Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
This option can not be used in show stack call. Regards, Wanghua On Fri, Aug 14, 2015 at 4:54 PM, 英哲 zengyz1...@live.cn wrote: Can this option be used for in show stack details call? Date: Fri, 14 Aug 2015 04:30:19 -0400 From: the...@redhat.com To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. That's not true. You just need to pass the appropriate option, global_tenant, in your list call. Regards, -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
We can get stacks by stack list call, but it does not provide info about stack parameters. If we need stack parameters, we have to use stack.get. Yeah that part is right. I believe we consider stack parameters somewhat private to the user, which may be the reason they are not easily accessible. What do you need them for? -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum needs a periodic task to synchronize stack status and parameters from heat to keep data consistency. Regards, Wanghua On Fri, Aug 14, 2015 at 5:02 PM, Thomas Herve the...@redhat.com wrote: We can get stacks by stack list call, but it does not provide info about stack parameters. If we need stack parameters, we have to use stack.get. Yeah that part is right. I believe we consider stack parameters somewhat private to the user, which may be the reason they are not easily accessible. What do you need them for? -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. That's not true. You just need to pass the appropriate option, global_tenant, in your list call. Regards, -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Excerpts from 王华's message of 2015-08-14 00:52:43 -0700: Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. I think it is necessary. Nova allows admin user to show instance in other tenants. Neutron allow admin user to show port in other tenants. Nova uses it to synchronize network info for instance from neutron. So can heat allow admin user to show stack in other tenants? This seems like a problem for trusts to solve. Why are you not using trusts to fetch the stack _as the user_? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
We can get stacks by stack list call, but it does not provide info about stack parameters. If we need stack parameters, we have to use stack.get. Regards, Wanghua On Fri, Aug 14, 2015 at 4:30 PM, Thomas Herve the...@redhat.com wrote: Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. That's not true. You just need to pass the appropriate option, global_tenant, in your list call. Regards, -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Can this option be used for in show stack details call? Date: Fri, 14 Aug 2015 04:30:19 -0400 From: the...@redhat.com To: openstack-dev@lists.openstack.org Subject: Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. That's not true. You just need to pass the appropriate option, global_tenant, in your list call. Regards, -- Thomas __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
On Fri, Aug 14, 2015 at 05:34:59PM +0800, 王华 wrote: Hi Clint Byrum, Trusts can solve this problem, but it may cause performance problem. When we want to get a stack, we need to get the trust_id from db first, andA authenticate with the trust_id, then we can get the stack. A I'm not sure you actually need trusts, you just need a token scoped to the appropriate project, so if your admin user has sufficient roles in all the projects, you can iterate over the projects and get a token per-project, such that the scope of the project_id matches the tenant/project in the request to heat. I appreciate this isn't much more efficient than the impersonation approach, but it does reduce the complexity a bit. Steve __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Hi Clint Byrum, Trusts can solve this problem, but it may cause performance problem. When we want to get a stack, we need to get the trust_id from db first, and authenticate with the trust_id, then we can get the stack. On Fri, Aug 14, 2015 at 5:13 PM, Clint Byrum cl...@fewbar.com wrote: Excerpts from 王华's message of 2015-08-14 00:52:43 -0700: Hi all, Magnum creates a stack when a bay is created and update the stack parameters when the bay is updated. Magnum has a periodic task to synchronize stack status from heat. And now we want to synchronize stack parameters from heat, too. But heat don't allow admin user to show stack in other tenants, so we can not get stack parameters. I think it is necessary. Nova allows admin user to show instance in other tenants. Neutron allow admin user to show port in other tenants. Nova uses it to synchronize network info for instance from neutron. So can heat allow admin user to show stack in other tenants? This seems like a problem for trusts to solve. Why are you not using trusts to fetch the stack _as the user_? __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [openstack][magnum][heat]problems for synchronizing stack parameters from heat
Excerpts from 王华's message of 2015-08-14 02:34:59 -0700: Hi Clint Byrum, Trusts can solve this problem, but it may cause performance problem. When we want to get a stack, we need to get the trust_id from db first, and authenticate with the trust_id, then we can get the stack. Indeed, however the answer to this is to subscribe to notifications and get Heat to publish the things you need so you don't have to fetch the stack so often. I believe there's some desire to have Heat push the things that tools like Magnum would want into Zaqar. That would likely be the best way to deal with this (assuming consuming messages from Zaqar ends up being more scalable than querying your DB + keystone. ;) Going around the authentication controls by giving Magnum 100% admin over all things is just going to turn into a mess over time. Other users of Heat will need to do things like this, and won't have the luxury of being operator-owned. __ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev