TrilioVault Workload Manager Charm

contrail integration requires _member_ in trustee role

Bug #1928137 reported by Narinder Gupta
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
TrilioVault Workload Manager Charm
Fix Released
Critical
David Ames
TrilioVault Workload Manager Charm 21.06

Bug Description

While integrating trilio with contrail with experiment-s3 with rados we are getting the unauthorized issue while creating the workload. As per contrail we need _member_ in trustee role rather than Member.

This request is to exchange information and setup accordingly.
File should be /etc/workloadmgr/workloadmgr.conf

trustee_role = Member

Revision history for this message
David Ames (thedac) wrote :

Putting [0] up for discussion.

Liam had suggesting pushing the version of the member role down the identity-service relation (i.e. "member" or "Member). However, I don't *think* this is necessary.

Modern versions of the keystone charm use the lower case version by default. Even if an identity-service relation requests the upper case version it does not re-add or update as it does a lower to lower check for existence.

So I think this is an easy solution [0].

Are there any other considerations I am missing?

[0] https://review.opendev.org/c/openstack/charm-trilio-wlm/+/790820

Revision history for this message
David Ames (thedac) wrote :

@Narinder,

There seems to be some confusion on what is *required* Does the member role have underscores?

trustee_role = member

or

trustee_role = _member_

@Everyone, if it is "member" the PR should be sufficient. If it is _member_ we should have the trilio-wlm charm request a new role called "_member_" and set that in the workloadmgr.conf.

Revision history for this message
Narinder Gupta (narindergupta) wrote :

@david,
AS per pre-production deployment and recommendations, it is supposed to be

trustee_role = _member_

Revision history for this message
Billy Olsen (billy-olsen) wrote :

Having a conversation with Trilio, the trustee_role should be configurable as different environments have different needs for what the trustee_role should be. Propagating this from the keystone charm won't meet various needs that are there for for different environments (i.e. some clouds want strict control over the roles that are necessary for actions). The charm should choose a default (what it has now is fine) but allow operators to tweak this depending on the role needs from the user.

David Ames (thedac)
Changed in charm-trilio-wlm:
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → David Ames (thedac)
milestone: none → 21.04
OpenStack Infra (hudson-openstack)
Changed in charm-trilio-wlm:
status: Triaged → In Progress
Revision history for this message
David Ames (thedac) wrote :

While we wait for https://review.opendev.org/c/openstack/charm-trilio-wlm/+/790820 to land for testing purposes this name space version of the charm is available: cs:~thedac/trilio-wlm-0

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to charm-trilio-wlm (master)

Reviewed: https://review.opendev.org/c/openstack/charm-trilio-wlm/+/790820
Committed: https://opendev.org/openstack/charm-trilio-wlm/commit/b8946a42e1ed52cb20253fce66f15cd6c2b7de08
Submitter: "Zuul (22348)"
Branch: master

commit b8946a42e1ed52cb20253fce66f15cd6c2b7de08
Author: David Ames <email address hidden>
Date: Tue May 11 13:30:47 2021 -0700

    Make trustee role configurable

    Allow the charm to configure the trustee role and request the role be
    created by Keystone.

    Closes-Bug: #1928137
    Change-Id: Iddb50bcfb1d109fb4709b8e962d821a2fe4c608c

Changed in charm-trilio-wlm:
status: In Progress → Fix Committed
Billy Olsen (billy-olsen)
Changed in charm-trilio-wlm:
milestone: 21.04 → 21.06
Billy Olsen (billy-olsen)
Changed in charm-trilio-wlm:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.