Tuesday, 2019-02-19

« Monday, 2019-02-18 Index Wednesday, 2019-02-20 »
*** markvoelker has quit IRC00:09
*** markvoelker has joined #openstack-glance00:09
*** markvoelker has quit IRC00:14
*** Sravan has quit IRC00:20
*** Sravan has joined #openstack-glance00:39
*** markvoelker has joined #openstack-glance01:10
*** Sravan has quit IRC01:25
*** markvoelker has quit IRC01:44
*** sapd1_ has quit IRC02:13
openstackgerritAndriy Shevchenko proposed openstack/python-glanceclient master: Update min tox version to 2.0  https://review.openstack.org/61211002:29
*** _alastor_ has joined #openstack-glance02:33
*** awalende has joined #openstack-glance02:35
*** _alastor_ has quit IRC02:38
*** awalende has quit IRC02:39
*** markvoelker has joined #openstack-glance02:41
*** bhagyashris has joined #openstack-glance02:50
*** markvoelker has quit IRC03:13
*** udesale has joined #openstack-glance03:54
*** belmoreira has quit IRC04:10
*** markvoelker has joined #openstack-glance04:10
*** jlvillal has quit IRC04:14
*** jlvillal has joined #openstack-glance04:14
*** Sravan has joined #openstack-glance04:22
*** Sravan has quit IRC04:32
*** _alastor_ has joined #openstack-glance04:35
*** _alastor_ has quit IRC04:39
*** markvoelker has quit IRC04:44
*** zzzeek has quit IRC04:49
*** zzzeek has joined #openstack-glance04:52
*** irclogbot_1 has quit IRC04:57
*** Sravan has joined #openstack-glance05:00
*** Sravan has quit IRC05:04
*** Sravan has joined #openstack-glance05:07
*** ratailor has joined #openstack-glance05:09
*** Sravan has quit IRC05:10
*** Sravan has joined #openstack-glance05:11
*** Sravan has quit IRC05:16
*** pdeore has joined #openstack-glance05:25
*** Sravan has joined #openstack-glance05:25
*** Sravan has quit IRC05:27
*** Sravan has joined #openstack-glance05:28
*** abhishekk has joined #openstack-glance05:28
*** udesale has quit IRC05:33
Sravanhi05:36
Sravani wanted to remove a controller node that is down from deployment and add a new controller node using kolla-ansible05:37
Sravancan you please let me know how it can be done?05:37
Sravanwithout using destroy05:37
*** markvoelker has joined #openstack-glance05:41
*** Sravan has quit IRC05:42
*** udesale has joined #openstack-glance05:43
*** Sravan has joined #openstack-glance05:43
*** Sravan has quit IRC05:43
*** itlinux has quit IRC05:45
*** itlinux has joined #openstack-glance06:11
*** markvoelker has quit IRC06:14
*** itlinux has quit IRC06:16
openstackgerritFelipe Monteiro proposed openstack/glance master: Add Policy enforcement for several Metadata Definition delete APIs  https://review.openstack.org/58453006:24
*** mosulica has joined #openstack-glance06:36
*** Luzi has joined #openstack-glance06:48
*** markvoelker has joined #openstack-glance07:11
*** itlinux has joined #openstack-glance07:12
*** belmoreira has joined #openstack-glance07:16
*** abhishekk has quit IRC07:17
*** itlinux has quit IRC07:17
*** rcernin has quit IRC07:25
*** takamatsu has joined #openstack-glance07:39
*** markvoelker has quit IRC07:43
*** udesale has quit IRC07:58
*** udesale has joined #openstack-glance08:03
*** udesale has quit IRC08:07
*** udesale has joined #openstack-glance08:08
*** pcaruana has joined #openstack-glance08:11
*** tkajinam has quit IRC08:12
*** itlinux has joined #openstack-glance08:22
*** itlinux has quit IRC08:22
*** ratailor has quit IRC08:35
*** _alastor_ has joined #openstack-glance08:36
*** _alastor_ has quit IRC08:40
*** markvoelker has joined #openstack-glance08:41
*** itlinux has joined #openstack-glance08:41
*** itlinux has quit IRC08:42
*** priteau has joined #openstack-glance08:59
*** markvoelker has quit IRC09:14
*** ratailor has joined #openstack-glance09:28
*** Florian has quit IRC09:28
*** abhishekk has joined #openstack-glance09:51
*** bhdn has quit IRC09:53
*** awalende has joined #openstack-glance09:54
*** bhagyashris has quit IRC09:55
*** markvoelker has joined #openstack-glance10:11
*** MattMan has quit IRC10:30
*** MattMan has joined #openstack-glance10:30
*** abhishekk has quit IRC10:35
*** priteau has quit IRC10:41
*** markvoelker has quit IRC10:43
*** lpetrut has joined #openstack-glance10:46
*** udesale has quit IRC11:10
*** markvoelker has joined #openstack-glance11:40
*** pdeore has quit IRC11:41
*** awalende has quit IRC11:42
*** awalende has joined #openstack-glance11:42
*** awalende has quit IRC11:44
*** awalende has joined #openstack-glance11:44
*** awalende has quit IRC12:01
*** awalende has joined #openstack-glance12:01
*** awalende has quit IRC12:02
*** awalende has joined #openstack-glance12:02
*** rosmaita has joined #openstack-glance12:04
*** ratailor has quit IRC12:06
*** mvkr has quit IRC12:09
*** markvoelker has quit IRC12:14
*** udesale has joined #openstack-glance12:55
*** markvoelker has joined #openstack-glance13:11
*** itlinux has joined #openstack-glance13:12
*** mvkr has joined #openstack-glance13:13
*** itlinux has quit IRC13:21
*** itlinux has joined #openstack-glance13:22
*** itlinux has quit IRC13:28
*** itlinux has joined #openstack-glance13:32
*** itlinux has quit IRC13:37
*** zul has joined #openstack-glance13:40
*** jmlowe has quit IRC13:41
*** itlinux has joined #openstack-glance13:42
*** markvoelker has quit IRC13:43
*** itlinux has quit IRC13:47
*** jmlowe has joined #openstack-glance14:07
*** itlinux has joined #openstack-glance14:22
*** zul has quit IRC14:25
*** zul has joined #openstack-glance14:25
*** itlinux has quit IRC14:30
*** _alastor_ has joined #openstack-glance14:38
*** markvoelker has joined #openstack-glance14:41
*** _alastor_ has quit IRC14:43
*** itlinux has joined #openstack-glance14:52
*** udesale has quit IRC14:53
*** itlinux has quit IRC14:56
*** itlinux has joined #openstack-glance14:56
*** itlinux has quit IRC14:57
*** awalende has quit IRC15:05
*** awalende has joined #openstack-glance15:05
*** awalende has quit IRC15:07
*** awalende has joined #openstack-glance15:07
*** awalende has quit IRC15:07
*** awalende has joined #openstack-glance15:11
*** markvoelker has quit IRC15:14
*** shananigans has joined #openstack-glance15:14
*** awalende has quit IRC15:15
*** Luzi has quit IRC15:19
*** jmlowe has quit IRC15:23
*** jmlowe has joined #openstack-glance15:24
*** jmlowe has quit IRC15:34
*** jmlowe has joined #openstack-glance15:45
*** lpetrut has quit IRC15:45
*** _alastor_ has joined #openstack-glance16:00
*** mosulica has quit IRC16:08
*** markvoelker has joined #openstack-glance16:11
*** jaypipes has quit IRC16:36
*** jaypipes has joined #openstack-glance16:36
*** markvoelker has quit IRC16:44
*** Florian has joined #openstack-glance16:53
*** pcaruana has quit IRC16:57
*** Vadmacs has joined #openstack-glance17:24
*** lpetrut has joined #openstack-glance17:27
*** lpetrut has quit IRC17:40
*** markvoelker has joined #openstack-glance17:41
*** Sravan has joined #openstack-glance17:44
*** Sravan has quit IRC18:01
*** Sravan has joined #openstack-glance18:03
*** Sravan has quit IRC18:10
*** markvoelker has quit IRC18:14
*** Sravan has joined #openstack-glance18:15
*** Sravan has quit IRC18:29
*** mvkr has quit IRC18:36
*** lpetrut has joined #openstack-glance18:39
*** fiddletwix has joined #openstack-glance18:49
*** Sravan has joined #openstack-glance18:58
*** mvkr has joined #openstack-glance19:07
*** markvoelker has joined #openstack-glance19:11
*** lpetrut has quit IRC19:18
*** Sravan has quit IRC19:27
*** jmlowe has quit IRC19:37
*** jmlowe has joined #openstack-glance19:38
*** Sravan has joined #openstack-glance19:42
*** markvoelker has quit IRC19:44
*** Sravan has quit IRC19:57
openstackgerritCyril Roelandt proposed openstack/glance master: Add an oslo.policy.enforcer entrypoint  https://review.openstack.org/63798519:58
*** Sravan has joined #openstack-glance19:58
*** openstackgerrit has quit IRC20:09
*** Florian has quit IRC20:12
*** Sravan has quit IRC20:28
*** Sravan has joined #openstack-glance20:31
*** Vadmacs has quit IRC20:38
*** markvoelker has joined #openstack-glance20:41
*** Sravan has quit IRC20:50
*** jmlowe has quit IRC20:57
*** markvoelker has quit IRC21:13
*** Sravan has joined #openstack-glance21:25
*** Sravan has quit IRC21:30
*** Sravan has joined #openstack-glance22:05
*** Sravan has quit IRC22:08
*** markvoelker has joined #openstack-glance22:10
*** Sravan has joined #openstack-glance22:13
*** rcernin has joined #openstack-glance22:26
*** markvoelker has quit IRC22:44
*** tkajinam has joined #openstack-glance22:55
fiddletwixhaving issues with image visibility in ocata, I specify visibility "private" and the image is owned by one project/tenant and yet its visible to other tenants. I can change visibility to community with an empty member list and that seems to work but I would think private would also work.22:55
fiddletwixand is this the right place for this question? :)22:55
rosmaitafiddletwix: right place22:56
rosmaitafiddletwix: pretty unlikely that a private image is visible to users not in that project/tenant22:58
rosmaitausually when this is reported it has to do with policies22:58
rosmaitaan admin user *can* see the private images in other projects22:59
rosmaitathe default admin role is 'admin'22:59
rosmaitaso check to see if a user who can see the images in another project has that role23:00
rosmaitaif so, you may have bigger problems, because admins can delete the images in other projects23:00
fiddletwixok, let me check that users role in that project23:01
rosmaitaalso, check what your definition is for 'context_is_admin' in /etc/glance/policy.json23:01
fiddletwixthat was it, the user had admin rights and that wasn't supposed to be the case!23:02
rosmaitaok, glad you found it ... better remove those admin rights immediately!23:03
fiddletwixalready done! thankfully this was in dev so nothing too terrible23:03
rosmaitacool23:04
rosmaitafiddletwix: this situation has been happening more and more frequently lately ... were you working from a blog post or something?23:04
rosmaitai've been seeing several people trying to create a "user admin" for a tenant ... you don't need to do that, the default permissions make any user in a tenant have full CRUD powers within that tenant23:06
fiddletwixno, working with a vendor provided OS and just diving in learning this stuff.  I'm reasonably new to OS operations but as soon as you said "check admin" rights the bells went off in my head23:06
fiddletwixyeah, vendor didn't quite explain that right :/23:06
rosmaitathanks, just checking23:06
fiddletwixsure thing23:06
*** shananigans has quit IRC23:06
rosmaitafiddletwix: you may want to take a look at the new policy configuration howto in cinder ... it's  a bit different from glance, but the general idea is the same23:07
rosmaitahttps://docs.openstack.org/cinder/latest/configuration/block-storage/policy-config-HOWTO.html23:07
rosmaitaone key difference is that glance does not have defaults defined in code, so you MUST use a policy.json file with glance23:08
fiddletwixaah, good to know. policies were the next thing we were going to dive into to get a more refined RBAC23:11
fiddletwixright now we've kept it simple, admin and member. didn't realize admin spanned projects. learning as I go but thats why I am testing in dev23:12
*** imacdonn has joined #openstack-glance23:32
*** imacdonn_ has joined #openstack-glance23:32
*** imacdonn_ has quit IRC23:32
*** jmlowe has joined #openstack-glance23:40
*** markvoelker has joined #openstack-glance23:41
« Monday, 2019-02-18 Index Wednesday, 2019-02-20 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!