Thursday, 2019-05-16

« Wednesday, 2019-05-15 Index Friday, 2019-05-17 »
openstackgerritMichał Piotrowski proposed openstack/monasca-thresh master: Create Docker image and build in Zuul  https://review.opendev.org/64929806:51
*** openstackgerrit has quit IRC07:03
*** openstackgerrit has joined #openstack-monasca07:03
openstackgerritMerged openstack/monasca-notification master: Blacklist bandit and update sphinx requirement  https://review.opendev.org/65911507:03
openstackgerritDobroslaw Zybort proposed openstack/monasca-notification master: Fix statsd enable option in docker env  https://review.opendev.org/65626107:05
*** pcaruana has joined #openstack-monasca07:13
*** witek has joined #openstack-monasca07:21
openstackgerritMerged openstack/monasca-notification master: Fix statsd enable option in docker env  https://review.opendev.org/65626108:52
openstackgerritMerged openstack/monasca-persister master: Add tests for influxdb/alarm_state_history_repository.py  https://review.opendev.org/65569908:55
openstackgerritMichał Piotrowski proposed openstack/monasca-agent master: Create Docker image from Monasca repos  https://review.opendev.org/65950809:39
openstackgerritMerged openstack/monasca-common master: Dropping the py35 testing  https://review.opendev.org/65241809:46
openstackgerritDobroslaw Zybort proposed openstack/monasca-notification master: Fix loading of notification plugins  https://review.opendev.org/65676209:54
openstackgerritDobroslaw Zybort proposed openstack/monasca-notification master: Fix app_repo in Docker with new git url  https://review.opendev.org/65876109:56
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change links to opendev and links usage  https://review.opendev.org/65907409:59
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change links to opendev and links usage  https://review.opendev.org/65907410:19
*** pcaruana has quit IRC10:27
openstackgerritMerged openstack/monasca-notification master: Fix loading of notification plugins  https://review.opendev.org/65676211:11
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change links to opendev and links usage  https://review.opendev.org/65907411:20
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change links to opendev and links usage  https://review.opendev.org/65907411:27
*** pcaruana has joined #openstack-monasca11:37
openstackgerritDobroslaw Zybort proposed openstack/monasca-persister master: Add tests for cassandra/alarm_state_history_repository.py  https://review.opendev.org/65370311:38
witekadriancz: Dobroslaw: sc: could we please merge these: https://review.opendev.org/#/q/status:open+topic:convert_readme12:01
witekwithout them creating releases on Pike and Queens is not possible12:01
witekwe'll need this one as well: https://review.opendev.org/65161112:02
adriancz@witek merged12:53
witekthanks, I hope CI won't get out of line12:55
openstackgerritMichał Piotrowski proposed openstack/monasca-ui master: Unit tests fail  https://review.opendev.org/65151212:58
openstackgerritMichał Piotrowski proposed openstack/monasca-ui master: Unit tests fail  https://review.opendev.org/65151213:09
mkarpiarzIf I add a role from the "read_only_authorized_roles" list to a regular user on a tenant which the monasca-agent writes metrics to13:36
mkarpiarz(i.e. the one specified by "project_name" in the collector's config)13:36
mkarpiarzthen this user can see metrics of other users, even in different tenants. This includes the admin user.13:38
mkarpiarzIs this expected behaviour?13:40
witekno, only own tenant should be allowed13:41
mkarpiarzThought so, as the situation I described pretty much breaks multitenancy. :/13:42
mkarpiarzThis is my setup: my admin user has "admin" role in its own admin tenant,13:44
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Python and Alpine  https://review.opendev.org/65956613:45
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change links usage  https://review.opendev.org/65907313:45
mkarpiarzthis regular user has "_member_" role in its own tenant (which is different than the admin's tenant)13:46
mkarpiarzNow, I'm "_member_" role and the read-only role to both users on the tenant monasca-agent writes metrics to13:48
mkarpiarzand when I run `monasca metric-list` as the regular user, I can see metrics of the admin user as well.13:49
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Alpine version  https://review.opendev.org/65956613:51
witekhow many agents do you have?13:51
mkarpiarzOnly one13:51
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Python version  https://review.opendev.org/65956713:51
witekwhere do you get the measurements in admin project from?13:52
mkarpiarzAccess logs suggest this regular user sends a call to `GET /v2.0/metrics` without specifying tenant_id.13:52
witektenant_id parameter is optional, project information should be extracted from the token13:53
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Alpine version  https://review.opendev.org/65956613:53
mkarpiarzSo to which project is the user token scoped then?13:55
mkarpiarzI'd say to the one they share and not to their "private" ones.13:56
*** pcaruana has quit IRC13:56
mkarpiarzMy admin user gets metrics from the same agent that gathers metrics for the regular user.13:57
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Alpine version  https://review.opendev.org/65956613:57
mkarpiarzIs this wrong? Do I need as many agents as I have users?13:58
witekonly libvirt and ovs plugins send measurements to multiple projects13:58
mkarpiarzYes, I'm using the libvirt plugin.13:59
mkarpiarzSo regular users shouldn't have access to metrics from this plugin at all then?14:00
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Upgrade Alpine version  https://review.opendev.org/65956614:00
witekOK, then you POST two sets of measurements, to admin project and user project14:00
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change links usage  https://review.opendev.org/65907314:01
witekwhen you GET measurements you have to authorize the request with project scoped token14:01
witekand you should get measurement only for that project14:01
mkarpiarzOK, yes, this does work as expected when I add this read-only role to this regular user's tenant14:09
mkarpiarzand then scope my token to this user's private tenant.14:09
mkarpiarzIn this situation I only get metrics from this tenant and not the admin one.14:10
witekcan you authorize the request with unscoped token?14:10
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change links usage in Dockerfile  https://review.opendev.org/65907314:12
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change repository links usage in Dockerfile  https://review.opendev.org/65907314:13
mkarpiarzYes, I can. Still only see this user's metrics.14:15
mkarpiarzSo what should I do to if I want to share Grafana dashboards with this user?14:17
witekdon't understand14:17
mkarpiarzIn this shared project (both my users are still _member_s in there) I have a datasource configured to use Keystone auth14:19
openstackgerritMichał Piotrowski proposed openstack/monasca-ui master: Fix failing unit tests  https://review.opendev.org/65151214:20
mkarpiarzand if I try to get metrics from the API, it returns a 40114:21
mkarpiarz"GET /v2.0/metrics/statistics?statistics=avg&name=vm.cpu.utilization_perc&start_time=2019-05-15T14%3A20%3A44.962Z&period=300&alias=%40resource_id&group_by=%2A&end_time=2019-05-16T14%3A20%3A44.962Z HTTP/1.1" 401 86 126088 "-" "monascaclient/1.14.0 keystoneauth1/3.13.1 python-requests/2.21.0 CPython/2.7.5"14:22
witekare you using forked Grafana?14:23
mkarpiarzI can check how this request scopes the token, but I suspect it uses this shared tenant, as this is the one I'm now in Grafana.14:23
mkarpiarz$ grafana-server -v14:25
mkarpiarzVersion 4.1.0-pre1 (commit: unknown-dev)14:25
witekthat's probably the forked one with Keystone auth14:25
witekthe user should scoped to the project selected in Grafana14:26
witekproject - organisation14:26
mkarpiarzThat's my understanding as well.14:27
mkarpiarzI'm currently in the shared project/org, because I can't share datasources and dashboards when in the "@Default" org.14:29
mkarpiarzNot sure why, but this is not something I can do it seems.14:30
mkarpiarzI have a datasource and dashboard set as admin@Default, but I can't see them when I log in as myuser@Default.14:31
mkarpiarzOne would think this should work, right, as both users are in the same domain.14:32
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change repository links usage in Dockerfile  https://review.opendev.org/65907314:32
witekI'm afraid I cannot help here, perhaps Dobroslaw can help on Monday14:33
mkarpiarzOK, I'm going to follow API calls more closely then and see where they lead me.14:37
mkarpiarzThanks for your time, @witek!14:37
witekyou're welcome14:37
*** pcaruana has joined #openstack-monasca14:37
openstackgerritArseni Lipinski proposed openstack/monasca-api master: Fix app_repo in Docker with new url  https://review.opendev.org/65875914:47
*** UdayTKumar has joined #openstack-monasca14:50
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change links to opendev and links usage  https://review.opendev.org/65907414:54
*** chaconpiza has quit IRC15:00
openstackgerritArseni Lipinski proposed openstack/monasca-api master: Change app_repo  https://review.opendev.org/65875915:10
openstackgerritArseni Lipinski proposed openstack/monasca-api master: Change links to opendev and their usage  https://review.opendev.org/65875915:14
openstackgerritWitold Bedyk proposed openstack/monasca-log-api master: Blacklist bandit 1.6.0  https://review.opendev.org/65959815:24
openstackgerritArseni Lipinski proposed openstack/monasca-log-api master: Change repository links usage in Dockerfile  https://review.opendev.org/65875715:32
*** witek has quit IRC15:35
*** pcaruana has quit IRC15:47
openstackgerritArseni Lipinski proposed openstack/monasca-agent master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875415:52
openstackgerritArseni Lipinski proposed openstack/monasca-notification master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65876115:59
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65907316:00
openstackgerritArseni Lipinski proposed openstack/monasca-log-api master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875716:00
openstackgerritArseni Lipinski proposed openstack/monasca-api master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875916:02
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65907416:02
*** witek has joined #openstack-monasca16:03
openstackgerritWitold Bedyk proposed openstack/monasca-log-api master: Blacklist bandit and update sphinx requirement  https://review.opendev.org/65959816:03
openstackgerritArseni Lipinski proposed openstack/monasca-api master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875916:04
openstackgerritArseni Lipinski proposed openstack/monasca-agent master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875416:05
openstackgerritArseni Lipinski proposed openstack/monasca-common master: Change repository links usage in Dockerfile  https://review.opendev.org/65907316:06
openstackgerritArseni Lipinski proposed openstack/monasca-log-api master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65875716:07
openstackgerritArseni Lipinski proposed openstack/monasca-notification master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65876116:07
openstackgerritArseni Lipinski proposed openstack/python-monascaclient master: Change repository links usage in Dockerfile and build image  https://review.opendev.org/65907416:09
openstackgerritWitold Bedyk proposed openstack/monasca-api master: Add support for using Falcon 2.0.0  https://review.opendev.org/65926416:21
*** witek has quit IRC16:30
-openstackstatus- NOTICE: Gerrit is being restarted to add gitweb links back to Gerrit. Sorry for the noise.17:36
*** pcaruana has joined #openstack-monasca17:39
*** trident has quit IRC18:51
*** trident has joined #openstack-monasca18:52
*** pcaruana has quit IRC19:52
*** trident has quit IRC20:59
*** trident has joined #openstack-monasca21:00
openstackgerritJoseph Davis proposed openstack/monasca-persister master: Fix a typo and add troubleshooting in tools README  https://review.opendev.org/65968122:40
openstackgerritJoseph Davis proposed openstack/monasca-persister master: Fix a typo and add troubleshooting in tools README  https://review.opendev.org/65968122:47
*** UdayTKumar has quit IRC22:48
« Wednesday, 2019-05-15 Index Friday, 2019-05-17 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!