Wednesday, 2021-04-07

« Tuesday, 2021-04-06 Index Thursday, 2021-04-08 »
*** luksky has quit IRC00:09
*** tosky has quit IRC00:17
*** jamesdenton has quit IRC00:57
*** jamesdenton has joined #openstack-ansible00:59
*** gshippey has quit IRC01:07
*** rh-jlabarre has joined #openstack-ansible01:55
*** rh-jlabarre has quit IRC01:55
*** rh-jlabarre has joined #openstack-ansible01:56
*** rh-jelabarre has quit IRC01:56
*** evrardjp has quit IRC02:33
*** evrardjp has joined #openstack-ansible02:33
*** lkoranda has joined #openstack-ansible04:07
*** rohit02 has joined #openstack-ansible04:16
*** rh-jlabarre has quit IRC04:20
*** miloa has joined #openstack-ansible05:22
*** miloa has quit IRC05:25
*** yasemind has joined #openstack-ansible05:57
*** jbadiapa has joined #openstack-ansible06:25
*** pcaruana has joined #openstack-ansible06:57
*** rpittau|afk is now known as rpittau07:03
*** rohit02 has quit IRC07:06
*** luksky has joined #openstack-ansible07:07
*** rohit02 has joined #openstack-ansible07:07
*** andrewbonney has joined #openstack-ansible07:14
*** shyamb has joined #openstack-ansible07:27
*** shyam89 has joined #openstack-ansible07:27
*** tosky has joined #openstack-ansible07:37
*** shyam89 has quit IRC07:50
*** shyamb has quit IRC07:50
*** shyamb has joined #openstack-ansible07:51
*** shyam89 has joined #openstack-ansible07:51
*** lkoranda has quit IRC07:52
*** lkoranda has joined #openstack-ansible07:55
*** lkoranda has quit IRC07:57
*** MrClayPole has quit IRC08:30
*** MrClayPole has joined #openstack-ansible08:37
*** SiavashSardari has joined #openstack-ansible08:44
*** shyamb has quit IRC09:04
*** shyam89 has quit IRC09:04
*** shyam89 has joined #openstack-ansible09:04
*** shyamb has joined #openstack-ansible09:04
*** shyamb has quit IRC09:06
*** shyam89 has quit IRC09:06
*** shyamb has joined #openstack-ansible09:07
*** shyam89 has joined #openstack-ansible09:07
*** rohit02 has quit IRC09:20
*** rohit02 has joined #openstack-ansible09:21
*** rpittau is now known as rpittau|bbl09:23
*** macz_ has joined #openstack-ansible09:27
*** macz_ has quit IRC09:32
*** macz_ has joined #openstack-ansible09:48
*** macz_ has quit IRC09:52
*** shyamb has quit IRC09:59
*** shyam89 has quit IRC09:59
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Update trove configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78457110:10
noonedeadpunkI think now at least we don't need mysql libs on the deploy host - only for adjutant containers?10:20
jonherthat's what i figured, i don't think it needs to be built with the mysql libs present, but i'm not sure on all this wheel stuff10:21
*** SiavashSardari has quit IRC10:34
*** yasemind has quit IRC10:41
*** shyamb has joined #openstack-ansible10:49
*** shyam89 has joined #openstack-ansible10:49
*** mgariepy has quit IRC11:06
noonedeadpunkCreated a pool regarding meeting https://doodle.com/poll/m554dx4mrsideuzi/11:19
*** dpawlik4 has joined #openstack-ansible11:40
*** dpawlik4 is now known as dpawlik11:42
*** shyam89 has quit IRC11:58
*** shyamb has quit IRC11:58
andrewbonneynoonedeadpunk: is there a typo? That link doesn't seem to work for me12:04
noonedeadpunkandrewbonney: doh, extra slash at the end :(12:08
noonedeadpunkhttps://doodle.com/poll/m554dx4mrsideuzi12:08
andrewbonneyAh, simple, thanks12:09
noonedeadpunkand I mailed it ;(12:09
*** macz_ has joined #openstack-ansible12:10
*** macz_ has quit IRC12:14
*** mgariepy has joined #openstack-ansible12:14
noonedeadpunkIf you want me to add some extra fields in the poll - let me know12:15
*** rh-jlabarre has joined #openstack-ansible12:28
*** jamesdenton has quit IRC12:38
*** jamesdenton has joined #openstack-ansible12:39
*** rpittau|bbl is now known as rpittau12:51
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478112:52
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478112:53
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478112:58
*** spatel_ has joined #openstack-ansible13:03
*** spatel_ is now known as spatel13:03
openstackgerritAmy Marrich (spotz) proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478113:25
*** rohit02 has quit IRC13:45
*** chkumar|ruck is now known as raukadah13:52
*** fanfi has quit IRC13:56
*** rohit02 has joined #openstack-ansible14:09
*** rohit02 has quit IRC14:16
*** pabelanger has joined #openstack-ansible14:31
pabelangero/14:31
pabelangerwhich channel is doing openstack ansible collection these days?14:31
pabelangersshnaidm: ^14:32
sshnaidmpabelanger, openstack-ansible-sig14:34
pabelangertyty14:34
*** pabelanger has left #openstack-ansible14:34
*** gshippey has joined #openstack-ansible14:36
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: Update trove configuration  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78457114:49
*** macz_ has joined #openstack-ansible15:09
*** mgariepy has quit IRC15:09
*** macz_ has quit IRC15:10
*** macz_ has joined #openstack-ansible15:11
*** macz_ has quit IRC15:12
*** macz_ has joined #openstack-ansible15:13
*** andrewbonney has quit IRC15:22
*** hindret has quit IRC15:23
*** hindret has joined #openstack-ansible15:24
*** andrewbonney has joined #openstack-ansible15:24
*** mgariepy has joined #openstack-ansible15:29
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Run notify setup when setup_host differs  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/78522415:33
openstackgerritDmitriy Rabotyagov proposed openstack/openstack-ansible-os_trove master: [doc] Document how to use separate RabbitMQ cluster  https://review.opendev.org/c/openstack/openstack-ansible-os_trove/+/78478115:42
*** macz_ has quit IRC15:45
*** macz_ has joined #openstack-ansible15:46
*** sshnaidm is now known as sshnaidm|afk16:06
jrossernoonedeadpunk: have you any experience with making 'reader' role accounts for audit or report generating type purposes?16:12
noonedeadpunkjrosser: did just for some services16:12
noonedeadpunkBut it really means overriding _lot_ of policies16:13
noonedeadpunkI wish openstaxck had smth out of the box...16:13
jrossertheres a reader role as standard, but it seems quite wierd how that it set up16:15
noonedeadpunkrly? I never saw that achieved anywhere (maybe except of the keystone)16:17
noonedeadpunk*implemented16:17
jrosseroh right well thats probably the super important thing i'm missing :)16:17
noonedeadpunkmight be haha16:18
jrosseryes, what i mean is that they keystone role is there, and i can assign it just fine16:18
jrosserbut then the behaviour is WTF16:18
noonedeadpunkwell, there's auditor in barbican actually16:18
noonedeadpunkand you can map them. I think there's smth for octavia as well.16:18
noonedeadpunkBut for most of the services this is just absent16:19
noonedeadpunkand you need to write rules and override default stuff16:19
noonedeadpunkProbably worth bringing to the TC as the community goal :p16:19
jrosseryeah, this is horrid as you end up with full read/write admin being used just to make reports otherwise16:20
jrosserbecause you may well want visibility across all projects16:20
noonedeadpunkWell, yeah, full permissions application credentials...16:21
*** jbadiapa has quit IRC16:34
noonedeadpunkah, octavia has load-balancer_global_observer and load-balancer_observer16:42
johnsomI wrote up a doc for the roles in Octavia here: https://docs.openstack.org/octavia/latest/configuration/policy.html16:44
jrosseri wonder what it is thats not wired up properly16:44
jrosserhttps://github.com/openstack/neutron/search?p=1&q=SYSTEM_OR_PROJECT_READER16:44
johnsomIn case you haven't seen it16:44
jrosserbecasue to my suprise i was able to boot an instance with my user that only has reader role16:44
jrosserand this is likley me totally misunderstanding whats meant by that tbh16:44
noonedeadpunkjohnsom: yeah, I just did:) The problem here is more that _most_ of the services doesn't have it16:44
johnsomYeah, I know. Nova and Octavia led the charge on that, but I don't know if nova merged their patches for it. In theory the new scopes/default roles get us closer16:45
*** rpittau is now known as rpittau|afk16:46
johnsomnoonedeadpunk Feel free to ping me if you have questions about the Octavia implementation.16:48
noonedeadpunkwell, actually nova has smth now16:49
noonedeadpunkjohnsom: sure, thanks for being around!16:49
jrossernoonedeadpunk: so yes this is where i'm confused, like keystone has a concept of reader role, and i find the same sort of concepts in nova/neutron code16:49
noonedeadpunknone in cinder and glance16:50
noonedeadpunkdoh. I've started looking through projects and realized that things have landed in W for _lot_ of projects17:19
noonedeadpunkhttps://blueprints.launchpad.net/neutron/+spec/secure-rbac-roles17:26
noonedeadpunkand if look through https://codesearch.opendev.org/?q=role%3Areader%20and%20system_scope%3Aall&i=nope&files=&excludeFiles=&repos= most of the project landed that17:30
noonedeadpunkeventually, that's the correct link https://wiki.openstack.org/wiki/Consistent_and_Secure_Default_Policies_Popup_Team17:35
jrosserhmm so maybe this is all more complete for W17:40
jrossermaybe for now i can make an application credential with access rules that only allow it to GET from the api i'm interested in17:42
*** andrewbonney has quit IRC18:13
*** rh-jlabarre has quit IRC19:06
*** rh-jelabarre has joined #openstack-ansible19:12
*** lvdombrkr has joined #openstack-ansible19:31
lvdombrkrhello all19:32
lvdombrkropenstack-ansible is containerized now?19:33
*** spatel has quit IRC19:49
*** spatel_ has joined #openstack-ansible19:50
*** spatel_ is now known as spatel19:50
*** lvdombrkr has quit IRC19:52
*** gshippey has quit IRC19:55
*** mgagne has joined #openstack-ansible20:21
*** spotz has quit IRC20:38
*** spatel has quit IRC20:42
openstackgerritMerged openstack/openstack-ansible master: Add trove instance key into secrets  https://review.opendev.org/c/openstack/openstack-ansible/+/78456521:08
*** spotz has joined #openstack-ansible21:38
*** macz_ has quit IRC23:01
*** tosky has quit IRC23:11
*** luksky has quit IRC23:11
« Tuesday, 2021-04-06 Index Thursday, 2021-04-08 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!