Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
John Doe
@kTipSSIoYv
Yea
This is how it works right now - Only way a child tenant can see parent tenant service catlog is that - parent tenant service catalog (ownership) should be part of a group and the user of child tenant should also be part of that group.
image.png
Joe Rafaniello
@jrafanie
Interesting. I'm not sure why it's being filtered out. I'll take a look
Joe Rafaniello
@jrafanie
@kTipSSIoYv I'm not able to reproduce it in a unit test. Meaning: users in groups in child tenants see ancestor tenants' service templates (service catalog items). How easy is it to recreate it from a blank database? I'm not sure what page you're looking at has it filtered.
John Doe
@kTipSSIoYv
@jrafanie In your test case, is the service template part of a different group and the child tenant isn't part of that group and yet the child tenant can see ancestor tenant service catlog?
Is there a way you can share the user groups screenshot and the ancestor catalog ownership screenshot?
just want to verify with my settings
John Doe
@kTipSSIoYv
@jrafanie It seems like it doesn't work in docker version (lasker) but works when I try github version of manageiq
I verified filterer.rb is the same in docker version
any idea what the bug could be so I can patch it as a workaround for docker version? We cannot use github version at this moment but we'll migrate to github version in the future
John Doe
@kTipSSIoYv
@jrafanie one more thing to note is that child tenant service catalog is visible to parent tenant though
John Doe
@kTipSSIoYv
@jrafanie It seems like docker version (lasker) doesn't read filterer.rb at all. I changed the 'ServiceTemplateCatalog' => nil, or change it to 'ServiceTemplateCatalog' => descendant_ids but no changes takes place (parent tenant can still see child catalogs - if set to nil it should be tenant only)
John Doe
@kTipSSIoYv
@Fryguy Is there a example or documentation that shows how to implement events? I want to try and test event triggering for AWS provisioning
John Doe
@kTipSSIoYv
ManageIQ/manageiq#21844
John Doe
@kTipSSIoYv
@Fryguy One more question about logs.. When you order a service catalog, we can only check the requests. In order to view the logs or errors we have to login to to docker container and check the /var/www/miq/vmdb/log/automation.log. Is there a way to display the complete automation log for each service catalog request?
I want to view the automation logs for each service request in the UI
image.png
John Doe
@kTipSSIoYv
@Fryguy @jrafanie any update about my questions?
I've been trying to find out why manageiq docker version isn't reading the filterer.rb
We are planning to migrate to github version soon
Jason Frey
@Fryguy
I've asked @jrafanie to look at it in ManageIQ/manageiq#21844 but he hasn't has a chance yet
with respect to the logs, that's an open issue for podified which is hard to solve, unfortunately. See ManageIQ/manageiq#21188
basically, the current recommendation for podified is you should be using a log aggregation stack anyway with kubernetes/openshift like EFK. All of our pod logs write to STDOUT in JSON format, so they are easily parseable by elastic and searchable in kibana (or whatever log aggregation stack you use)
Joe Rafaniello
@jrafanie

@jrafanie It seems like docker version (lasker) doesn't read filterer.rb at all. I changed the 'ServiceTemplateCatalog' => nil, or change it to 'ServiceTemplateCatalog' => descendant_ids but no changes takes place (parent tenant can still see child catalogs - if set to nil it should be tenant only)

I ported my test to lasker and it still passes: service template (catalog item) owned by a group in a parent tenant can be seen by a user in a group in a subtenant. The opposite isn't true: a service template owned by a group in a subtenant cannot be seen by a user in a group in an ancestor tenant. This is how is should work. Can you give me guidance on how to see what you're seeing @kTipSSIoYv ? I'm not sure where you're seeing this behavior.

John Doe
@kTipSSIoYv
@jrafanie I've added screenshots to show the issue in the github issue. ManageIQ/manageiq#21844 Can you check that and see if there is any issue?
I've tested the same setup in github morpy version and it works as expected.
John Doe
@kTipSSIoYv
@Fryguy What about event triggering? Any example or documentation for AWS
John Doe
@kTipSSIoYv

@Fryguy @jrafanie I have this code to display AWX Tower IDs

repo = $evm.vmdb(:ManageIQ_Providers_AnsibleTower_AutomationManager_ConfigurationScript).all.each do |repo|
dialog_hash[repo.id] = repo.name
end

I want to include ManageIQ_Providers_AnsibleTower_AutomationManager_ConfigurationWorkflow along with ManageIQ_Providers_AnsibleTower_AutomationManager_ConfigurationScript.. Is it possible?

John Doe
@kTipSSIoYv

@Fryguy I've figured out that part.. It appends to the existing hash when I try the following..

repo = $evm.vmdb(:ManageIQ_Providers_AnsibleTower_AutomationManager_ConfigurationScript).all.each do |repo|
dialog_hash[repo.id] = repo.name
end

repo = $evm.vmdb(:ManageIQ_Providers_AnsibleTower_AutomationManager_ConfigurationWorkflow).all.each do |repo|
dialog_hash[repo.id] = repo.name
end

trestlo
@trestlo

Hello everyone! I'm trying to install fluentd on a machine that has manageiq installed but when attempting to install I'm getting a lot of rpm conflicts with manageiq-gemset. Has anyone had this issue or found a workaround that won't hurt either fluentd or manageiq?

fluentd version: td-agent-4.3.0-1.el8.x86_64
manageiq-gemset version: manageiq-gemset-13.1.0-1.el8.x86_64

The actual error message is below:
"Unknown Error occured: Transaction test error:
file /usr/lib/.build-id/3a/a6377e3b490d35f6b2e13af2a0a487992a4d7b from install of td-agent-4.3.0-1.el8.x86_64 conflicts with file from package manageiq-gemset-13.1.0-1.el8.x86_64

file /usr/lib/.build-id/6b/074ebdad7c55f515e55faf0c859d96ce823c74 from install of td-agent-4.3.0-1.el8.x86_64 conflicts with file from package manageiq-gemset-13.1.0-1.el8.x86_64

file /usr/lib/.build-id/7b/152f6fd3336942261a5c46bb46cf1355c8368f from install of td-agent-4.3.0-1.el8.x86_64 conflicts with file from package manageiq-gemset-13.1.0-1.el8.x86_64

file /usr/lib/.build-id/86/47df0ea0bafe7bd29ac2c12584acdb9addb147 from install of td-agent-4.3.0-1.el8.x86_64 conflicts with file from package manageiq-gemset-13.1.0-1.el8.x86_64"

Jason Frey
@Fryguy
fluentd and manageiq are both written in Ruby, so not surprising there might be conflicts
though I wouldn't have expected it at install time
trestlo
@trestlo
Yeah I guess I'm not completely surprised about this but I'm struggling to find a good way to have both without one of them later on hitting issues
My first assumption was versioning but they still shouldn't be so upset with each other
Jason Frey
@Fryguy
that /usr/lib/.build-id is not very descriptive :laughing:
looking around can you do the following:
rpm -qlvp td-agent-4.3.0-1.el8.x86_64 | grep a6377e3b490d35f6b2e13af2a0a487992a4d7b
rpm -qlvp manageiq-gemset-13.1.0-1.el8.x86_64 | grep a6377e3b490d35f6b2e13af2a0a487992a4d7b
then do that for each conflicting hash
trestlo
@trestlo

Thank you! For each one it shows the different locations for the conflicting package (had to run manageiq-gemset ones without -p as it was already installed)

I'm sorry but maybe I'm missing something. With these conflicting files would it be safe to remove the manageiq one/force install the rpm as they're the same version of the gem files?

/usr/lib/.build-id/3a/a6377e3b490d35f6b2e13af2a0a487992a4d7b -> ../../../../opt/td-agent/lib/ruby/gems/2.7.0/gems/nokogiri-1.12.5-x86_64-linux/lib/nokogiri/2.6/nokogiri.so

/usr/lib/.build-id/3a/a6377e3b490d35f6b2e13af2a0a487992a4d7b -> ../../../../opt/manageiq/manageiq-gemset/gems/nokogiri-1.12.5-x86_64-linux/lib/nokogiri/2.6/nokogiri.so

Jason Frey
@Fryguy
It is probably ok to force install as long as each of them remain on disk
trestlo
@trestlo
Thank you so much!
Aurelio Pineiro
@leo.pineiro_gitlab

Hello!

I have some VMs that have ManageIQ already initialized and we wanted to see if there was an easy way to un-init either by way of script or anything else that someone might know of. I was pointed to this erb file: base.ks.erb, but before we decide to attempt to create our own un-init script that goes in reverse of this I wanted to see if someone may have either seen or made something similar or if there is a util that can be used.

Thanks!

Adam Grare
@agrare
hey @leo.pineiro_gitlab what are you trying to 'un-init'? If it is automatically setting up a region and an internal database that is done by https://github.com/ManageIQ/manageiq-appliance/blob/master/COPY/usr/bin/manageiq-initialize.sh
so if you wanted to not run that, for now I'd recommend either mounting up the appliance volume or booting into single-user-mode and commenting that out or disabling the https://github.com/ManageIQ/manageiq-appliance/blob/master/COPY/usr/lib/systemd/system/manageiq-initialize.service service
Aurelio Pineiro
@leo.pineiro_gitlab
Thank you for these. So we want to undo the config and machine changes made during the manageiq-initialize.sh (and subsequently in the service). The problem is we have a template set up that has already had these run on it and we want to go back to the base template with ManageIQ installed but before manageiq-initialize.sh if possible
Adam Grare
@agrare
for the message-server-config line there is a --message-server-unconfig that you can use to undo everything
for the first line there, --key you can just delete the /var/www/miq/vmdb/certs/v2_key
and I'm sure there is more to it than this, but if you delete /var/lib/pgsql/* and probably /var/www/miq/vmdb/config/database.yml that will go a long way towards un-config of the internal database and region
Aurelio Pineiro
@leo.pineiro_gitlab
Awesome thank you so much!
Danish A.
@danish-a1

Hi Guys,

I need to migrate runing ManageIQ Jansa-1 from Centos to REHL; what precaution and procedure I should follow.