Tuesday, 2022-06-07

MichielPiscaer[m]Hi I'm currently at the openstack summit. Where can I find a pdf of the Schedule? So that I can read on my remarkable.07:15
*** rlandy is now known as rlandy|rover11:36
code_bleuHello o/~12:31
code_bleuI've been struggling to find the right path to get policy.yaml file to work.  I have the config in nova.conf setup with policy_dirs and policy_file...I used the oslopolicy-sample-generator  --namespace nova to create the policy.yaml file.  For testing, I'm trying to get a non-admin user be able to do an 'openstack host list', but nothing is working12:31
jcmdlncode_bleu: Looking at https://docs.openstack.org/oslo.policy/latest/admin/policy-yaml-file.html, the correct path should be `/etc/nova/policy.yaml`. In these types of situations it may be helpful to review how openstack-ansible and kolla-ansible setup policy files such as https://docs.openstack.org/kolla-ansible/latest/admin/advanced-configuration.html#openstack-policy-customisation14:18
*** rlandy|rover is now known as rlandy14:35
code_bleujcmdln: thanks.  I will def look at the links you provided.  I was able to mess around and set a local variable DEFAULT_POLICY_FILE and then restart services ( currently testing in devstack )  This worked, and now I'm just working through finding the correct settings for permissions I want to setup.  In prod is is using kolla, so that second link you sent, I think will be helpful..thanks!14:49
*** damian___6 is now known as damian___18:49
*** luksky_w8 is now known as luksky_w18:49
*** LarsErik1 is now known as LarsErikP18:49
mloza1hello, I'm wondering if it is possible to setup a service that would provide some public ssh key for each VM, whenever it is started. I know you can provide meta-data yourself, but I'm looking into having signed keys. So the signing process has to be secured and cannot be done by the owner of tenant. AWS has something similar, where they provide ssh-keys that are signed by your CA.19:21
code_bleuI'm trying to setup an application credential that only has "read-only", but when i create the application credential with --role "reader" and test it out, I get 403.  I have made sure that I'm in a group that has both _member_ and reader roles assigned to it.  It's weird, it creates the app cred no problem, but is not working, Any advice would be appreciated.21:21
code_bleuspecifically I'm trying to setup an app and use the env variables for that app as the authentication  for ansible to be able to get inventory listing.  So that is why I only need read-only for the app cred.  It's just when I run the 'ansible-inventory' command using the openstack provider and the local envs with the app creds secret and key...I get a 403.21:23
code_bleuI do see this in the ansible logs...so maybe 'reader' role is not enough for this?  "Couldn't list Openstack hosts." HttpException 40321:25
*** rlandy is now known as rlandy|bbl22:08

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!