On 24/4/2024 10:04 pm, Satish Patel wrote:
On Wed, Apr 24, 2024 at 7:36 AM Satish Patel <satish.txt@gmail.com <mailto:satish.txt@gmail.com>> wrote:
Yes, user1 created this cluster. I am user1 and I did it myself. How do I check the user_id of the cluster? I am not able to see cluster status.
It's returned by the API but not show in the table. You can see it if you do a `openstack --debug coe cluster show user1`. Alternatively, look in the DB, magnum.cluster.user_id Also may help if you dump the output of `openstack role assignment list` for user1.
Funny thing is I deployed 2023.1 last year in another place where everything is working. I am able to create a cluster and retrieve certificates etc.. even I didn't add any users in the reader role. Seems this is something new added recently and not documented anywhere except policy file.
Your old cluster is 2023.1 and new cluster is 2023.1? I took a look at stable/2023.1, we didn't backport much patches with policy. Can you elaborate on "something new added recently"?
In the new setup I have integrated keystone with LDAP (only for username/password auth not for assignment etc.)
Maybe this might be it, but I'm not familiar with LDAP setup so can't help you there. You may want to redeploy same version of Magnum but without the LDAP integration to rule out code or config differences. HTH, Jake