openstackgerrit	Merged openstack/openstack-ansible-os_cinder master: Replace git.openstack.org with opendev.org https://review.opendev.org/694295	19:26
mgariepy	spatel, https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone.conf.j2#L78-L81	19:28
*** aedc has quit IRC		19:29
openstackgerrit	Merged openstack/openstack-ansible-os_nova master: Replace git.openstack.org with opendev.org https://review.opendev.org/694328	19:31
*** tosky has quit IRC		19:34
*** nicolasbock has joined #openstack-ansible		19:38
spatel	mgariepy: sweet!!!	19:39
openstackgerrit	Merged openstack/openstack-ansible-os_magnum master: Replace git.openstack.org with opendev.org https://review.opendev.org/694318	19:42
openstackgerrit	Merged openstack/openstack-ansible-repo_server master: Replace git.openstack.org with opendev.org https://review.opendev.org/694367	19:47
spatel	mgariepy: how do i push LDAP SSL cert file for TLS connection? or it has to be manually ?	19:48
spatel	tls_cacertfile: "/etc/keystone/ssl/ipa.crt" this file.	19:49
openstackgerrit	Merged openstack/openstack-ansible-os_blazar master: Replace git.openstack.org with opendev.org https://review.opendev.org/694282	19:49
mgariepy	spatel, yep you need to push it manually last time i checked.	19:52
mgariepy	spatel, also i you are using ldap with domains you will have to disable openrc v2 from horizon : https://github.com/openstack/openstack-ansible-os_horizon/blob/master/defaults/main.yml#L257	19:53
openstackgerrit	Merged openstack/openstack-ansible-os_neutron master: Replace git.openstack.org with opendev.org https://review.opendev.org/694325	19:54
spatel	mgariepy: hmm! so i have to do horizon_show_keystone_v2_rc: False	19:56
openstackgerrit	Merged openstack/openstack-ansible-os_heat master: Replace git.openstack.org with opendev.org https://review.opendev.org/694309	19:59
mgariepy	which releaes are you deploying ?	19:59
openstackgerrit	Merged openstack/openstack-ansible-os_keystone master: Replace git.openstack.org with opendev.org https://review.opendev.org/694315	19:59
spatel	i have queen and stein	19:59
mgariepy	make sure horizon playbooks supports it for your release.	19:59
spatel	if not then can i edit by hand?	20:00
mgariepy	but you cloud always do overrides but i haven't done that for horizon config.	20:00
spatel	let me see what i can do..	20:00
openstackgerrit	Merged openstack/openstack-ansible-os_masakari master: Replace git.openstack.org with opendev.org https://review.opendev.org/694319	20:01
spatel	i believe i have to add TLS config in /etc/ldap/ldap.conf file also, not sure if ansible playbook take care of it or not	20:02
spatel	mgariepy: also how do i add [assignment] section in /etc/keystone/domains/keystone.FOO.conf file.	20:04
spatel	https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone.domain.conf.j2	20:05
spatel	should i be adding here or overwrite should support?	20:05
mgariepy	https://github.com/openstack/openstack-ansible-os_keystone/blob/master/tasks/keystone_ldap_setup.yml#L35-L46	20:06
spatel	I want to add following two line in domain specific file..	20:08
-spatel- [assignment]		20:08
-spatel- driver = sql		20:08
spatel	as per this it doesn't support - https://github.com/openstack/openstack-ansible-os_keystone/blob/master/templates/keystone.domain.conf.j2	20:08
spatel	if you don't specify assignment then default is driver = ldap	20:09
spatel	but in my case i want to use sql	20:09
spatel	if it required patch then i can open ticket for improvement.	20:10
mgariepy	my assignement is sql backed.	20:11
spatel	do you have assignment specified in domain specific file?	20:12
spatel	may be that value coming from keystone.conf file	20:12
spatel	let me try without that and see if it work	20:12
mgariepy	in keystone.conf i have [assignement] driver=sql	20:13
mgariepy	and both local sql accounts(default domain) and ldap domain do use local sql assignment	20:13
spatel	i thought domain specific file also need that but look like not.	20:13
mgariepy	nop it doesn't need it.	20:14
*** hamzaachi_ has quit IRC		20:26
cjloader	hi can we get +2+W on https://review.opendev.org/#/c/693903/?	20:28
spatel	mgariepy: domain = project right in multi-domain ?	20:29
spatel	if i create keystone.foo.conf then i have to create foo project to match config	20:30
mgariepy	no	20:31
spatel	hmm!	20:31
mgariepy	the domain will hold your users, you will have to do something like: openstack user list --domain <my_super_domain>	20:32
mgariepy	to list the users from that domain	20:32
spatel	I am getting this error "You are not authorized for any projects or domains." (you are saying i have to create domain foo in sql and inside that domain i can create whatever project name i like.. bar / abc etc..)	20:32
mgariepy	you are not part of any project.	20:32
mgariepy	you can add a domain user to a project under the default domain.	20:33
mgariepy	you can do like: openstack role add --user test --user-domain my_domain --project my-project member	20:33
spatel	But i have to create "foo" domain first right otherwise how ldap will pull users?	20:34
spatel	currently i have only "Default" domain	20:35
mgariepy	you add your config for ldap in user_variable.yml	20:35
spatel	that i did	20:35
mgariepy	then run keystone playbook	20:35
spatel	that i did too	20:35
mgariepy	from there, if you go into the utility container you can list the user from your domain ?	20:35
mgariepy	openstack user list --domain <domain you configured>	20:36
mgariepy	you see your ldap user?	20:36
spatel	oh!!! i can see LDAP users now	20:36
spatel	i was missing --domain foo option	20:37
mgariepy	you can configured horizon to either user multiple domains or not.	20:37
spatel	I did configure horizon also	20:37
spatel	and i can see domain option	20:37
spatel	how do i assign ldap user to default domain _member_ role?	20:38
mgariepy	yep	20:38
mgariepy	openstack role assignment list --project <project> --names	20:39
mgariepy	( --names ) is your friend.	20:39
mgariepy	what i do is : openstack role add --project myproject --user myuser --user-domain foo Member	20:40
spatel	let me try	20:41
spatel	sweet!!! that did the magic :)	20:42
spatel	i am in	20:42
spatel	i was confused in domain vs project... :)	20:43
spatel	i thought i have to create domain in sql which will get map with ldap domain, but now its clear :)	20:43
mgariepy	it's...	20:44
mgariepy	flexible.	20:44
mgariepy	haha	20:44
spatel	thanks for your help!!	20:45
spatel	mgariepy: do you guys use teraform ?	20:45
spatel	how do i manager password in file ? (i am worried about security)	20:45
spatel	how do you manage password in file ? (i am worried about security)	20:45
mgariepy	i don't use terraform much but some users do.	20:47
spatel	we are also not using but look like in soon we will start using it, looking for good way to handle password in file..	20:48
*** schwicht has quit IRC		20:50
mgariepy	in keystone you can have application credential. but i havent used it yet.	20:51
mgariepy	soon maybe.	20:51
spatel	hmm i heard that and will look into it	20:55
mgariepy	cya	20:57
*** mgariepy has quit IRC		20:57
*** goldyfruit_ has quit IRC		21:02
*** goldyfruit has joined #openstack-ansible		21:17
openstackgerrit	Merged openstack/openstack-ansible stable/train: Bump rabbitmq role SHA https://review.opendev.org/694759	21:26
*** DanyC has joined #openstack-ansible		21:28
*** schwicht has joined #openstack-ansible		21:31
*** ansmith_ has quit IRC		21:34
*** schwicht has quit IRC		21:48
*** hamzaachi has joined #openstack-ansible		21:52
openstackgerrit	Bjoern Teipel proposed openstack/openstack-ansible master: Adding missing tag for dynamic-address-fact task https://review.opendev.org/694849	21:53
jrosser	we need to fix this cert check https://zuul.opendev.org/t/openstack/build/121aacc2bf2e48d59e8826b5891c2c03/log/logs/openstack/aio1-utility/tempest.log.txt.gz#236	21:53
*** hamzaachi has quit IRC		21:53
*** hamzaachi has joined #openstack-ansible		21:54
*** hamzaachi has quit IRC		21:55
*** hamzaachi has joined #openstack-ansible		21:55
*** hamzaachi_ has joined #openstack-ansible		22:06
jrosser	master is now blocked with the tempest smoke test change, ceph fails https://review.opendev.org/#/c/694253/	22:06
*** hamzaachi has quit IRC		22:07
openstackgerrit	Merged openstack/openstack-ansible-os_neutron master: pep8 fix https://review.opendev.org/691412	22:14
*** schwicht has joined #openstack-ansible		22:24
*** hwoarang has quit IRC		22:24
*** tosky has joined #openstack-ansible		22:26
*** pcaruana has quit IRC		22:26
*** schwicht has quit IRC		22:26
openstackgerrit	Merged openstack/openstack-ansible-os_placement master: Replace git.openstack.org with opendev.org https://review.opendev.org/694348	22:26
*** hwoarang has joined #openstack-ansible		22:28
*** ansmith_ has joined #openstack-ansible		22:29
*** DanyC has quit IRC		22:32
*** DanyC has joined #openstack-ansible		22:33
*** hamzaachi_ has quit IRC		22:38
*** nurdie has quit IRC		22:41
*** luksky has quit IRC		23:02
*** spatel has quit IRC		23:02
*** admin0 has joined #openstack-ansible		23:09
*** DanyC has quit IRC		23:19
*** nurdie has joined #openstack-ansible		23:21
*** nurdie has quit IRC		23:25
*** ivve has quit IRC		23:26
*** goldyfruit has quit IRC		23:36
*** nicolasbock has quit IRC		23:50

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!