Tuesday, 2017-10-17

« Monday, 2017-10-16 Index Wednesday, 2017-10-18 »
*** catintheroof has quit IRC00:00
*** catintheroof has joined #openstack-glance00:00
*** catintheroof has quit IRC00:04
*** markvoelker_ has quit IRC00:17
*** markvoelker has joined #openstack-glance00:25
*** markvoelker has quit IRC00:29
*** markvoelker has joined #openstack-glance00:34
*** markvoelker has quit IRC00:39
*** markvoelker has joined #openstack-glance00:43
*** markvoelker has quit IRC00:48
*** AlexeyAbashkin has joined #openstack-glance00:48
*** AlexeyAbashkin has quit IRC00:52
*** markvoelker has joined #openstack-glance00:52
*** markvoelker has quit IRC00:57
*** markvoelker has joined #openstack-glance01:01
*** markvoelker has quit IRC01:06
*** markvoelker has joined #openstack-glance01:11
*** dalgaaf has quit IRC01:14
*** markvoelker has quit IRC01:15
*** catintheroof has joined #openstack-glance01:19
*** markvoelker has joined #openstack-glance01:20
*** catintheroof has quit IRC01:21
*** AlexeyAbashkin has joined #openstack-glance01:28
*** AlexeyAbashkin has quit IRC01:32
*** bjolo has joined #openstack-glance01:41
*** links has joined #openstack-glance01:44
*** links is now known as Jaison|away01:45
*** chlong has joined #openstack-glance01:50
*** markvoelker has quit IRC01:53
*** markvoelker has joined #openstack-glance01:59
*** markvoelker has quit IRC02:03
*** masber has quit IRC02:07
*** markvoelker has joined #openstack-glance02:08
*** markvoelker has quit IRC02:12
*** bkopilov_ has quit IRC02:12
*** bkopilov has quit IRC02:13
*** markvoelker has joined #openstack-glance02:17
*** trungnv has quit IRC02:18
*** markvoelker has quit IRC02:21
*** markvoelker has joined #openstack-glance02:26
*** AlexeyAbashkin has joined #openstack-glance02:27
*** markvoelker has quit IRC02:30
*** AlexeyAbashkin has quit IRC02:31
*** markvoelker has joined #openstack-glance02:35
*** tonyb has quit IRC02:36
*** dalgaaf has joined #openstack-glance02:37
*** tonyb has joined #openstack-glance02:37
*** markvoelker has quit IRC02:40
*** markvoelker has joined #openstack-glance02:44
*** lbragstad has joined #openstack-glance02:45
*** masber has joined #openstack-glance02:49
*** markvoelker has quit IRC02:49
*** markvoelker has joined #openstack-glance02:53
*** udesale has joined #openstack-glance03:08
*** trungnv has joined #openstack-glance03:17
*** Jaison|away is now known as links03:23
*** rosmaita has quit IRC03:26
*** AlexeyAbashkin has joined #openstack-glance03:26
*** markvoelker has quit IRC03:27
*** AlexeyAbashkin has quit IRC03:31
*** bkopilov has joined #openstack-glance03:39
*** bkopilov_ has joined #openstack-glance03:40
*** nicolasbock has quit IRC03:41
*** mtreinish has quit IRC03:42
*** mtreinish has joined #openstack-glance03:42
*** masber has quit IRC03:46
*** udesale has quit IRC03:47
*** udesale has joined #openstack-glance03:50
*** udesale has quit IRC03:52
*** udesale has joined #openstack-glance03:52
*** abhishekk has joined #openstack-glance03:55
*** lbragstad has quit IRC03:58
*** trungnv has quit IRC04:10
*** markvoelker has joined #openstack-glance04:17
*** markvoelker has quit IRC04:22
*** AlexeyAbashkin has joined #openstack-glance04:26
*** markvoelker has joined #openstack-glance04:27
*** AlexeyAbashkin has quit IRC04:31
*** markvoelker has quit IRC04:33
*** markvoelker has joined #openstack-glance04:34
*** markvoelker has quit IRC05:54
*** tshefi has joined #openstack-glance05:55
*** e0ne has joined #openstack-glance06:07
*** gabor_antal has quit IRC06:17
*** gcb has joined #openstack-glance06:18
*** masber has joined #openstack-glance06:21
*** aavraham has joined #openstack-glance06:27
*** pcaruana has joined #openstack-glance06:44
*** e0ne has quit IRC06:45
*** markvoelker has joined #openstack-glance06:50
*** openstackgerrit has joined #openstack-glance06:54
openstackgerritNam Nguyen Hoai proposed openstack/python-glanceclient master: Use generic user for both zuul v2 and v3  https://review.openstack.org/51250406:54
*** gabor_antal has joined #openstack-glance06:57
*** namnh has joined #openstack-glance07:01
*** bkopilov_ has quit IRC07:02
*** tesseract has joined #openstack-glance07:16
openstackgerritNam Nguyen Hoai proposed openstack/python-glanceclient master: Use generic user for both zuul v2 and v3  https://review.openstack.org/51250407:25
*** AlexeyAbashkin has joined #openstack-glance07:34
*** trungnv has joined #openstack-glance07:43
*** tshefi has quit IRC08:48
*** markvoelker has quit IRC09:03
*** markvoelker has joined #openstack-glance09:04
*** e0ne has joined #openstack-glance09:13
*** udesale__ has joined #openstack-glance09:19
*** udesale has quit IRC09:19
*** udesale__ has quit IRC09:22
*** udesale has joined #openstack-glance09:22
*** tshefi has joined #openstack-glance10:00
*** trungnv has quit IRC10:05
*** kuzko has quit IRC10:06
*** kuzko has joined #openstack-glance10:14
*** mvk has quit IRC10:19
*** tshefi_ has joined #openstack-glance10:30
*** tshefi has quit IRC10:30
*** openstackgerrit has quit IRC10:33
*** namnh has quit IRC10:36
*** tesseract has quit IRC10:43
*** tesseract has joined #openstack-glance10:43
*** bkopilov has quit IRC10:46
*** mvk has joined #openstack-glance10:50
*** nicolasbock has joined #openstack-glance11:02
*** mosulica has joined #openstack-glance11:21
*** nicolasbock has quit IRC11:23
*** nicolasbock has joined #openstack-glance11:35
*** udesale has quit IRC11:38
*** rosmaita has joined #openstack-glance11:39
*** udesale has joined #openstack-glance11:44
*** chlong has quit IRC12:01
*** udesale has quit IRC12:01
*** bkopilov has joined #openstack-glance12:20
*** abhishekk has quit IRC12:30
*** gabor_antal_ has joined #openstack-glance12:37
*** gabor_antal has quit IRC12:38
*** lbragstad has joined #openstack-glance13:22
*** chlong has joined #openstack-glance13:42
*** gcb has quit IRC13:45
*** gcb has joined #openstack-glance13:47
*** catintheroof has joined #openstack-glance13:53
*** e0ne_ has joined #openstack-glance14:04
*** e0ne has quit IRC14:04
*** catintheroof has quit IRC14:11
*** Nil_ has joined #openstack-glance14:12
*** aavraham has left #openstack-glance14:22
*** chlong has quit IRC14:34
*** links has quit IRC14:41
*** chlong has joined #openstack-glance14:48
*** catintheroof has joined #openstack-glance14:51
*** catintheroof has quit IRC15:03
*** markvoelker has quit IRC15:17
*** markvoelker has joined #openstack-glance15:18
*** markvoelker has quit IRC15:22
*** mosulica has quit IRC15:25
*** AlexeyAbashkin has quit IRC15:30
*** AlexeyAbashkin has joined #openstack-glance15:30
*** tshefi_ has quit IRC15:30
*** AlexeyAbashkin has quit IRC15:41
*** e0ne_ has quit IRC15:46
*** pcaruana has quit IRC16:01
*** mvk has quit IRC16:38
*** tesseract has quit IRC17:02
*** abhishekk has joined #openstack-glance17:16
*** AlexeyAbashkin has joined #openstack-glance17:22
*** AlexeyAbashkin has quit IRC17:24
*** mvk has joined #openstack-glance17:26
*** mvk has quit IRC17:48
*** mvk has joined #openstack-glance17:49
*** gabor_antal_km has joined #openstack-glance17:53
*** gabor_antal_ has quit IRC17:53
*** abhishekk has quit IRC18:00
*** MVenesio has joined #openstack-glance18:11
*** openstackgerrit has joined #openstack-glance18:33
openstackgerritCyril Roelandt proposed openstack/glance master: Make ImageTarget behave like a dictionary  https://review.openstack.org/51202018:33
*** markvoelker has joined #openstack-glance19:26
*** AlexeyAbashkin has joined #openstack-glance19:40
*** AlexeyAbashkin has quit IRC19:44
*** catintheroof has joined #openstack-glance19:49
*** e0ne has joined #openstack-glance19:52
*** twouters has joined #openstack-glance19:52
twoutershi, I get the following error when I try to add a new (url based) image through horizon: 403 Forbidden You are not authorized to complete get_image_location action. (HTTP 403)20:01
twoutersI've changed the "get_image_location" policy to "tenant:%(owner)s or role:admin"20:03
twoutersthe user that I'm testing this with is not an admin user20:04
twouters(I'm running ocata)20:05
*** e0ne has quit IRC20:13
*** e0ne has joined #openstack-glance20:13
*** markvoelker_ has joined #openstack-glance20:15
*** chlong has quit IRC20:16
*** markvoelker has quit IRC20:18
*** e0ne has quit IRC20:19
*** AlexeyAbashkin has joined #openstack-glance20:22
openstackgerritMarco Chiappero proposed openstack/glance master: Add libvirt image metadef for hw_power_governor  https://review.openstack.org/51281720:24
rosmaitatwouters: you don't need that particular policy setting -- the only people who can get an image's location with the unrestricted policy are the owner and the admin20:26
*** AlexeyAbashkin has quit IRC20:27
twoutersare you sure? the default policy is set to "role:admin", right?20:27
rosmaitatwouters: here's the default ocata policy file if you want to check: http://git.openstack.org/cgit/openstack/glance/tree/etc/policy.json?h=stable/ocata20:29
twoutersoh, `"default": "role:admin",` doesn't mean "everything without specific rules are restricted to admins"? :-)20:30
twoutersthe default policy seems to work fine, thanks20:31
rosmaitatwouters: the 'default' target is used if the policy engine is looking for a target and can't find it.  So if you completely left get_image_location out of the file entirely, then the 'default' target would be used, effectively making get_image_location restricted to admin only20:33
rosmaitatwouters: in the policy language, an empty string means "anybody".  You can also use '@' to mean anybody, maybe we should've done that to make it more explicit20:34
rosmaitabecause the policy configuration is fairly confusing20:34
twoutersyeah, is there some documentation available on that? i don't think this was explained in the glace docs20:35
*** catintheroof has quit IRC20:35
*** catintheroof has joined #openstack-glance20:36
twoutersthanks for the information, it all makes sense now :p20:36
*** catintheroof has quit IRC20:36
twoutersrosmaita: shouldn't the *_image_location rules be more restricted by default? (https://wiki.openstack.org/wiki/OSSN/OSSN-0065)20:38
twoutersrestrictive20:38
rosmaitatwouters: the key thing there is this sentence: "The configuration option 'show_multiple_locations'. If this is set to False, this attack vector is not available."  so if you have show_multiple_locations = False (or are using its default value, which is False) you don't need to mess with the individual *_image_location settings20:43
twoutersI've set it to True because I couldn't create images with a url source without it20:45
rosmaitatwouters: sorry i missed your earlier question ... i think the best docs on configuring a policy file are in the source code: http://git.openstack.org/cgit/openstack/oslo.policy/tree/oslo_policy/policy.py?h=stable/ocata20:48
rosmaitalines 18-221 explain how it's supposed to work20:49
twoutersoh, cool, thanks20:49
twoutersI'll have a look at it tomorrow, this will help a lot20:50
rosmaitayou have to be careful configuring the *_image_location values20:50
rosmaitabecause glance needs to be able to set the image location when you upload the image data20:51
rosmaitano matter what backend you are using20:51
rosmaitaanyway, i should be around tomorrow afternoon20:52
*** sapd__ has joined #openstack-glance20:53
*** sapd_ has quit IRC20:53
*** MVenesio has quit IRC20:57
openstackgerritMarco Chiappero proposed openstack/glance master: Add libvirt image metadef for hw_power_governor  https://review.openstack.org/51281720:58
*** chlong has joined #openstack-glance21:18
*** lbragstad has quit IRC22:36
*** catintheroof has joined #openstack-glance22:43
*** lin_yang has joined #openstack-glance22:56
*** catintheroof has quit IRC23:17
*** stewie_925 has joined #openstack-glance23:31
stewie_925hello guys, is there a valid min-ram range for images?23:32
« Monday, 2017-10-16 Index Wednesday, 2017-10-18 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!