*** mhen_ is now known as mhen | 01:18 | |
joelm21 | Here's a fun question. I've got a multiattach volume type that works great. However, because windows is trashy, it specifcially requires the disk_bus to be type:sata for it to be able to use Storage Spaces Direct for a proper clustered file system (Windows failover cluster). | 01:20 |
---|---|---|
joelm21 | I can get the boot image to have hw_disk_bus=sata instead of VirtIO, and that works a treat; however when I attach the second volume (openstack volume add multiattach-01 instance-01) it adds it to /dev/sdb but the operating system can't see it, because QEMU/virsh shows that it's attached as SCSI. | 01:20 |
joelm21 | I've tried a great number of things - but I can't seem to get a second volume to add with a different driver. I've set the image-metadata on the boot image, I've set the image-metadata on the multiattach volume, and I've set the property with both hw_disk_bus and hw:disk_bus just in case it's a namespace problem. | 01:22 |
joelm21 | Here's the excerpt from `virsh dumpxml` of the instance: https://paste.openstack.org/raw/bTIXllnNjqL6b6jH8ql3/ | 01:29 |
joelm21 | and here's the openstack show for the instance, and the volumes. https://paste.openstack.org/raw/beXTegaPVoBXKhpw8OkQ/ | 01:38 |
joelm21 | I tried a different tack, and specified both devices as SCSI - to get it working I also needed to specifyt the hw_scsi_model=virtio-scsi | 02:34 |
joelm21 | one step closer... | 02:34 |
Ninj4 | I am looking for a way to access secrets in OpenStack barbican. | 17:34 |
Ninj4 | From a VM. But without having to feed it application credentials or the likes. | 17:35 |
Ninj4 | Basically to have a VM spun up and then be able to fetch credentials by it's own. Much how like Iam instance roles works in AWS. Is such a thing even possible? | 17:36 |
dmendiza[m] | Ninj4: Barbican depends on Keystone for AuthN/AuthZ so you need some kind of Keystone credential to access a secret. | 17:38 |
dmendiza[m] | Ninj4 I suggest looking into Application Credentials: https://docs.openstack.org/api-ref/identity/v3/#application-credentials | 17:39 |
Ninj4 | But how do I get it into the VM without having to put it there either by supplying it with ansible _or_ baking it into an image. | 17:42 |
Ninj4 | basically - I just want to get a set of approle credentials so I can access our companys vault and do last mile config (which is basically filling in the remaining secrets). But I can't find a way of doing this without some sort of intervention (ie, uploading credentials to the instance) or do something insecure like putting it in metadata (which becomes cleartext readable). | 17:48 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!