| *** altlogbot_3 has quit IRC | 00:50 | |
| *** altlogbot_0 has joined #openstack-dns | 00:53 | |
| *** altlogbot_0 has quit IRC | 00:54 | |
| *** altlogbot_1 has joined #openstack-dns | 00:55 | |
| *** awalende has joined #openstack-dns | 01:23 | |
| *** awalende has quit IRC | 01:28 | |
| *** ircuser-1 has quit IRC | 01:32 | |
| *** v12aml has quit IRC | 02:10 | |
| *** ivve has quit IRC | 05:07 | |
| *** pcaruana has joined #openstack-dns | 06:16 | |
| *** ivve has joined #openstack-dns | 06:17 | |
| *** awalende has joined #openstack-dns | 06:58 | |
| *** awalende has quit IRC | 07:01 | |
| *** ginopc has joined #openstack-dns | 07:06 | |
| *** awalende has joined #openstack-dns | 07:40 | |
| mugsie | hjohnson1: not sure if you will see this, but you need to look at your pools.yaml and run the pool update command | 08:20 |
|---|---|---|
| mugsie | step 9+10 here : https://docs.openstack.org/designate/latest/install/install-rdo.html | 08:21 |
| *** pcaruana|afk| has joined #openstack-dns | 12:55 | |
| *** pcaruana has quit IRC | 12:57 | |
| *** ginopc has quit IRC | 13:31 | |
| *** ginopc has joined #openstack-dns | 13:32 | |
| *** ginopc has quit IRC | 13:37 | |
| *** awalende has quit IRC | 13:40 | |
| *** awalende has joined #openstack-dns | 13:41 | |
| *** awalende has quit IRC | 13:42 | |
| *** awalende has joined #openstack-dns | 13:43 | |
| *** awalende has quit IRC | 13:43 | |
| *** awalende has joined #openstack-dns | 13:44 | |
| *** awalende has quit IRC | 13:48 | |
| *** ginopc has joined #openstack-dns | 13:53 | |
| *** ginopc has quit IRC | 13:55 | |
| *** ginopc has joined #openstack-dns | 13:56 | |
| *** ginopc has quit IRC | 13:57 | |
| *** ginopc has joined #openstack-dns | 13:58 | |
| *** ginopc has quit IRC | 14:01 | |
| *** ginopc has joined #openstack-dns | 14:03 | |
| *** gmann has joined #openstack-dns | 14:06 | |
| *** gmann is now known as gmann_pto | 14:07 | |
| *** pcaruana|afk| has quit IRC | 14:55 | |
| *** beekneemech is now known as bnemec | 15:00 | |
| *** ircuser-1 has joined #openstack-dns | 15:15 | |
| *** ginopc has quit IRC | 15:42 | |
| *** pcaruana|afk| has joined #openstack-dns | 15:44 | |
| *** awalende has joined #openstack-dns | 16:14 | |
| *** awalende has quit IRC | 16:19 | |
| *** ivve has quit IRC | 16:48 | |
| *** ivve has joined #openstack-dns | 18:19 | |
| *** tuxjohnson has joined #openstack-dns | 19:08 | |
| tuxjohnson | Weird question maybe... I have just installed Rocky on CentOS with designate. Everything is working fine with the BIND9 server we also installed. The question is, has anyone restricted creating zones, recordsets, etc to everyone but cloud_admins using a policy.yaml in the /etc/designate directory. We do not want end users to be able to alter the DNS. | 19:13 |
| *** gmann_pto has quit IRC | 19:33 | |
| *** tuxjohnson has left #openstack-dns | 20:14 | |
| *** goldyfruit has joined #openstack-dns | 20:34 | |
| *** pcaruana|afk| has quit IRC | 20:46 | |
| eandersson | tuxjohnson I think that is pretty common | 20:52 |
| ivve | he left :( | 20:53 |
| ivve | i was just about to answer | 20:53 |
| eandersson | He might read the irc logs | 20:53 |
| eandersson | :p | 20:53 |
| ivve | well in that case, change all admin_or_owner to only admin in policy.json :) | 20:59 |
| ivve | or just put role:cloud_admins if that's your role | 21:02 |
| ivve | anyways, im here for another question. i was wondering if its possible to allow other tenants to create subzones of an already existing zone in the same cloud | 21:03 |
| *** goldyfruit has quit IRC | 21:07 | |
| *** openstackgerrit has quit IRC | 21:09 | |
| eandersson | I don't think that is possible at the moment | 21:10 |
| eandersson | Would / could probably be part of this? https://etherpad.openstack.org/p/BER-Designate-Shared-Zones | 21:10 |
| eandersson | mugsie, should probably know more | 21:10 |
| ivve | eandersson: its possible for the admin to create the subzone and transfer it to the tenant who "needs" it | 21:14 |
| ivve | or rather, the owner of the zone | 21:15 |
| ivve | for the subzone.. :) | 21:15 |
| ivve | liek if i own example.com i can create another.example.com and transfer it to you | 21:15 |
| eandersson | https://github.com/openstack/designate/blob/master/designate/central/service.py#L877 | 21:15 |
| ivve | so that leaves me to wonder if it would be possible to allow anyone to create it.. | 21:16 |
| eandersson | Right now it looks like we enforce project | 21:16 |
| ivve | ah | 21:16 |
| eandersson | > if subzone.tenant_id != zone.tenant_id: | 21:16 |
| ivve | yea it looks like its a dead end right there | 21:16 |
| ivve | but you can do what i described | 21:17 |
| eandersson | Yea - that is a valid work around for now | 21:17 |
| eandersson | Sounds like a reaonsable usecase | 21:17 |
| ivve | well what is describe there is very reasonable | 21:20 |
| ivve | can't even create the subzone for the tenant as admin... i mean that should also be possible. like creating tenant+users+groups+zones and maybe some other smaller things with a heat template as admin would be nice | 21:24 |
| eandersson | Yep | 21:38 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!