Monday, 2023-10-16

« Saturday, 2023-10-14 Index Tuesday, 2023-10-17 »
noonedeadpunkadmin1: I assume that failed task has rescue path, doesn't it?05:51
jrossergood morning08:53
noonedeadpunko/09:46
noonedeadpunkdamiandabrowski: can you kindly check on that? https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89824709:57
damiandabrowskinoonedeadpunk: ofc, done10:09
andrewbonneynoonedeadpunk: have you seen '#tmp' (and similar) re-appear in the list of databases in mariadb post-upgrade?11:02
andrewbonneyIt's not causing us an obvious problem, but I spotted it after upgrading another galera cluster11:02
noonedeadpunkYeah... But I have no idea why11:03
noonedeadpunkI wasn't able to spend enough time checking on that11:03
noonedeadpunkAnd also I've seen other reports that it's not working as intended anymore11:03
andrewbonneyOk, glad it's not just me. I haven't spotted a matching MariaDB bug yet11:04
noonedeadpunkit felt like it's smth related to quotes....11:05
noonedeadpunkAs I think idea was to have `#tmp` but not `'#tmp'`11:05
noonedeadpunkand quotes were added so that ansible treat it properly... 11:06
opendevreviewMerged openstack/openstack-ansible-os_nova master: Stop generating ssh keypair for nova user  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89824712:05
opendevreviewMerged openstack/openstack-ansible stable/zed: Bump SHAs for Zed  https://review.opendev.org/c/openstack/openstack-ansible/+/89825212:30
opendevreviewMerged openstack/openstack-ansible stable/yoga: Bump SHAs for Yoga  https://review.opendev.org/c/openstack/openstack-ansible/+/89825012:40
NeilHanlonmorning, folks13:02
mgariepymorning NeilHanlon 13:02
jamesdentono/13:05
noonedeadpunko/13:24
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740313:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740314:39
spateljamesdenton hey! 14:58
spatelhave you seen this kind of issue? - https://paste.opendev.org/show/bWUBfDUsINieZyezBnsN/14:58
spatelI want to give permission to end user to create ports 14:59
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740315:15
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740315:32
jamesdentonspatel haven't tried anything like that in a while. Was neutron-server restarted? 15:42
jamesdentoncan't remember if policies are dynamic15:42
noonedeadpunkpolicies should be, yes15:50
noonedeadpunkexcept there's some error in a code somewhere15:51
spateljamesdenton noonedeadpunk there is only way to handle it with policy.yaml 16:00
spatelI have check policy file is inplace and service restarted16:00
spatelfeels like a bug16:01
spatelI am using RBAC policy with network to shared it between multiple project 16:01
noonedeadpunkOk, so I've found what's wrong with the horizon on debian12. And it's specifically this patch that would fix it: https://github.com/Kronuz/pyScss/commit/60414f5d573315a8458b5fbcdf69e5c648c44a9a16:33
noonedeadpunkIt's not tagged yet though16:35
admin1spatel, i also use networks with rbac, i think if you don't own the network, but is just shared with you, it will be denied for you to specify ports 16:58
spateladmin1 But that is a bug. It should allow to access network based rbac. 16:59
admin1its not a network you own, but just shared with you 17:00
spatelhttps://bugs.launchpad.net/neutron/+bug/1833455 17:00
spatelThere is a patch already there but somehow its not working for Zed release 17:00
spatelLook like it broke after rocky release.. 17:01
spatelsomething has been changed recently doesn't like this policy. 17:02
admin1my use case is diff and it works ..     its a cloud without an external network and all traffic for each tenant must pass via their own respective pfsense fw  17:04
admin1so in the dmz tenant, i create a network and as admin, can create .1 port , which is added as gateway , and then respective tenant can plug into the dmz with their dhcp assigned ip, but cannot take .1 as it does not allow them to create ports 17:05
admin1:) 17:05
admin1spatel, why not create an additonal role and attach that role also to the user17:07
admin1i don't think just adding or rule:shared would allow it to be created 17:07
spateladd what roles? adding user in neutron role? 17:08
spatelthat would be dangerous.. don't you think?17:09
admin1no .. just 1 specific role like port_master   for example 17:09
admin1i see yuo made the bug update .. maybe it will get a reply soon17:10
jrosserspatel: is this CLI or horizon?17:13
spatelboth 17:13
spateladmin1 I talked to neutron developer and he also think its bug and going to take a look 17:13
admin1basically like os add role   port_master, then in policy create_port:fixed_ips role:port_master and then  once applied,  openstack role add --user user project  port_master to also have this new role with required port ownership setting 17:13
spateladmin1 are you sure that will work? did you test it ?17:15
spateldo you have full syntax of create_port:fixed_ips role:port_master... blah..17:16
admin1"create_port:fixed_ips": "role:port_master or rule:admin_or_owner"   -- in policy.json ?? 17:17
admin1basically we are giving rights to a new role 17:17
admin1that we create from openstack add role  port_master 17:18
spatelokie! I can try if that is valid solution. I haven't heard of this before so very curious 17:18
admin1custom roles are one way to get out of the default ones .. instead of fighting with what is there17:21
admin1use case like this for example17:21
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-os_horizon master: Override pyScss version with a bugfixed one  https://review.opendev.org/c/openstack/openstack-ansible-os_horizon/+/89846318:00
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible master: Add CI jobs for debian bookworm  https://review.opendev.org/c/openstack/openstack-ansible/+/89456118:01
opendevreviewDmitriy Rabotyagov proposed openstack/openstack-ansible-galera_server master: Bump galera version to 10.11.5  https://review.opendev.org/c/openstack/openstack-ansible-galera_server/+/89474018:04
opendevreviewMerged openstack/openstack-ansible master: Remove common nova playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/89756818:10
opendevreviewMerged openstack/openstack-ansible master: Run nova db post setup from nova playbook  https://review.opendev.org/c/openstack/openstack-ansible/+/89757018:11
opendevreviewMerged openstack/openstack-ansible master: [doc] Add documentation on running as non-root  https://review.opendev.org/c/openstack/openstack-ansible/+/89799918:11
opendevreviewMerged openstack/openstack-ansible-os_zun master: Fix indent in example playbook  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/89825919:38
opendevreviewMerged openstack/openstack-ansible-os_zun master: Stop generating ssh keypair for zun and kuryr user  https://review.opendev.org/c/openstack/openstack-ansible-os_zun/+/89824819:45
opendevreviewMerged openstack/openstack-ansible-tests master: Bump ansible-core to 2.12.8  https://review.opendev.org/c/openstack/openstack-ansible-tests/+/89740320:37
opendevreviewMerged openstack/openstack-ansible master: [doc] Update releasing documentation  https://review.opendev.org/c/openstack/openstack-ansible/+/88537620:43
opendevreviewMerged openstack/openstack-ansible-os_nova master: Run nova_db_post_setup from playbook directly  https://review.opendev.org/c/openstack/openstack-ansible-os_nova/+/89757122:45
« Saturday, 2023-10-14 Index Tuesday, 2023-10-17 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!