| *** esberglu has joined #openstack-powervm | 00:04 | |
| *** esberglu has quit IRC | 00:08 | |
| *** svenkat has joined #openstack-powervm | 01:25 | |
| *** svenkat has quit IRC | 01:45 | |
| *** svenkat has joined #openstack-powervm | 02:31 | |
| *** svenkat has quit IRC | 03:21 | |
| *** YuYangWang has joined #openstack-powervm | 03:25 | |
| *** YuYangWang2 has joined #openstack-powervm | 03:33 | |
| *** esberglu has joined #openstack-powervm | 03:40 | |
| *** esberglu has quit IRC | 03:41 | |
| *** esberglu has joined #openstack-powervm | 03:41 | |
| *** esberglu has quit IRC | 03:41 | |
| *** esberglu has joined #openstack-powervm | 03:41 | |
| *** esberglu has quit IRC | 03:46 | |
| *** YuYangWang has quit IRC | 03:59 | |
| *** tjakobs has joined #openstack-powervm | 04:50 | |
| *** tjakobs has quit IRC | 05:00 | |
| *** YuYangWang2 has quit IRC | 05:58 | |
| *** tjakobs has joined #openstack-powervm | 06:50 | |
| *** tjakobs has quit IRC | 07:06 | |
| *** esberglu has joined #openstack-powervm | 07:18 | |
| *** esberglu has quit IRC | 07:19 | |
| *** esberglu has joined #openstack-powervm | 07:19 | |
| *** esberglu has quit IRC | 07:19 | |
| *** esberglu has joined #openstack-powervm | 07:20 | |
| *** esberglu has quit IRC | 07:25 | |
| *** AlexeyAbashkin has joined #openstack-powervm | 08:01 | |
| *** esberglu has joined #openstack-powervm | 10:01 | |
| *** esberglu has quit IRC | 10:05 | |
| *** esberglu has joined #openstack-powervm | 12:45 | |
| *** esberglu has quit IRC | 12:49 | |
| *** efried is now known as fried_rice | 12:55 | |
| *** svenkat has joined #openstack-powervm | 13:00 | |
| *** svenkat_ has joined #openstack-powervm | 13:06 | |
| *** svenkat has quit IRC | 13:07 | |
| *** svenkat_ is now known as svenkat | 13:07 | |
| *** edmondsw has joined #openstack-powervm | 13:17 | |
| *** tjakobs has joined #openstack-powervm | 14:21 | |
| *** esberglu has joined #openstack-powervm | 14:21 | |
| *** tjakobs has quit IRC | 14:53 | |
| *** apearson has joined #openstack-powervm | 15:24 | |
| *** tjakobs has joined #openstack-powervm | 15:43 | |
| *** AlexeyAbashkin has quit IRC | 16:05 | |
| *** catmando has joined #openstack-powervm | 16:08 | |
| catmando | hey all | 16:09 |
|---|---|---|
| fried_rice | Hi catmando | 16:32 |
| catmando | i'm seeing something i can't explain or fix | 16:34 |
| catmando | in simple terms, i am adding a user. i do this by adding the user to the host and the correct group | 16:34 |
| catmando | the user does not have a specific domain | 16:35 |
| catmando | i then make that user an admin using openstack role ... | 16:35 |
| catmando | the change shows up correctly in the powervc gui | 16:35 |
| catmando | however, that user does not seem able to perform ANY admin level functions (e.g. list_projects) even though policy.json is set to admin_required | 16:36 |
| fried_rice | Ah, a PowerVC thing. Let's see if edmondsw or mdrabe or svenkat can help you out ^^ | 16:36 |
| mdrabe | That'd be edmondsw wheelhouse | 16:39 |
| svenkat | can you post details on how you created the user, and how you added to group - which group? how you setup role etc…. | 16:40 |
| edmondsw | what version of PowerVC? | 16:41 |
| edmondsw | the domain is going to be "Default" | 16:42 |
| edmondsw | catmando ^ | 16:42 |
| catmando | so | 16:43 |
| catmando | PowerVC 1.3.3 | 16:43 |
| catmando | user added with useradd | 16:44 |
| catmando | then usermod -a -G powervc-filter | 16:44 |
| edmondsw | can you login to PowerVC with this user? | 16:44 |
| catmando | then role add --project ProjectName --user UserName admin | 16:44 |
| catmando | yes | 16:44 |
| catmando | it's only the api that fails | 16:44 |
| edmondsw | what project? | 16:45 |
| edmondsw | is it ibm-default or something else? | 16:45 |
| catmando | let me test | 16:45 |
| edmondsw | we've locked some things down to the ibm-default project | 16:45 |
| catmando | i can log in to any project the user has a role on | 16:46 |
| catmando | the root user, even if added to other projects as admin | 16:46 |
| catmando | cannot perform any admin functions | 16:46 |
| edmondsw | catmando we have restricted some things, and listing projects is one of them, to "cloud admins" | 16:47 |
| catmando | how do i create cloud admins? | 16:47 |
| edmondsw | where "cloud admin" is defined as having the admin role AND the scope is the ibm-default project | 16:47 |
| catmando | and why is this not documented? | 16:47 |
| edmondsw | it is | 16:47 |
| catmando | where? | 16:47 |
| edmondsw | looking... | 16:48 |
| catmando | apologies if this is basic stuff, but i'm an app developer who's just getting to know power | 16:48 |
| edmondsw | no worries | 16:48 |
| catmando | if i can get that documentation it would be a great help :) | 16:51 |
| edmondsw | catmando hmmm... maybe it's not documented, or at least I can't find it atm. Not as clear as I would like, anyway. | 16:51 |
| edmondsw | The closest I found is "To work with projects, an admin can log in to the ibm-default project and click Projects from the Configuration page." | 16:51 |
| catmando | hmmm, that's what i thought :). i'll add that to the docs bug list | 16:52 |
| catmando | there really is a need to know what an admin can and can't run | 16:52 |
| edmondsw | https://www.ibm.com/support/knowledgecenter/SSXK2N_1.3.3/com.ibm.powervc.standard.help.doc/powervc_projects_in_powervc_hmc.html | 16:52 |
| edmondsw | catmando I'll open a doc defect | 16:53 |
| edmondsw | should probably say something here: https://www.ibm.com/support/knowledgecenter/SSXK2N_1.3.3/com.ibm.powervc.standard.help.doc/powervc_supported_roles_hmc.html | 16:53 |
| edmondsw | that is the page that explains what each role can do, but it's silent on this atm | 16:54 |
| catmando | just a thought tho: admin: Users with this role can perform all tasks and have access to all resources. | 16:54 |
| catmando | i mean... | 16:54 |
| catmando | ok at least we know now | 16:54 |
| catmando | we've been fighting this for three days | 16:54 |
| catmando | :D | 16:54 |
| edmondsw | :( sorry | 16:54 |
| catmando | no worries | 16:55 |
| catmando | let's get the docs updated, i'll add the bug | 16:55 |
| catmando | and maybe think about making admin admin :) | 16:55 |
| edmondsw | next time you get an error complaining about a policy rule, you can find those rules in /opt/ibm/powervc/policy/... and see how they're set | 16:55 |
| catmando | thanks for the swift response | 16:56 |
| edmondsw | "making admin admin" ?? | 16:56 |
| catmando | when i see policy.json admin_required | 16:56 |
| catmando | and i have admin | 16:56 |
| edmondsw | I think you're looking at the wrong policy file | 16:56 |
| edmondsw | we don't use the ones in /etc | 16:56 |
| catmando | ah | 16:56 |
| catmando | well | 16:57 |
| edmondsw | if you look at the conf file, it points to the policy files in /opt/ibm/powervc/policy/... | 16:57 |
| * catmando slaps self | 16:57 | |
| edmondsw | yeah, that is confusing... predates me, and I've never liked it but never gotten around to changing it | 16:57 |
| catmando | you the man | 16:58 |
| catmando | the Blue Chip Team bows to you | 16:58 |
| edmondsw | lol just let me know if you have any more questions | 16:58 |
| *** svenkat has quit IRC | 17:00 | |
| *** fried_rice is now known as fried_rolls | 17:06 | |
| *** catmando has quit IRC | 17:49 | |
| *** esberglu has quit IRC | 18:03 | |
| *** svenkat has joined #openstack-powervm | 19:02 | |
| *** fried_rolls is now known as fried_rice | 19:17 | |
| *** AlexeyAbashkin has joined #openstack-powervm | 21:19 | |
| *** AlexeyAbashkin has quit IRC | 21:24 | |
| *** edmondsw has quit IRC | 22:19 | |
| *** edmondsw has joined #openstack-powervm | 22:19 | |
| *** edmondsw_ has joined #openstack-powervm | 22:23 | |
| *** edmondsw has quit IRC | 22:24 | |
| *** edmondsw_ has quit IRC | 22:27 | |
| *** tjakobs has quit IRC | 23:17 | |
| *** apearson has quit IRC | 23:23 | |
| *** edmondsw has joined #openstack-powervm | 23:44 | |
| *** edmondsw has quit IRC | 23:48 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!