Wednesday, 2019-12-18

« Tuesday, 2019-12-17 Index Thursday, 2019-12-19 »
*** tkajinam has quit IRC00:07
*** tkajinam has joined #openstack-keystone00:07
*** Guest88425 is now known as Krenair00:13
*** bnemec has quit IRC00:14
*** jawad_axd has joined #openstack-keystone00:14
*** jawad_axd has quit IRC00:18
*** dave-mccowan has joined #openstack-keystone00:20
openstackgerritColleen Murphy proposed openstack/keystone-tempest-plugin master: WIP/PoC:Add RBAC tests  https://review.opendev.org/68630500:32
*** jawad_axd has joined #openstack-keystone00:34
*** jawad_axd has quit IRC00:39
*** rodrigods has quit IRC00:39
*** gyee has quit IRC00:47
*** jawad_axd has joined #openstack-keystone00:55
*** jawad_axd has quit IRC01:00
*** jawad_axd has joined #openstack-keystone01:16
*** dave-mccowan has quit IRC01:16
*** jawad_axd has quit IRC01:21
*** jawad_axd has joined #openstack-keystone01:37
*** jawad_axd has quit IRC01:41
*** dave-mccowan has joined #openstack-keystone01:50
*** jawad_axd has joined #openstack-keystone01:57
*** jawad_axd has quit IRC02:01
*** dklyle has quit IRC02:03
*** david-lyle has joined #openstack-keystone02:03
*** jawad_axd has joined #openstack-keystone02:18
*** jawad_axd has quit IRC02:22
*** jawad_axd has joined #openstack-keystone02:39
*** jawad_axd has quit IRC02:43
*** awalende has joined #openstack-keystone02:44
*** awalende has quit IRC02:49
*** jamesmcarthur has joined #openstack-keystone03:29
*** jamesmcarthur has quit IRC03:44
*** dave-mccowan has quit IRC04:46
*** pcaruana has joined #openstack-keystone05:24
*** shyamb has joined #openstack-keystone06:40
*** jamesmcarthur has joined #openstack-keystone06:46
*** jamesmcarthur has quit IRC06:51
*** rcernin has quit IRC06:56
*** awalende has joined #openstack-keystone07:15
*** awalende has quit IRC07:20
*** shyamb has quit IRC07:41
*** kozhukalov has joined #openstack-keystone07:52
*** vesper11 has quit IRC08:09
*** jawad_axd has joined #openstack-keystone08:09
*** vesper11 has joined #openstack-keystone08:14
*** amoralej|off is now known as amoralej08:14
*** awalende has joined #openstack-keystone08:21
*** tkajinam has quit IRC08:34
*** shyamb has joined #openstack-keystone08:35
*** dancn has joined #openstack-keystone08:35
*** kozhukalov has quit IRC08:58
*** yan0s has joined #openstack-keystone09:04
*** starborn has joined #openstack-keystone09:22
*** shyamb has quit IRC09:23
*** dancn has quit IRC09:46
*** pawan-gupta has quit IRC09:47
*** shyamb has joined #openstack-keystone09:51
*** dancn has joined #openstack-keystone09:58
*** shyamb has quit IRC10:42
*** shyamb has joined #openstack-keystone10:59
*** shyamb has quit IRC11:27
openstackgerritStephen Finucane proposed openstack/oslo.policy master: Add 'namespaced' flag on checker CLI  https://review.opendev.org/61040211:40
*** raildo has joined #openstack-keystone12:05
*** adriant has quit IRC12:18
*** adriant has joined #openstack-keystone12:18
*** tacco has joined #openstack-keystone12:48
taccohi there.. i would like to archive ldap group based member/admin access to projects.. whats the best way of doing this? my toughts was to simply add groups to roles.. pointing to the projects.. but i always get the following error when i try to show the ldap based groups.12:50
taccoUserWarning: Policy identity:list_groups failed scope check. The token used to make the request was project scoped but the policy requires ['system', 'domain'] scope.12:50
*** shyamb has joined #openstack-keystone12:58
*** jamesmcarthur has joined #openstack-keystone13:05
*** amoralej is now known as amoralej|lunch13:09
*** jamesmcarthur has quit IRC13:12
*** jamesmcarthur has joined #openstack-keystone13:13
*** jamesmcarthur has quit IRC13:29
*** amoralej|lunch is now known as amoralej13:51
*** jamesmcarthur has joined #openstack-keystone13:55
*** dave-mccowan has joined #openstack-keystone13:56
*** jamesmcarthur has quit IRC13:59
lbragstad_tacco that means the user your making the call with doesn't have the necessary permissions keystone expects to manage groups14:03
*** lbragstad_ is now known as lbragstad14:03
lbragstadtacco you'll either need to use an admin user or adjust the privileges for your user to include the roles required to manage groups14:03
*** jamesmcarthur has joined #openstack-keystone14:03
taccoit is the initial admin user14:05
taccoand it has the access for system: all and also admin permissions for the created domain14:06
tacco1da.. is the initial admin user http://paste.openstack.org/show/787723/14:08
taccohttp://paste.openstack.org/show/787724/ with --name in addition14:09
*** bnemec has joined #openstack-keystone14:10
*** shyamb has quit IRC14:15
*** jrist has left #openstack-keystone14:44
*** david-lyle is now known as dklyle14:51
*** jawad_axd has quit IRC14:58
*** jawad_axd has joined #openstack-keystone15:02
*** jawad_ax_ has joined #openstack-keystone15:06
*** jawad_axd has quit IRC15:06
*** baffle has joined #openstack-keystone15:07
*** jawad_ax_ has quit IRC15:10
lbragstadtacco are you using a system-scoped token?15:19
lbragstadnot sure if you're using an rc file15:20
lbragstadbut if you are, you can set system-scope options that ensure you get a system-scoped tokne15:20
*** awalende_ has joined #openstack-keystone15:27
*** awalende has quit IRC15:31
*** awalende has joined #openstack-keystone15:31
*** awalende_ has quit IRC15:32
*** awalende_ has joined #openstack-keystone15:34
*** awalende has quit IRC15:36
*** awalende_ has quit IRC15:38
taccolbragstad: ive used both.. the pre created openrc from openstack-ansible in the utility container and as well i#ve tested with rc file downloaded by the admin user from horizon.15:39
lbragstadtacco those rc files likely won't have system scope variables15:40
taccook. what variable is to be set?15:40
lbragstadlet me see if i can find an example15:41
lbragstadyou'll want to set OS_SYSTEM_SCOPE=all instead of OS_PROJECT_NAME or OS_PROJECT_ID15:42
*** starborn has quit IRC15:42
taccook.15:43
taccowill try15:43
*** baffle has quit IRC15:46
*** jawad_axd has joined #openstack-keystone15:56
taccolbragstad: looks better.. so warnings aare gone now..16:01
*** jawad_axd has quit IRC16:01
taccobut i can't still see no groups in the openstack cli16:01
taccohttp://paste.openstack.org/show/787729/16:01
taccothis is what i have so far. Ldapsearch to proove that there is something behind my keystone configuration.16:01
taccofor users everything works fine..16:01
taccobut not for groups16:01
*** gyee has joined #openstack-keystone16:03
*** dancn has quit IRC16:07
*** jawad_axd has joined #openstack-keystone16:17
*** baffle has joined #openstack-keystone16:18
*** awalende has joined #openstack-keystone16:19
*** jawad_axd has quit IRC16:21
*** awalende has quit IRC16:24
*** jawad_axd has joined #openstack-keystone17:18
*** jawad_axd has quit IRC17:23
*** dklyle has quit IRC17:26
*** david-lyle has joined #openstack-keystone17:26
*** david-lyle has quit IRC17:26
*** david-lyle has joined #openstack-keystone17:26
*** awalende has joined #openstack-keystone17:28
*** awalende has quit IRC17:33
openstackgerritLance Bragstad proposed openstack/keystone master: Ensure bootstrap handles multiple roles with the same name  https://review.opendev.org/69974318:02
taccohm.. still not sure about the group stuff. "should work but didn't" if someone can have a look http://paste.openstack.org/show/92OtyhY1iswbdoONKYr1/18:19
*** openstackgerrit has quit IRC18:43
*** amoralej is now known as amoralej|off18:44
gagehugotacco: maybe the group filter? not sure18:45
taccoi've tested the group filter with ldapsearch18:48
taccoon line 4 at the end you can see the same filter18:50
taccotested the same thing for users.. so this should not be the point @ gagehugo18:50
taccoyes 100% sure that this looks good to me. just copy+paste the filter to find it appearence 3 times.. in the osa-config  in the keystone config and in the ldapsearch filter18:52
gyeetacco, typo? "goup_tree_dn"19:01
*** jamesmcarthur has quit IRC19:03
gagehugothat might also do it19:04
taccoyes.. could it be.. if this was the error i will hate myself for asking such stupid things. :D anyway.. thanks for pointing me there19:19
taccogyee: thanks a lot for making my day..19:22
taccothis "Was" indeed the problem.19:22
*** jamesmcarthur has joined #openstack-keystone19:26
*** davidboo has joined #openstack-keystone19:28
*** awalende has joined #openstack-keystone19:30
*** davidboo has quit IRC19:31
*** awalende has quit IRC19:34
*** jamesmcarthur has quit IRC19:38
*** openstackgerrit has joined #openstack-keystone19:58
openstackgerritLance Bragstad proposed openstack/keystone master: Ensure bootstrap handles multiple roles with the same name  https://review.opendev.org/69974319:58
*** david-lyle is now known as dklyle20:00
*** jamesmcarthur has joined #openstack-keystone20:09
*** ayoung has joined #openstack-keystone21:12
*** szaher has quit IRC21:15
*** raildo has quit IRC21:16
*** pcaruana has quit IRC21:54
*** gshippey_ has quit IRC22:03
*** jamesmcarthur has quit IRC22:04
*** tkajinam has joined #openstack-keystone23:05
*** rcernin has joined #openstack-keystone23:10
*** awalende has joined #openstack-keystone23:23
*** awalende has quit IRC23:28
« Tuesday, 2019-12-17 Index Thursday, 2019-12-19 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!