)]}'
{"sysinv/sysinv/sysinv/sysinv/common/constants.py":[{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"ebf919a88f89aef26be68d7b018f89fc9ecc2f20","unresolved":false,"context_lines":[{"line_number":378,"context_line":"OS_INTERFACE_ADMIN \u003d \u0027admin\u0027"},{"line_number":379,"context_line":""},{"line_number":380,"context_line":"# Openstack App admin account for flock service"},{"line_number":381,"context_line":"OPENSTACK_APP_INTERFACE_ADMIN \u003d \u0027stx_admin\u0027"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":"# Default region one name"},{"line_number":384,"context_line":"REGION_ONE_NAME \u003d \u0027RegionOne\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"9f560f44_f56ad47e","line":381,"range":{"start_line":381,"start_character":0,"end_line":381,"end_character":43},"updated":"2020-10-05 17:36:56.000000000","message":"It looks like this is only used in a single file. If so, please define it there.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28415,"name":"Lin Shuicheng","email":"shuicheng.lin@intel.com","username":"slin14"},"change_message_id":"144e1f7cd011981935a74975c8c6169bc3b2bd1c","unresolved":false,"context_lines":[{"line_number":378,"context_line":"OS_INTERFACE_ADMIN \u003d \u0027admin\u0027"},{"line_number":379,"context_line":""},{"line_number":380,"context_line":"# Openstack App admin account for flock service"},{"line_number":381,"context_line":"OPENSTACK_APP_INTERFACE_ADMIN \u003d \u0027stx_admin\u0027"},{"line_number":382,"context_line":""},{"line_number":383,"context_line":"# Default region one name"},{"line_number":384,"context_line":"REGION_ONE_NAME \u003d \u0027RegionOne\u0027"}],"source_content_type":"text/x-python","patch_set":4,"id":"9f560f44_b735c4dd","line":381,"range":{"start_line":381,"start_character":0,"end_line":381,"end_character":43},"in_reply_to":"9f560f44_f56ad47e","updated":"2020-10-09 01:23:04.000000000","message":"Done","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"}],"sysinv/sysinv/sysinv/sysinv/conductor/manager.py":[{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"eb222ca554b24feb54d7c88c95611e61743b1ad2","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":2,"id":"9f560f44_d1e2df2f","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"updated":"2020-09-24 13:19:32.000000000","message":"How will upgrades be handled? Need to consider both the upgrade of the starlingx platform (which would not change the version of the stx-openstack application) and then an upgrade of the stx-openstack application (which would I assume be done after upgrading the starlingx platform).","commit_id":"9efd79757b4fb2226a9d0fb67620349122ee8637"},{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"ebf919a88f89aef26be68d7b018f89fc9ecc2f20","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"9f560f44_75cec42d","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"updated":"2020-10-05 17:36:56.000000000","message":"Bob or Angie should comment, but shouldn\u0027t the creation of the new stx_admin account be handled as part of the stx-openstack application?","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28435,"name":"Angie Wang","email":"angie.wang@windriver.com","username":"angiewang"},"change_message_id":"746cab0edebbe5b9367d1fb01f8302a3289840aa","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f621f24_d9ec2ff5","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"1f621f24_394e036f","updated":"2020-11-25 04:57:25.000000000","message":"To clarify,\n1. stx_admin account creation in keyring can be done in openstack helm plugin.\n2. keystone stx_admin account creation can be done in keystone chart via bootstrap overrides.\n3. keystone stx_admin account update (keystone.users.update(user, password\u003dpassword))","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28435,"name":"Angie Wang","email":"angie.wang@windriver.com","username":"angiewang"},"change_message_id":"ef5937fe7f32760f98369c3c4f00483ee768553e","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"00cab530_e00acc4d","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"1f621f24_d9ec2ff5","updated":"2020-11-25 05:00:28.000000000","message":"Please ignore this comment! I forget to remove the draft. 😭","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28415,"name":"Lin Shuicheng","email":"shuicheng.lin@intel.com","username":"slin14"},"change_message_id":"04634d1414395acd01bf49b0cc604651c3113b3a","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"3f65232a_bdf97181","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"3f65232a_81fa843f","updated":"2020-10-28 01:07:59.000000000","message":"Hi all, please help provide more info on how \"helm plugins in the stx-openstack app are already creating passwords and storing in keyring\"? Thanks.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28435,"name":"Angie Wang","email":"angie.wang@windriver.com","username":"angiewang"},"change_message_id":"37b93cf64d7723cbec45f99db835b191368dc985","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"3f65232a_2809a194","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"3f65232a_bdf97181","updated":"2020-10-28 03:01:22.000000000","message":"Hi Shuicheng, you have to build stx-heat image with keyring installed and push it to a private registry for testing. \nIn stx/upstream/openstack/python-heat/openstack-heat/centos/stx-heat.stable_docker_image, include keyring in PIP_PACKAGES and follow the instruction to build image https://docs.starlingx.io/developer_resources/build_docker_image.html\n\nTo mount host keyring storage to bootstrap pod, you can need to override the \"volumeMounts\" and \"volumes\" in job-bootstrap.yaml\n\npod:\n  mounts:\n    keyring_bootstrap:\n      keyring_bootstrap:\n        volumeMounts:\n          xxx\n        volumes:\n          - name:\n            hostPath:\n              path: /opt/platform/.keyring/\n\n\nI think of keyring can only be accessed on active controller as it\u0027s in drbd. Is there a way to make bootstrap pod be launched on active controller? If not, this way won\u0027t work:(","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"3f50a56b8ab1afe0f42b97f58844be48966f4de6","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"1f621f24_394e036f","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"3f65232a_bdf97181","updated":"2020-11-04 15:50:38.000000000","message":"Shuicheng. Please take a look at:\nopenstack-armada-app/python-k8sapp-openstack/k8sapp_openstack/k8sapp_openstack/helm/openstack.py\nThis file is creating passwords and storing them in keyring. You should be able to do the same thing for the new stx_admin password. The platform puppet plugins that need this password can retrieve the password from keyring.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28415,"name":"Lin Shuicheng","email":"shuicheng.lin@intel.com","username":"slin14"},"change_message_id":"a03ca9444a4ebe9d9d140066cfc5f1408e924916","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"3f65232a_81fa843f","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"5f681702_1707ef1e","updated":"2020-10-23 01:59:10.000000000","message":"Hi Angie, there is no keyring client in the keystone bootstrap container. Could you share me how to write stx_admin\u0027s password to host keyring(/opt/platform/.keyring)?\nThanks.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28435,"name":"Angie Wang","email":"angie.wang@windriver.com","username":"angiewang"},"change_message_id":"e860701d8ec523aaa784c0fc99cff26cfd9b1285","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"5f681702_b4cb9970","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"5f681702_449a58c5","updated":"2020-10-16 20:29:21.000000000","message":"My understanding is we assume that users are not going to change the new keystone account stx_admin password? Otherwise, we will still have the same issue.\n\nThe stx_admin user/password creation in keyring can be easily done in helm plugins and ideally, the new keystone stx_admin account should be created in keystone helm chart. Keystone bootstrap pod runs a script to set additional roles after keystone api is up and admin role/project is created. I am thinking to add the creation of the new account there, but the tricky part would be getting the stx_admin password in keystone chart. Ideally, we could have the stx_admin auth identity generated in the keystone override file like admin account. But with the current keystone helm chart and helm-toolkit structure, keystone chart won\u0027t be able to have the knowledge of stx_admin.\nIt\u0027s definitely not straightforward to change the templates to make it work.\n\nThe simplest way would be to always using the admin password for the stx_admin password and then in keystone bootstrap, we can have \"openstack user create --password ${OS_PASSWORD} stx_admin\" to create the new account. The OS_PASSWORD is actually getting from keystone overrides\n\nidentity:\n  auth:\n    admin:\n      password: xxx\n\nWe don\u0027t even need to store stx_admin in keyring. The way will have the same result as the current patch.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28435,"name":"Angie Wang","email":"angie.wang@windriver.com","username":"angiewang"},"change_message_id":"926a2e9eb6271034e5f9f1f62a13c259be0cd173","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"5f681702_1707ef1e","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"5f681702_77af4394","updated":"2020-10-17 03:53:41.000000000","message":"Hi Bart, yes, we cannot use admin password for stx_admin. I thought we get the admin password and store it in VIM config file. But looks like we don\u0027t put it in config file and VIM gets it from keyring each time.\nIt‘s just occurred to me that we should be able to mount the host keyring(/opt/platform/.keyring) to the bootstrap container which can be done via the overrides, so bootstrap script can create stx_admin password in its keyring and the data will apply to the host keyring as well.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"a832e98373578bdf1ec2a1423a88adfba7e932bc","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"5f681702_77af4394","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"5f681702_b4cb9970","updated":"2020-10-16 23:48:23.000000000","message":"Hey Angie - you are right that the password for the stx_admin account will never change. But I don\u0027t think we can use the admin password because:\n1. The VIM needs to get the password for the stx_admin account (from keyring).\n2. If the VIM uses the admin password from keyring, it will break as soon as the admin password is changed.\n\nSo if the stx-openstack keystone helm chart creates the stx_admin account, why can\u0027t it generate a password and store it in keyring?","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":14174,"name":"Bart Wensley","email":"bartwensley@hotmail.com","username":"bartwensley"},"change_message_id":"56ed0f07f24fc26287ab5f764aa1b97552d66534","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"5f681702_449a58c5","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"9f560f44_6c124363","updated":"2020-10-16 12:36:24.000000000","message":"I would like some input from Bob and Angie, but can\u0027t the new user and password be created by the stx-openstack app? I see that the helm plugins in the stx-openstack app are already creating passwords and storing in keyring so why is this any different?","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"},{"author":{"_account_id":28415,"name":"Lin Shuicheng","email":"shuicheng.lin@intel.com","username":"slin14"},"change_message_id":"144e1f7cd011981935a74975c8c6169bc3b2bd1c","unresolved":false,"context_lines":[{"line_number":11329,"context_line":"            # apply any runtime configurations that are needed for"},{"line_number":11330,"context_line":"            # stx_openstack application"},{"line_number":11331,"context_line":"            self._update_config_for_stx_openstack(context)"},{"line_number":11332,"context_line":"            self._openstack.create_stx_admin_account_in_openstack_app()"},{"line_number":11333,"context_line":"            self._update_pciirqaffinity_config(context)"},{"line_number":11334,"context_line":""},{"line_number":11335,"context_line":"            # The radosgw chart may have been enabled/disabled. Regardless of"}],"source_content_type":"text/x-python","patch_set":4,"id":"9f560f44_6c124363","line":11332,"range":{"start_line":11332,"start_character":12,"end_line":11332,"end_character":71},"in_reply_to":"9f560f44_75cec42d","updated":"2020-10-09 01:23:04.000000000","message":"The account could be created by stx-openstack app, but as sysinv cannot get the password, so sysinv still need to update password here. This is why I create account + set password here. We could split the code to be 2 patches:\n1. Do account creation at stx-openstack app.\n2. Do account password update here.\nWhat is your suggestion? Thanks.","commit_id":"507dbf451779b0f4a77d7cdc45d5991a1eb2d910"}]}