Monday, 2025-06-02

*** mhen_ is now known as mhen01:18
joelm21Here's a fun question. I've got a multiattach volume type that works great. However, because windows is trashy, it specifcially requires the disk_bus to be type:sata for it to be able to use Storage Spaces Direct for a proper clustered file system (Windows failover cluster). 01:20
joelm21I can get the boot image to have hw_disk_bus=sata instead of VirtIO, and that works a treat; however when I attach the second volume (openstack volume add multiattach-01 instance-01) it adds it to /dev/sdb but the operating system can't see it, because QEMU/virsh shows that it's attached as SCSI.01:20
joelm21I've tried a great number of things - but I can't seem to get a second volume to add with a different driver. I've set the image-metadata on the boot image, I've set the image-metadata on the multiattach volume, and I've set the property with both hw_disk_bus and hw:disk_bus just in case it's a namespace problem.01:22
joelm21Here's the excerpt from `virsh dumpxml` of the instance: https://paste.openstack.org/raw/bTIXllnNjqL6b6jH8ql3/01:29
joelm21and here's the openstack show for the instance, and the volumes. https://paste.openstack.org/raw/beXTegaPVoBXKhpw8OkQ/01:38
joelm21I tried a different tack, and specified both devices as SCSI - to get it working I also needed to specifyt the hw_scsi_model=virtio-scsi02:34
joelm21one step closer...02:34
Ninj4I am looking for a way to access secrets in OpenStack barbican.17:34
Ninj4From a VM. But without having to feed it application credentials or the likes. 17:35
Ninj4Basically to have a VM spun up and then be able to fetch credentials by it's own. Much how like Iam instance roles works in AWS. Is such a thing even possible?17:36
dmendiza[m]Ninj4: Barbican depends on Keystone for AuthN/AuthZ so you need some kind of Keystone credential to access a secret. 17:38
dmendiza[m]Ninj4 I suggest looking into Application Credentials: https://docs.openstack.org/api-ref/identity/v3/#application-credentials17:39
Ninj4But how do I get it into the VM without having to put it there either by supplying it with ansible _or_ baking it into an image.17:42
Ninj4basically - I just want to get a set of approle credentials so I can access our companys vault and do last mile config (which is basically filling in the remaining secrets). But I can't find a way of doing this without some sort of intervention (ie, uploading credentials to the instance) or do something insecure like putting it in metadata (which becomes cleartext readable).17:48

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!