[openstack][magnum] user who created cluster was deleted from keystone
Hello. I have a case: What will we do if the user who created the cluster was deleted from the keystone? In this case, we cannot add or remove node groups or use autoscale and autoheal. I tried to create a new application credential and patch my cluster. Then I can add or remove node groups but new node groups cannot join the cluster(nodes not ready) Thank you. Regards Nguyen Huu Khoi
I think the biggest issue here is the fact that keystone doesn’t have a service account or something like that. Application credentials are tied to a user unfortunately, trusts are the same. There's no way for a user to create a user for the cluster. I guess in the CAPI world if we have admin access we can create a user for the cluster in the project but that probably has its own set of problems. Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> Sent: Thursday, December 19, 2024 7:40:31 PM To: OpenStack Discuss <openstack-discuss@lists.openstack.org> Subject: [openstack][magnum] user who created cluster was deleted from keystone Hello. I have a case: What will we do if the user who created the cluster was deleted from the keystone? In this case, we cannot add or remove node groups or use autoscale and autoheal. I tried to create a new application credential and patch my cluster. Then I can add or remove node groups but new node groups cannot join the cluster(nodes not ready) Thank you. Regards Nguyen Huu Khoi
I agree with you. I tried your guide(patch clouds.yaml) and have its own set of problems. Could you share with me an experience with customers? I plan to use a local account, don't use openid to create clusters or recreate a cluster then remap volume so not good at all. Nguyen Huu Khoi On Fri, Dec 20, 2024 at 7:45 AM Mohammed Naser <mnaser@vexxhost.com> wrote:
I think the biggest issue here is the fact that keystone doesn’t have a service account or something like that.
Application credentials are tied to a user unfortunately, trusts are the same. There's no way for a user to create a user for the cluster.
I guess in the CAPI world if we have admin access we can create a user for the cluster in the project but that probably has its own set of problems.
Get Outlook for iOS <https://aka.ms/o0ukef> ------------------------------ *From:* Nguyễn Hữu Khôi <nguyenhuukhoinw@gmail.com> *Sent:* Thursday, December 19, 2024 7:40:31 PM *To:* OpenStack Discuss <openstack-discuss@lists.openstack.org> *Subject:* [openstack][magnum] user who created cluster was deleted from keystone
Hello. I have a case: What will we do if the user who created the cluster was deleted from the keystone? In this case, we cannot add or remove node groups or use autoscale and autoheal. I tried to create a new application credential and patch my cluster. Then I can add or remove node groups but new node groups cannot join the cluster(nodes not ready) Thank you. Regards Nguyen Huu Khoi
participants (2)
-
Mohammed Naser
-
Nguyễn Hữu Khôi