*** gianpietro has joined #cloudkitty | 02:11 | |
*** gianpietro has quit IRC | 02:18 | |
*** Spads has quit IRC | 06:51 | |
*** pgithaiga has joined #cloudkitty | 08:38 | |
pgithaiga | Hello, does cloudkitty have multi-domain support? If so, how do you configure the cloudkitty api for to rate projects in multiple domains? | 08:39 |
---|---|---|
*** Spads has joined #cloudkitty | 08:57 | |
peschk_l | pgithaiga: Depends on your cloudkitty version and what you mean by multi-domain support | 09:09 |
pgithaiga | peschk_1: Thanks for the response. Currently using the queens release. By multi-domain, I mean to ask if cloudkitty can rate projects in other domains other than the default domain. | 09:11 |
pgithaiga | I part of public cloud effort where each new user gets their own domain | 09:11 |
peschk_l | If you want to rate tenants from distinct domains with a classical OpenStakc setup, no problem. But you't be able to get a per-domain rating, only per-tenant. Getting per-domain rating will be possible through the v2 API | 09:11 |
pgithaiga | Documentation is kind of sparse. Is there somewhere I can find all of this? Per-domain rating works for me for now | 09:12 |
pgithaiga | And how do I configure per-domain rating? Should I create cloudkitty user in each domain? | 09:13 |
pgithaiga | With rating role? | 09:13 |
peschk_l | pgithaiga: We know... Documentation is under refactoring. If you need per-domain rating, I'd recomment to use the gnocchi fetcher: https://github.com/openstack/cloudkitty/commit/2b695d8fa5e18f19d67b8fe8cb215c153581b16a | 09:13 |
peschk_l | This allows to do scope discovery, and the key is configurable. If you specify 'scope_attribute=domain_id' in the 'fetcher_gnocchi' section of the configuration, you'll be able to do per-domain grouping and rating | 09:16 |
pgithaiga | Yes. I am using gnocchi fetcher but cloudkitty-api keeps failing keystone auth step when it tries to query details of tenant's usage in another domain. Just to confirm, does giving the cloudkitty user admin permissions on the default domain the only requirement for cloudkitty authentication? | 09:16 |
pgithaiga | 'scope_attribute=domain_id'. Didn't know about this! Let me try that out! Thanks so much! | 09:16 |
peschk_l | pgithaiga: could you please paste your logs somewhere ? | 09:17 |
pgithaiga | peschk_l: Let me do that | 09:18 |
pgithaiga | I'll send logs link in a minute | 09:18 |
pgithaiga | https://pastebin.com/e9SvM9sH | 09:21 |
pgithaiga | It's keystone auth failing for one of the domains I'm trying to rate | 09:22 |
pgithaiga | My assumption is that the cloudkitty user is not able to authenticate in the user's domain. | 09:22 |
peschk_l | probably. Are you using the keystone fetcher with gnocchi collector ? | 09:24 |
peschk_l | I must leave shortly, I'll be back in about 10min | 09:25 |
pgithaiga | Yes. Here's my cloudkitty.conf. https://pastebin.com/cjJ6snmH. I understand you have to leave. Will await your response when you get time. Thanks for the help! | 09:26 |
pgithaiga | Actually, I meant doing per-tenant rating in distinct domains is good enough for me | 09:32 |
*** pgithaiga has quit IRC | 09:37 | |
*** pgithaiga has joined #cloudkitty | 09:45 | |
peschk_l | I'm back. OK, so you're using the keystone fetcher. What is basically does is listing all the tenants on which cloudkitty has the rating role. It is weird that you are getting these auth erros on the API side though, they should be raised by the processor | 09:46 |
peschk_l | what roles does the cloudkitty user currently have ? | 09:47 |
pgithaiga | admin and rating roles | 09:48 |
pgithaiga | in the default domain | 09:48 |
peschk_l | and what kind of requests are you doing against the API when the 401 occur ? | 09:52 |
pgithaiga | Requests where being made through horizon e.g. log shows following request "GET /v1/report/total?tenant_id=1f1cfec14b144b63b46d4b426cca7daf HTTP/1.1 | 09:56 |
pgithaiga | It returns a 503 | 09:58 |
*** pgithaiga has quit IRC | 10:31 | |
*** pgithaiga has joined #cloudkitty | 10:31 | |
*** pgithaiga_ has joined #cloudkitty | 11:10 | |
*** pgithaiga_ has quit IRC | 11:22 | |
*** pgithaiga_ has joined #cloudkitty | 11:43 | |
*** pgithaiga_ has quit IRC | 11:58 | |
pgithaiga | peschk_l: Hello, Now I am consistently getting the following: | 12:04 |
pgithaiga | 2018-11-30 11:54:31.629 3403 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: keystoneauth1.exceptions.http.Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-587750cf-ad27-486b-a114-8b9ed4e083ed) 2018-11-30 11:54:32.114 3403 WARNING keystonemiddleware.auth_to | 12:04 |
*** pgithaiga_ has joined #cloudkitty | 12:05 | |
*** pgithaiga_ has quit IRC | 12:52 | |
*** pgithaiga_ has joined #cloudkitty | 13:00 | |
*** pgithaiga_ has quit IRC | 13:23 | |
*** pgithaiga has quit IRC | 13:25 | |
*** gianpietro has joined #cloudkitty | 13:36 | |
*** gianpiet_ has joined #cloudkitty | 14:52 | |
*** gianpie__ has joined #cloudkitty | 14:53 | |
*** gianpiet_ has quit IRC | 14:54 | |
*** gianpietro has quit IRC | 14:55 | |
*** gianpie__ has quit IRC | 15:20 | |
*** lemko has joined #cloudkitty | 16:24 | |
peschk_l | hi everybody! Next IRC meeting is supposed to be on the 7/12 at 15h UTC, but I won't be available... Would it be okay for you if we have the meeting a bit sooner ? Like 9h UTC ont the 7/12? | 16:34 |
*** openstackgerrit has quit IRC | 17:51 | |
*** Spads has quit IRC | 18:33 | |
*** lemko has quit IRC | 18:49 | |
Linkid | hi | 21:14 |
Linkid | ok for me | 21:14 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!