| *** jamielennox is now known as jamielennox|away | 00:54 | |
| *** jamielennox|away is now known as jamielennox | 00:59 | |
| *** larainema has quit IRC | 01:26 | |
| *** larainema has joined #openstack-shade | 01:27 | |
| openstackgerrit | Akira Yoshiyama proposed openstack/os-client-config master: Add allow_identity_admin to CloudConfig.get_session_endpoint() https://review.openstack.org/450500 | 01:47 |
|---|---|---|
| jamielennox | Shrews: sorry to miss this whilst you were actually here - it's _sometimes_ how it works | 03:45 |
| jamielennox | for almost every service in openstack if you do a list you see all the things in that project | 03:45 |
| jamielennox | except in neutron, if you are admin and you list you see all the things in all the projects | 03:46 |
| jamielennox | that seems to be why there is a project= filter there at all | 03:46 |
| jamielennox | so it's not a completely unreasonable change. for almost everyone using a non cloud-admin account they are getting that project specific behaviour | 03:46 |
| jamielennox | in which case defaulting the project filter to the current scope is redundant but harmless | 03:47 |
| jamielennox | however if you have an admin role and you list without that project it will do dumb things like try and modify networks in other projects - in which case setting project filter to current scope makes it behave like every other os_ module | 03:48 |
| jamielennox | so changing the behaviour would only affect people who had admin role on the project they authed to, and generally make things sane when there are networks with the same name in multiple projects | 03:49 |
| jamielennox | in which case we would ideally just remove the project= param altogether because now it just works like the other modules | 03:49 |
| openstackgerrit | Jamie Lennox proposed openstack/os-client-config master: Stop special-casing idenity catalog lookups https://review.openstack.org/450259 | 03:54 |
| *** jamielennox is now known as jamielennox|away | 04:09 | |
| *** gouthamr has quit IRC | 04:23 | |
| *** jamielennox|away is now known as jamielennox | 04:30 | |
| *** yfried has joined #openstack-shade | 04:53 | |
| *** yfried has quit IRC | 04:59 | |
| *** jamielennox is now known as jamielennox|away | 06:36 | |
| *** yfried has joined #openstack-shade | 06:58 | |
| *** jamielennox|away is now known as jamielennox | 07:21 | |
| *** rcarrillocruz has joined #openstack-shade | 08:01 | |
| *** ioggstream has joined #openstack-shade | 08:04 | |
| *** yfried has quit IRC | 08:06 | |
| *** yfried has joined #openstack-shade | 08:06 | |
| *** yfried has quit IRC | 08:45 | |
| *** yfried has joined #openstack-shade | 09:27 | |
| *** ioggstream has quit IRC | 09:37 | |
| *** ioggstream has joined #openstack-shade | 10:16 | |
| *** ioggstream has quit IRC | 10:24 | |
| *** ioggstream has joined #openstack-shade | 10:39 | |
| *** ioggstream has quit IRC | 11:19 | |
| *** openstackgerrit has quit IRC | 11:33 | |
| *** yfried has quit IRC | 12:01 | |
| mordred | jamielennox: yah - I believe that's the approach I was going for in other places | 12:16 |
| mordred | jamielennox: I've also been wanting a _general_ shade-wide approach for doing things in other projects - notmorgan started working on https://review.openstack.org/#/c/410453/ to make a dynamic project scope fixture for testing... | 12:17 |
| mordred | and we had chatted about adding a thing to shade once that's done to make it easy for admins to say something like with cloud.project_scope('some_project') as foo: foo.create_network() or something | 12:18 |
| mordred | but we havent' gotten very far on that yet (that's also maybe not the right interfae for that either) | 12:18 |
| *** openstackgerrit has joined #openstack-shade | 12:24 | |
| openstackgerrit | Monty Taylor proposed openstack/os-client-config master: Stop special-casing idenity catalog lookups https://review.openstack.org/450259 | 12:24 |
| *** gouthamr has joined #openstack-shade | 12:46 | |
| openstackgerrit | Monty Taylor proposed openstack-infra/shade master: Move futures to requirements https://review.openstack.org/450765 | 12:49 |
| openstackgerrit | Monty Taylor proposed openstack-infra/shade master: Move futures to requirements https://review.openstack.org/450765 | 12:52 |
| Shrews | jamielennox: ah, that makes more sense. that sounds like something that maybe we should fix then | 12:56 |
| mordred | jamielennox, Shrews: we should also figure out if we can fix it in shade and get that logic out of the ansible modules | 13:09 |
| Shrews | yeah, would be nice if we could do it in shade | 13:15 |
| openstackgerrit | Monty Taylor proposed openstack-infra/shade master: Do not install test-requirements for ansible test https://review.openstack.org/450803 | 14:05 |
| openstackgerrit | Merged openstack-infra/shade master: Move futures to requirements https://review.openstack.org/450765 | 14:25 |
| *** ioggstream has joined #openstack-shade | 15:22 | |
| openstackgerrit | Monty Taylor proposed openstack/os-client-config master: Remove out of date comment https://review.openstack.org/450871 | 15:59 |
| *** rcarrillocruz has quit IRC | 16:33 | |
| openstackgerrit | Merged openstack/os-client-config master: Stop special-casing idenity catalog lookups https://review.openstack.org/450259 | 17:21 |
| *** ioggstream has quit IRC | 17:34 | |
| thingee | mordred: yay shade independence coming! | 19:35 |
| openstackgerrit | Merged openstack/os-client-config master: Remove out of date comment https://review.openstack.org/450871 | 20:00 |
| *** gouthamr has quit IRC | 21:10 | |
| openstackgerrit | Monty Taylor proposed openstack-infra/shade master: Change metadata to align with team affiliation https://review.openstack.org/450981 | 21:12 |
| *** gouthamr has joined #openstack-shade | 22:01 | |
| jamielennox | Shrews, mordred: I'd be happy to do it in shade as well, i just figured it would be more of an api break there | 22:07 |
| jamielennox | mordred: is there a reason that shade doesn't support security groups or just never got around to it? | 22:08 |
| jamielennox | mordred: like adding and removing them for a host | 22:08 |
| clarkb | jamielennox: its not something we do since we open everything and then rely on local iptables. So likely just haven't had a need drive it yet | 22:09 |
| jamielennox | clarkb: my need is basically that ansible's os_server takes security_groups as a param when creating a server, but if that list changes then they are not updated | 22:11 |
| jamielennox | and from what i can see all this goes through shade and i shouldn't novaclient direct from os_server | 22:11 |
| jamielennox | would it be accepted if i wrote it? | 22:13 |
| Shrews | jamielennox: shade supports security groups | 22:14 |
| jamielennox | Shrews: i can create them, but i can't see a way to assign them to a server | 22:15 |
| Shrews | jamielennox: well, like you said, you can do it on create. but you want to update the security groups for an existing server? | 22:17 |
| jamielennox | Shrews: yep | 22:17 |
| Shrews | that's something we missed. that should definitely be in shade rather than os_server | 22:17 |
| Shrews | i guess update_server can't pass the right kwargs? | 22:18 |
| jamielennox | oh - i don't know, i looked at how OSC does it and there is a specific API so i was trying to match that | 22:19 |
| Shrews | hrm, seems that only takes the two. what's the novaclient call to update the server groups? | 22:19 |
| Shrews | if we already have that call in _tasks.py, then the thing that calls it should probably be the thing updated. if not, we could add a new shade api method, or maybe modify update_server() | 22:21 |
| jamielennox | so not from https://developer.openstack.org/api-ref/compute/?expanded=update-server-detail but you'd really have to get into the source i think | 22:21 |
| jamielennox | https://developer.openstack.org/api-ref/compute/?expanded=add-security-group-to-a-server-addsecuritygroup-action-detail#add-security-group-to-a-server-addsecuritygroup-action | 22:21 |
| jamielennox | and yea, it's exposed in novaclient in a fairly obvious way | 22:22 |
| jamielennox | https://github.com/openstack/python-novaclient/blob/master/novaclient/v2/servers.py#L1756 | 22:23 |
| jamielennox | interestingly it appears that add security group is the only API i've ever seen that _only_ takes a name, it doesn't look like you can pass a security group id even if you had it | 22:23 |
| jamielennox | which is fun | 22:24 |
| Shrews | so maybe a new add_server_security_group(), or put the smarts in update_server(). probably the former??? i haven't had dinner so i can't decide :) maybe mordred has a preference | 22:24 |
| Shrews | and i've already proven twice today that my brain is broken | 22:24 |
| jamielennox | i started to look at a add_security_groups_to_server | 22:25 |
| jamielennox | name based on add_ips_to_server | 22:25 |
| Shrews | cool. feel free to name it something more clever | 22:25 |
| jamielennox | but there doesn't seem to be a standard | 22:25 |
| Shrews | well, the add_router_interface() might be similar | 22:26 |
| * Shrews needs to away for food now | 22:26 | |
| jamielennox | Shrews: eat - thanks for the help | 22:27 |
| mordred | jamielennox, Shrews: I agree with the above - definitely should be an API call. If there is a sane way to also do it during update_server, cool- but it seems we might go nuts trying to do that :) | 22:33 |
| jamielennox | mordred: for shade, what things need to be a task and which just a call? | 22:34 |
| jamielennox | mordred: there are already calls like get_server and get_security_group that would need to be used a lot, but they don't seem to go via a task | 22:35 |
| jamielennox | it doesn't look like there is any sort of list call so we would have to fetch each of those things individually and so potentially make a number of calls | 22:36 |
| mordred | jamielennox: there should be no new tasks made - and also no new code using novaclient | 22:38 |
| jamielennox | mordred: damn, i thought i could slip in before the novaclient thing was finished | 22:38 |
| mordred | jamielennox: so - ideally just using self._compute_client - and there's no list call? (sigh) | 22:38 |
| mordred | jamielennox: I mean, you can - but using novaclient is honestly _harder_ because of unittests | 22:38 |
| jamielennox | mordred: so i'm pretty sure i would need to add a list/add/remove | 22:39 |
| mordred | jamielennox: but - if you decide to use novaclient - it needs to go into a task | 22:39 |
| jamielennox | mordred: do you have a patch up for novaclient -> ksa? | 22:39 |
| jamielennox | having not done any shade work i'm copying patterns in functions around it | 22:39 |
| mordred | jamielennox: get_server_console uses ksa - as does list_flavors I believe | 22:40 |
| jamielennox | ok, will have a look at those specifically | 22:40 |
| mordred | jamielennox: I've been avoiding converting novaclient because that one is going to be _painful_ | 22:40 |
| jamielennox | and using ksa means i don't have to write tasks | 22:40 |
| jamielennox | ? | 22:40 |
| mordred | jamielennox: correct. we have magical adapter wrapper that turns things into tasks for us | 22:41 |
| jamielennox | i remember talking, didn't know how far you got - nice | 22:41 |
| mordred | jamielennox: for list- isn't the list just getting a server and seeing what groups it ha on it? | 22:41 |
| jamielennox | yea - might be available on get server - not sure | 22:41 |
| mordred | jamielennox: we've actually managed to convert swift, glance, heat and magnum totally to ksa - and notmorgan is pretty far along converting keystoneclient - so we're not doing _terrible_ | 22:42 |
| jamielennox | i haven't figured out how to create a dev environ yet, just looking through it all | 22:42 |
| mordred | jamielennox: I frequently just open a repl and do "c = shade.openstack_cloud()" - then do poking at api calls with c._compute_client.get('/os-server-console') and whatnot | 22:43 |
| jamielennox | _compute_client gives you a novaclient or some wrapper around ksa? | 22:44 |
| mordred | ksa | 22:44 |
| jamielennox | meh - i can figure that out | 22:44 |
| mordred | self._compute_client is the adapter mounted on compute endpoint - self.nova_client is the novaclient Client | 22:45 |
| jamielennox | ok | 22:46 |
| jamielennox | is it reasonable for add_security_groups_to_server to take a list ? | 22:46 |
| jamielennox | and probably remove | 22:46 |
| mordred | seems fine to me | 22:47 |
| jamielennox | ok, not sure how much time i've got for this one but it shouldn't be too hard | 22:48 |
| jamielennox | famous last words | 22:48 |
| mordred | jamielennox: well - if it winds up being too much overhead for you or you run out of time, just let me know and I'll be happy to add it for you | 22:49 |
| jamielennox | mordred: if i don't have something up this week i'll pass it over | 22:49 |
| mordred | I'd love for you to be magically ramped up on shade internals - but also know you have more than one thing going on in your life :) | 22:49 |
| mordred | cool | 22:49 |
| jamielennox | mordred: well, if it's a wrapper around a ksa interface i generally know my way around | 22:50 |
| jamielennox | with requests-mock for testing as well | 22:50 |
| mordred | yup! it's more our custom wrappers in both places I could see you headdesking over and being like "wtf?" :) | 22:51 |
| jamielennox | heh, i won't look to closely | 22:51 |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!