Monday, 2019-11-18

« Sunday, 2019-11-17 Index Tuesday, 2019-11-19 »
*** jamesmcarthur has quit IRC00:14
*** jamesmcarthur has joined #openstack-keystone00:18
*** jamesmcarthur has quit IRC00:20
*** ivve has quit IRC00:33
*** jamesmcarthur has joined #openstack-keystone00:39
*** jamesmcarthur has quit IRC00:45
*** jamesmcarthur has joined #openstack-keystone00:52
*** jamesmcarthur has quit IRC00:58
*** jamesmcarthur has joined #openstack-keystone01:14
*** jamesmcarthur has quit IRC01:14
*** jamesmcarthur has joined #openstack-keystone01:15
*** jamesmcarthur has quit IRC01:33
*** jamesmcarthur has joined #openstack-keystone02:17
*** jamesmcarthur has quit IRC02:36
*** ileixe has quit IRC05:29
*** ileixe has joined #openstack-keystone05:32
*** Luzi has joined #openstack-keystone06:11
*** awalende has joined #openstack-keystone06:16
*** awalende has quit IRC06:20
*** ileixe has quit IRC06:51
*** ileixe has joined #openstack-keystone06:52
*** rcernin has quit IRC07:04
*** jamesmcarthur has joined #openstack-keystone07:39
*** tkajinam has quit IRC08:02
*** tesseract has joined #openstack-keystone08:15
*** jamesmcarthur has quit IRC08:21
*** jamesmcarthur has joined #openstack-keystone08:23
*** jamesmcarthur has quit IRC08:28
viks___Aws access/secret keys looks like below:08:28
viks___```08:28
viks___aws_access_key_id=AKIAIOSFODNN7EXAMPLE08:28
viks___aws_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY08:28
viks___```08:28
viks___But Openstack generated ec2 access/secret keys are like:08:28
viks___```08:28
viks___aws_access_key_id=25a85cd8618c43f09e7fd9222c1b142408:28
viks___aws_secret_access_key=b41e5049be68439db01054cca6bbf5c008:28
viks___```08:28
viks___why it looks different format? Anyone has any idea? Is it possible to generate something similar to aws ec2 using keystone?08:28
viks___for the above, do we need to create them explicitly as mentioned here -> https://docs.openstack.org/api-ref/identity/v3/?expanded=create-credential-detail#credentials ?08:37
*** jamesmcarthur has joined #openstack-keystone08:38
*** ivve has joined #openstack-keystone08:46
*** jaosorior has joined #openstack-keystone08:48
*** jamesmcarthur has quit IRC09:07
*** jamesmcarthur has joined #openstack-keystone09:12
*** awalende has joined #openstack-keystone09:16
*** jamesmcarthur has quit IRC09:17
*** awalende has quit IRC09:18
*** awalende has joined #openstack-keystone09:26
*** awalende has quit IRC09:30
*** awalende has joined #openstack-keystone09:36
*** awalende has quit IRC09:37
*** jamesmcarthur has joined #openstack-keystone09:38
*** ileixe has quit IRC09:40
*** ileixe has joined #openstack-keystone09:41
*** jamesmcarthur has quit IRC09:42
*** ileixe has quit IRC10:10
*** pcaruana has joined #openstack-keystone10:10
*** ileixe has joined #openstack-keystone10:11
*** jamesmcarthur has joined #openstack-keystone10:12
*** jamesmcarthur has quit IRC10:17
*** rcernin has joined #openstack-keystone10:52
*** jamesmcarthur has joined #openstack-keystone10:59
*** jamesmcarthur has quit IRC11:04
*** awalende has joined #openstack-keystone11:14
*** awalende has quit IRC11:14
*** awalende has joined #openstack-keystone11:20
*** awalende has quit IRC11:21
*** raildo has joined #openstack-keystone11:47
*** tellesnobrega has quit IRC11:50
*** jamesmcarthur has joined #openstack-keystone12:00
*** jamesmcarthur has quit IRC12:05
*** rcernin has quit IRC12:31
*** jamesmcarthur has joined #openstack-keystone13:02
*** jamesmcarthur has quit IRC13:08
*** jamesmcarthur_ has joined #openstack-keystone13:08
*** sapd1 has quit IRC13:16
*** jamesmcarthur_ has quit IRC13:33
*** jamesmcarthur has joined #openstack-keystone13:50
*** yan0s has joined #openstack-keystone13:52
*** awalende has joined #openstack-keystone13:55
*** awalende has quit IRC14:26
*** beekneemech is now known as bnemec14:29
*** jamesmcarthur has quit IRC14:53
*** Luzi has quit IRC14:59
*** tesseract has quit IRC15:01
*** tesseract has joined #openstack-keystone15:01
*** jamesmcarthur has joined #openstack-keystone15:05
*** jamesmcarthur has quit IRC15:08
*** jamesmcarthur has joined #openstack-keystone15:08
*** spatel has joined #openstack-keystone15:19
spatelcmurphy: morning15:20
spatelmy keystone successfully integrated with LDAP (as you suggested)15:21
spatelLDAP for identitet and SQL for assignments15:21
*** dklyle has quit IRC15:57
*** dklyle has joined #openstack-keystone15:58
*** gyee has joined #openstack-keystone16:02
*** jmlowe has joined #openstack-keystone16:06
*** jamesmcarthur_ has joined #openstack-keystone16:20
*** jamesmcarthur has quit IRC16:23
*** jamesmcarthur has joined #openstack-keystone16:53
*** jamesmcarthur_ has quit IRC16:56
*** jamesmcarthur has quit IRC17:01
*** jamesmcarthur has joined #openstack-keystone17:01
*** jamesmcarthur has quit IRC17:01
*** yan0s has quit IRC17:02
*** jmlowe has quit IRC17:04
*** jamesmcarthur has joined #openstack-keystone17:32
*** mvkr has quit IRC18:32
cmurphyspatel: great!18:40
spatelcmurphy: thinking to put it on my blog so people don't need to struggle, because i haven't see any blog using latest openstack code so its confusing with current code..18:42
cmurphy++18:42
spatelcmurphy: now i need to figure out how to hide password in teraform :)18:45
spatelis it possible i can ask keystone to give me token and i put that token in teraform file ?18:45
cmurphyspatel: the token is just as sensitive as a password, and it expires so you would have to update your terraform file18:47
cmurphyspatel: you could use application credentials instead https://docs.openstack.org/keystone/latest/user/application_credentials.html18:47
spatelvery interesting...18:48
spatellet me explore..18:48
*** tesseract has quit IRC18:52
*** renich has joined #openstack-keystone20:06
renichGood day20:06
renichI just upgraded to Train and it is not clear to me how to upgrade. I understand that there are some roles that should be made immutable, but I don't get it. How do I make them so?20:06
renichhttps://paste.centos.org/view/a507091920:06
renichThat's what the check says20:06
*** jmlowe has joined #openstack-keystone20:16
renichI am trying to look for a specific instruction on how to upgrade the roles to be immutable but can't find it. They only command referenced is `keystone-manage bootstrap --immutable-roles`20:18
renichAny tips? I am kind of desperate here (in the middle of an upgrade)20:21
renichMy theory is that I need to edit: keystone.policy.yaml but I don't really know how.20:22
renichHow can I make roles immutable?20:38
cmurphyrenich: thanks for pointing out that we're missing a bit of documentation :( to make roles immutable you need to update the "options" attribute of the role to have "immutable": true , documentation on resource options is here https://docs.openstack.org/keystone/latest/admin/resource-options.html it unfortunately doesn't mention "immutable" yet and the CLI doesn't cover it, it needs to be done with20:50
cmurphycurl :/20:50
renichcmurphy: phew! Thanks!20:51
renichwill try it20:51
cmurphyrenich: it's also not fatal to leave it as-is, it's just letting you opt into safer behavior20:52
cmurphyso feel free to ignore it20:52
renichcmurphy: it's not fatal? hmm... then I have some other issue. Keystone isn't responding after upgrade then. As in `openstack user list` doesn't work after sourcing admin-openrc20:52
cmurphyrenich: that's a different issue then20:53
cmurphyrenich: what does "doesn't work" mean? i would check the keystone logs first20:53
renichlook: RESP BODY: {"error":{"code":403,"message":"You are not authorized to perform the requested action: identity:list_users.","title":"Forbidden"}}20:55
cmurphyrenich: do you have custom policy rules? as in do you have anything in /etc/keystone/keystone.{json,yaml} ?20:55
renichcmurphy: nothing that I know of.20:56
renichI just have keystone.policy.yaml20:56
renichAnd it's vanilla20:56
cmurphyrenich: all policies are defined in-code now so unless you have a specific reason for overriding rules you should have no policy.yaml file20:57
*** raildo has quit IRC20:57
renichcmurphy: OK, I will remove it20:58
renich2019-11-18 20:58:54.856 16006 WARNING keystone.server.flask.application [req-46d8514d-9911-412c-802d-4fd8c9dd96f7 6ac28ce8518e4695b99af55b887ae3d4 7547634d002648b182845a58dfd3a89e - default default] You are not authorized to perform the requested action: identity:list_users.: keystone.exception.ForbiddenAction: You are not authorized to perform the requested action: identity:list_users.20:59
*** gagehugo94 has joined #openstack-keystone21:00
*** gagehugo94 has quit IRC21:01
renichcmurphy: how would you do the immutable option setting with curl? never done the auth part using curl. I know I need to use something like: curl -X POST -d "@immutable.json" localhost:5000/v3/users/21:01
cmurphyrenich: you need to get your admin user working first21:02
renichah, OK... damn.21:02
cmurphydon't worry about the immutable option until keystone is working21:02
cmurphyhmm if you have an old deployment you may not have implied roles set up, if you are using the new default policies then your old admin user might not have role:reader <-- lbragstad did we account for that at all?21:02
renichI was one release behind21:06
lbragstadcmurphy we might have assumed someone needs to run keystone-manage bootstrap21:08
renichwhat happens to my users if I run keystone-manage bootstrap?21:08
lbragstadrenich keystone-manage bootstrap will detect conflicts if the entities it's trying to create already exist21:09
renichlbragstad: OK, but it will not delete the users, right? So I can safely run it?21:09
openstackgerritGage Hugo proposed openstack/keystone master: WIP - Change time faking for totp test  https://review.opendev.org/68439721:09
cmurphyrenich: yes it is safe to run21:09
lbragstadyes - it won't delete your users, it's only concerned with the admin user21:10
cmurphyit also looks like it does ensure_implied_roles so it will update existing roles21:10
renichcmurphy: OK. I will try running it to see if it fixes stuff...21:10
renichone question though, which password is it asking for?21:10
renichthe admin's password?21:10
lbragstadrenich yeah - it's asking for the admin password, but keep in mind that it will set the password21:10
renichOK21:11
lbragstadkeystone-manage bootstrap doesn't use the password you supply it to authenticate in any way21:11
lbragstadso - if you have an existing admin user and you supply a new password, the admin user is going to have their password reset21:11
lbragstad(new password == something different than the original password)21:11
renichlbragstad: OK21:12
renichafter running: keystone-manage bootstrap --bootstrap-password=somepass --immutable-roles; I get nothing21:16
renichis it useful if I show you values on the DB?21:16
*** awalende has joined #openstack-keystone21:16
lbragstadrenich you should be able to query keystone through the API to view relationships between roles21:16
renichhow?21:17
lbragstadrenich `openstack implied role list`21:20
lbragstadhere's an example of what's returned to me on my system http://paste.openstack.org/show/786297/21:20
*** awalende has quit IRC21:21
renichlbragstad: 2019-11-18 21:26:14.423 30072 WARNING keystone.server.flask.application [req-d6df9810-2db1-495f-b760-32adb5e7ed86 6ac28ce8518e4695b99af55b887ae3d4 7547634d002648b182845a58dfd3a89e - default default] You are not authorized to perform the requested action: identity:list_role_inference_rules.: keystone.exception.ForbiddenAction: You are not authorized to perform the requested action: identity:list_role_inference_rules.21:26
*** awalende has joined #openstack-keystone21:26
renichroot@controller1.zrh:/etc/keystone# ls21:26
renichcredential-keys  default_catalog.templates  fernet-keys  keystone.conf  keystone.conf.dpkg-dist  logging.conf  old  ssl  sso_callback_template.html21:26
renichI have no policy.yaml and it keeps telling me I am not allowed to perform the action21:27
renichlbragstad: when I ran bootstrap (with all the settings), I get this: https://paste.centos.org/view/41d65b1521:30
*** awalende has quit IRC21:31
renichAlso, when running the upgrade check after the bootstrap, I get this: https://paste.centos.org/view/33cb24fa21:32
renichit changed. Before, admin was the one with the failure. Now, the roles are.21:33
renichOh, I really hope we can figure this out. <gulp>...21:34
lbragstadwhich user are you using?21:36
renichlbragstad: admin21:36
lbragstadare you using a clouds.yaml file?21:36
renichlbragstad: no21:36
*** awalende has joined #openstack-keystone21:36
lbragstadcan you get a system-scoped token instead?21:37
renichlbragstad: sure, tell me how.21:37
lbragstadhttp://paste.openstack.org/show/786299/21:37
lbragstadthat's the difference between using a project-scoped token to access the implied role api and using a system-scoped token21:38
renichroot@controller1.zrh:/etc/keystone# cat /etc/openstack/clouds.yaml21:38
renichcat: /etc/openstack/clouds.yaml: No such file or directory21:38
lbragstadthat's fine... you can put that file there or keep it in your local directly21:38
lbragstaddirectory*21:38
renichah, OK. You want me to set that up21:38
lbragstador you can just specify things on the command line when you make that call21:39
lbragstadyou don't have to use clouds.yaml21:39
lbragstadit's just my preference21:39
renichoh, OK21:39
lbragstadhere's the documentation if you want to read up on it - https://docs.openstack.org/os-client-config/latest/user/configuration.html21:39
lbragstadare you using an rc file then?21:39
renichlbragstad: thanks.21:39
renichYes, I am21:39
renichlbragstad: thank you for the clouds.yaml tip. It's useful.21:40
lbragstadok - if you crack it open, do you see OS_PROJECT_NAME or OS_PROJECT_ID?21:40
*** awalende has quit IRC21:40
renichOS_PROJECT_NAME21:41
lbragstadok - you're getting a project-scoped token then21:41
lbragstadyou can test this by doing an `openstack token issue`21:41
renichworks21:41
renichproject_id and user_id21:41
lbragstadyeah - so that's a project-scoped token, you'll need a system-scoped token to access the implied roles API21:42
renichOK. How do I get it?21:42
lbragstadyou'll need to create or copy a new rc file that removes the OS_PROJECT_NAME parameter and replaces it with OS_SYSTEM_SCOPE21:43
renichOK21:43
lbragstadi think i set OS_SYSTEM_SCOPE = all21:43
renichdone and sources21:44
lbragstadwhen you source your system rc file, make sure you unset OS_PROJECT_NAME from your env21:44
renichsourced*21:44
renichand user list works!21:44
lbragstadif you do `openstack token issue` you should get a token back but it will have a slightly different structure than the project-scoped one you just created a few minutes ago21:45
lbragstadinstead of a project field, you'll see system21:45
renichYes. I do.21:45
lbragstadhttps://docs.openstack.org/keystone/latest/contributor/services.html#authorization-scopes describes the concept behind system-scope, domain-scope, and project-scope21:46
*** awalende has joined #openstack-keystone21:46
lbragstadrenich additionally, you should be able to list implied roles, too21:46
lbragstad`openstack implied role list`21:46
renichhttp://paste.openstack.org/show/786300/21:47
lbragstadlooks like it worked21:47
renichyes, but how will my other users access it now? (if you can't use OS_PROJECT_NAME)21:48
lbragstadif you have other users that need access to the user API then they should probably have system role assignemnts21:49
lbragstadassignments*21:49
lbragstad(and they'll have their own rc files or clouds.yaml profiles)21:49
renichlbragstad: I don't quite follow. Do I need to create system role assignments for them?21:51
lbragstadif they need access to system-specific resources, you'll need to grant them authorization on the system21:51
lbragstadyeah - you'll do that by creating system-role assignments21:51
renichOK, I'll need to read-on then.21:52
renichBasically, we only have swift.21:52
renichAnd they require access to their object storage.21:52
lbragstad`openstack role add --user alice --system all admin`21:52
lbragstadthat doc that i linked earlier explains most of this better than i can21:52
renichlbragstad: thanks! You saved my life. I'll have to read-on so I can re-create this21:53
lbragstadrenich glad i could help - good luck21:53
renichlbragstad: thanks a lot.21:53
lbragstadno problem21:54
*** awalende has quit IRC21:56
*** awalende has joined #openstack-keystone21:57
cmurphylbragstad: an upgrade to train shouldn't have broken renich's project-admin role assignments i'm pretty sure22:00
cmurphyrenich: did you change anything in keystone.conf when you upgraded? do you have [oslo_policy]/enforce_scope set to anything?22:01
renichcmurphy: no. I tried with the oslo_policy force suggestion, but switched back22:01
renichcmurphy: http://paste.openstack.org/show/786301/22:03
renichI see these messages as well:22:05
renich2019-11-18 22:00:41.900 30072 WARNING keystone.common.rbac_enforcer.enforcer [req-2b8b614a-97c3-4198-8ba0-d34be7cbc31a 6ac28ce8518e4695b99af55b887ae3d4 - - default -] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.22:05
*** awalende has quit IRC22:07
*** awalende has joined #openstack-keystone22:07
cmurphyrenich: that message is meant to encourage you to switch to system scope but the deprecations are there because we don't want to break your old configuration, but it looks like somehow we did22:08
*** awalende_ has joined #openstack-keystone22:08
renichcmurphy: OK. I want to migrate if we are required to. I just need to figure it out now for my users. We only use swift and I can't seem to access it now. Reading into what lbragstad provided.22:09
cmurphyswift doesn't support system scope yet, that's part of why the old policies should still have worked. if you change back to project scope you should be able to access swift.22:11
*** awalende has quit IRC22:12
renichcmurphy: how can I do that? The only thing we did was change the openrc file22:13
cmurphyrenich: the openrc file is setting environment variables, so either manually change the environment variables back or create a different openrc file with the old project scope settings and source it, or use a clouds.yaml file as lbragstad mentioned22:15
renichcmurphy: OK, I still have my old openrc file. The one that has OS_PROJECT_NAME22:17
renichcmurphy: but, when I try to use it, it tells me: You are not authorized to perform the requested action: identity:list_endpoints. (HTTP 403) (Request-ID: req-e425d327-9ba4-4552-8e43-2c4c008453d4)22:18
renichWhat I mean by "use it" is: source admin-openrc; openstack endpoint list22:18
renichNow, `openstack container list` gives me a whole different issue: openstack container list22:18
renichUnable to establish connection to http://os.zrh.cloudsigma.com:8080/v1/AUTH_7547634d002648b182845a58dfd3a89e: HTTPConnectionPool(host='os.zrh.cloudsigma.com', port=8080): Max retries exceeded with url: /v1/AUTH_7547634d002648b182845a58dfd3a89e?format=json (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f878ea60a58>: Failed to establish a new connection: [Errno 111] Connection refused',))22:19
renichoh, swift might not be running... checking22:21
cmurphyrenich: okay I guess when you said you couldn't access swift i assumed it was still a policy issue, connection refused is a whole different issue22:21
renichcmurphy: yeah, sorry for that, hehe. Checking the swift services22:21
cmurphyi don't know swift so can't help with that here22:21
cmurphyalso need to run to the airport, best of luck22:21
timburkeyeah, "connection refused" definitely sounds like swift isn't running yet :-)22:22
renichswift-proxy is down22:23
renichit's not starting...22:23
timburkewhat do your swift logs say?22:23
renichhttp://paste.openstack.org/show/786304/22:25
*** pcaruana has quit IRC22:26
timburkeah... so swift3 moved back into the swift repo as s3api -- you can either continue installing a swift3 package so your configs don't need to change, or switch your proxy-server config to point to s3api instead of swift322:26
timburkenote that there may be some pipeline-ordering changes required, too, depending on where you're upgrading from22:27
renichtimburke: I'll do the second22:27
timburkesounds good! there's a bunch of good fixes that have landed since it came back under swift22:28
renichUnauthorized (HTTP 401) (Request-ID: tx07c3f490192f48ffaaa3b-005dd31b5f)22:30
renichOK, swift-proxy starts now. But I still get unauthorized when trying to use project-scope22:30
timburkefwiw, there's an example snippet around https://docs.openstack.org/swift/latest/middleware.html#proxy-server-setting -- but it looks like you've already gotten that far :-)22:30
timburkewhat's the pipeline look like?22:30
renichtimburke: pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit s3api s3token authtoken keystoneauth slo dlo container-quotas account-quotas versioned_writes proxy-logging proxy-server22:31
timburkebring authtoken ahead of s3api. maybe check the auth_uri for s3token in light of the note at https://docs.openstack.org/swift/latest/middleware.html#s3-token-middleware22:32
renichhttp://paste.openstack.org/show/786305/422:33
renichtimburke: OK22:33
* renich is chekcing the note22:34
renichtimburke: what about auth_url?22:36
renichshould it include /v3 as well?22:36
timburkelooks like account servers are also down? might be worth checking container and object, too. but those aren't causing the auth problem -- is that 35357 port right, or have things moved to 5000?22:36
timburkeyep22:37
timburkeshould have /v322:37
renichtimburke: let me check22:37
renichtimburke: swift-account is up and running. It wasn't down. Will check the others22:38
renichtimburke: I've moved to 500022:38
timburkefunny. i wonder what was up with the "ERROR with Account server 10.0.252.26:6002/1 re: Trying to HEAD /v1/AUTH_7547634d002648b182845a58dfd3a89e: Connection refused" then...22:40
*** mvkr has joined #openstack-keystone22:40
timburke5000 is good, the new standard config! worth checking that it's updated for both [filter:authtoken] and [filter:s3token]22:41
renichtimburke: I am seeing this now in the logs with keystone (probably due to what is at [DEFAULT]): http://paste.openstack.org/show/786306/22:42
renichtimburke: OK22:42
timburkethose log lines should be harmless22:43
renichtimburke: OK22:43
renich... wait, `openstack container list` works for the demo user, but not the admin user.... ???22:43
timburkeo.O22:44
renichhmmm... container create doesn't work... only container list...22:44
renichoh man :S22:44
timburke... i _guess_ that's progress?22:44
renichyeah, hehe22:44
timburkelet's see what we can do about that admin user! what roles have we got assigned for the project?22:45
*** awalende_ has quit IRC22:46
renichtimburke: the default project?22:46
*** rcernin has joined #openstack-keystone22:46
timburkewhatever you're using when getting the token. so, probably yeah, the default one?22:47
timburkealso, what's [filter:keystoneauth] look like? in particular, is there overlap between the user's roles and what's configured for operator_roles and/or reseller_admin_role?22:47
renichtimburke: let me show you22:48
renichhttp://paste.openstack.org/show/786308/22:49
renichThat's how keystoneauth looks like22:49
renichand the roles...22:49
renich`openstack role assignment list --project=default` shows nothing22:51
renichwait...22:51
renichhttp://paste.openstack.org/show/786309/22:52
renichThat's the role assignment list for ... oh... UUID-like strings...22:52
timburkethere's a --names that should help22:53
renichOK, I checked the account, object and container servers in the second node. They were down. Now, they're up. container creation works for demo user22:53
timburke\o/22:53
timburkeadmin user's still a no-go?22:53
renichtimburke: and container creation works for admin as well! :D22:54
timburkewhoo!22:54
renichtimburke: man, thanks a lot. Sorry for my carelessness. :S22:54
timburkeno no -- sorry for not having better upgrade docs...22:54
renichI really appreciate it timburke, cmurphy and lbragstad... sniff... sniff...22:54
renichtimburke: in all fairness, I share responsibility for this. I had some misconfiguration going on.22:55
renichI really appreciate that you guys tuck with me until it worked. I was really scared, hehe.22:56
timburkei oughta look harder at when these things changed and make better use of the Upgrade Notes sections of the release notes. not sure it'd work to update them on the stable branch, though :-/22:56
timburkei really really want people to still be able to access their data :-D22:57
renichtimburke: yeah, me too! ;D22:57
renichI learned a few things, though. The clouds.yaml thing is awesome. Also, I wanna migrate to the system scope paradigm so we do not suffer so much when upgrading.22:58
timburke...which gives me that much more reason to figure out how to use the system scope in swift ;-)22:58
renichtimburke: hehehe, OK.22:59
timburkepretty sure it comes down to mapping it to reseller admin, but the devil's in the details i suppose23:00
renichMan, I am gonna go have a coffee or something. I kind of need it after this... phew! Thanks again! I'm gonna send you, guys, good vibes all week!23:00
renichsupport, the upgrade is done!23:00
timburkeGL! maybe check that S3 API is working for you before celebrating ;-)23:00
renichOK, I will.23:01
renichhehehe23:01
renichit seems to work.23:01
timburke(if it doesn't, maybe we'll take this over to #openstack-swift so we're not bothering the keystone folks)23:01
timburke👍23:01
*** spatel has quit IRC23:02
renichyeah, sorry #openstack-keystone people. We took over the channel. :S23:03
*** tkajinam has joined #openstack-keystone23:09
*** aloga_ has quit IRC23:10
*** jaosorior has quit IRC23:21
*** ivve has quit IRC23:26
*** aloga has joined #openstack-keystone23:40
*** jamesmcarthur has quit IRC23:46
*** jamesmcarthur has joined #openstack-keystone23:46
*** jamesmcarthur has quit IRC23:48
« Sunday, 2019-11-17 Index Tuesday, 2019-11-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!