| shubjero | Does Horizon provide a way to generate ec2 credentials? I'm looking for the Horizon equivalent of 'openstack ec2 credentials ...' | 11:39 |
|---|---|---|
| -opendevstatus- NOTICE: Our Zuul gating CI/CD services will be offline starting around 14:00 UTC (in roughly two hours from now) in order to apply some critical security updates, and is not expected to remain offline for more than 30 minutes. | 12:01 | |
| vishalmanchanda | shubjero: Hi, horizon only supports Application Credentials as of now. | 12:02 |
| shubjero | vishalmanchanda: Thank you, that explains why I cannot find it! :) | 12:59 |
| shubjero | vishalmanchanda: Actually, I also see you are the asignee to https://bugs.launchpad.net/horizon/+bug/1886025 . Has this been backported to Ussuri? | 13:16 |
| shubjero | We just upgraded to Ussuri a couple weeks ago and I just noticed this small bug | 13:16 |
| vishalmanchanda | shubjero: hmm fix is purposed when victoria is master branch. | 13:20 |
| shubjero | vishalmanchanda: Well your fix looks simple enough to just backport myself :) | 13:20 |
| vishalmanchanda | shubjero: Do you want me to backport it to stable/ussuri https://review.opendev.org/c/openstack/horizon/+/739685 | 13:20 |
| shubjero | vishalmanchanda: that would be ideal! | 13:20 |
| opendevreview | Vishal Manchanda proposed openstack/horizon stable/ussuri: Fix tooltips and popovers for flavor details on the instance list. https://review.opendev.org/c/openstack/horizon/+/797916 | 13:21 |
| vishalmanchanda | shubjero: done ^^ | 13:21 |
| shubjero | vishalmanchanda: Nice! thank you. I install Openstack from ubuntu packages so hopefully they can pick this up at some point too, in the meantime I'm happy to modify that html file manually | 13:22 |
| -opendevstatus- NOTICE: Our Zuul gating CI/CD services are being taken offline now in order to apply some critical security updates, and are not expected to remain offline for more than 30 minutes. | 13:56 | |
| amotoki | shubjero: regarding ec2 credentail, do you mean openrc/clouds.yaml equivalent for EC2 credential? | 14:09 |
| shubjero | amotoki: no, I'm referring to the ability for openstack/keystone to generate a S3 style access/secret which can be used to authenticate against ceph radosgw backends instead of having to create the s3 access/secret via radosgw-admin (which would be limited to ceph administrators). | 14:10 |
| shubjero | the ec2 credential is basically a self-serve s3 api key generation | 14:11 |
| shubjero | the key generated is scoped to the users defined or active/defaul topenstack project which is great | 14:12 |
| amotoki | shubjero: okay. I found https://opendev.org/openstack/horizon/src/branch/master/openstack_dashboard/dashboards/project/api_access/views.py#L42 and just wondered this is what you want, but perhaps it is not the thing. | 14:12 |
| shubjero | amotoki: Interesting, I am not sure. I'm not a dev just an operator but the terminology sounds correct. Where is this in the UI? | 14:14 |
| amotoki | shubjero: IIRC I can access nova via nova ec2 service (which is now a part of openstack/ec2 project) using a credentail downloaded from there. | 14:15 |
| amotoki | shubjero: it was several years ago (almost 10 years ago), so I might be wrong. | 14:15 |
| shubjero | amotoki: yeah nova ec2 is different from ec2 credentials. Confusing, I know, but nova ec2 I believe was early days api equivalent to aws ec2. | 14:16 |
| shubjero | and yeah, deprecated. But I don't think ec2 credentials is deprecated | 14:17 |
| amotoki | shubjero: yes, I know. I just said I could access nova using ec2 credentials. | 14:17 |
| shubjero | oh I see, so its more than just object-storage then, if configured to support it I guess | 14:18 |
| amotoki | nova ec2 uses ec2 credentials for authn, so I think we are talking the same thing. | 14:18 |
| shubjero | Yeah, I think so. But there's nothing built in Horizon to provide users a gui self-serve to create/manage ec2 creds, right? At least I can't seem to find it | 14:20 |
| amotoki | shubjero: you can find the reason at https://opendev.org/openstack/horizon/src/branch/master/openstack_dashboard/dashboards/project/api_access/tables.py#L42 | 14:22 |
| amotoki | shubjero: horizon shows the download button in the API access panel only when 'ec2' service is registered to the keystone catalog. | 14:23 |
| shubjero | amotoki: ok cool thanks, I don't have that anymore, I think we removed that because we thought it was deprecated | 14:24 |
| amotoki | shubjero: is the project https://opendev.org/openstack/ec2-api deprecated now? | 14:25 |
| amotoki | shubjero: I am not so familiar with the status of the ec2-api project. | 14:26 |
| shubjero | amotoki: Neither am I. There was likely some confusion on my end about 'ec2' stuff a couple years ago I think | 14:26 |
| amotoki | shubjero: okay. no problem. nova ec2 API was deprecated and it was split out as ec2-api project. | 14:27 |
| amotoki | and then nova ec2 API was dropped. | 14:27 |
| shubjero | Yeah maybe that was it. Nova's seen a lot of functionality decoupled over the years | 14:28 |
| shubjero | amotoki: thanks for your insight! | 14:28 |
| amotoki | shubjero: some more info. as a quick look, python-openstackclient ec2 credentail create and horizon code I quoted use the same code internally. | 14:28 |
| shubjero | amotoki: yeah, I've been setting up the ceph radosgw integration with keystone for our users and I've been writing our docs with openstackclient in mind and was just curious if I also needed to write up some documentation on how to do it in Horizon as well.. hence my questions here today :) | 14:29 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!